Thursday, July 12, 2018

Updated the firmware of my TP-Link RE450 AC1750 WiFi range extender to Build 20171215 Rel. 55534

I just discovered that there is a new version of firmware released on 15 December 2017 and made available for download on 22 December 2017 for my TP-Link RE450 AC1750 WiFi range extender. I should have discovered this earlier!

This is an important firmware update, because it includes the security bug fix for the WPA2 Security (KRACKs) Vulnerability.

Other enhancements and bug fixes in this version of firmware include:

  • Improved online detection method and reduced unnecessary data traffic.
  • Improved the system stability and wireless stability.
  • Fixed the wireless compatibility with Volvo cars.
  • Fixed the wireless compatibility with some wireless network card.
You can download the new firmware update file from TP-Link official website, under the Support > Firmware section.

To update the firmware, unzip the downloaded file, and upload it to your RE450 WiFi range extender by login into the device, and go to System Tools > Firmware Upgrade section.

Your existing configuration in the RE450 will still remain after this firmware update.

After the update, you will see the firmware version changed to 1.0.0 Build 20171215 Rel. 55534.


Wednesday, July 11, 2018

Insecurity in the Internet of Things (IoT)

The Open Web Application Security Project’s (OWASP) List of Top 10 Internet of Things (IoT)Vulnerabilities sums up most of the concerns and attack vectors surrounding the IoT category of devices as below:
  • Insecure web interface
  • Insufficient authentication/authorization
  • Insecure network services
  • Lack of transport encryption
  • Privacy concerns
  • Insecure cloud interface
  • Insecure mobile interface
  • Insufficient security configurability
  • Insecure software/firmware
  • Poor physical security

During a research by Symantec in 2015, they found issues such as the following:
  • Around 19% of all tested mobile apps that are used to control IoT devices did not use Secure Socket Layer (SSL) connections to the cloud
  • None of the analyzed devices provided mutual authentication between the client and the server
  • Some devices offered no enforcement and often no possibility of strong passwords
  • Some IoT cloud interfaces did not support two-factor authentication (2FA)
  • Many IoT services did not have lock-out or delaying measures to protect users’ accounts against brute-force attacks
  • Some devices did not implement protections against account harvesting
  • Many of the IoT cloud platforms included common web application vulnerabilities
  • 10 security issues were found in 15 web portals used to control IoT devices without performing any deep tests. 6 of them were serious issues, allowing unauthorized access to the backend systems.
  • Most of the IoT services did not provide signed or encrypted firmware updates, if updates were provided at all
 
The above information is excerpted from a Symantec white paper regarding the Insecurity in the IoT.
 
 
 

Tuesday, July 10, 2018

My electronic UV light mosquito trap

There has been increased dengue fever cases in my residential area. As a preventive measure, I have bought some electronic ultraviolet light mosquito traps to capture the mosquitoes found in my house.


The body of this mosquito trap is mostly made by plastic, which might be the reason for its cheap price selling at around RM25 only. Anyhow, as long as it works, I am happy with it.

The most important parts of this mosquito trap are its 6 LED lights on top which emit purplish visible light and ultraviolet light which function to attract the mosquitoes to fly to it, and a small fan to suck the mosquitoes down into the trapping chamber.

As you can see from the photo, the trapping chamber can be opened up like a drawer, and you can inspect the amount of insects trapped and died inside, wash it and put it back to the device.

Its fan will generate some noise during operation, not very loud, but still audible at close distance, especially during quiet time. It's suction is not very powerful, so probably can only able to suck in the mosquitoes which flied very near to it, and might not be strong enough to suck in larger insects such as flies, cockroaches, etc.

Now, this question is, does it really work? I used it for 1 night and really can find dead mosquito in the trap. There isn't much mosquito in my house all the while though.


So, it really works! It might not be as effective as those models that use electrocute to kill the insects, but at this price I think is a worth.


Hint: Click on the "Older Posts" link to continue reading, or click here for a listing of all my past 3 months articles.