Thursday, July 12, 2018

Updated the firmware of my TP-Link RE450 AC1750 WiFi range extender to Build 20171215 Rel. 55534

I just discovered that there is a new version of firmware released on 15 December 2017 and made available for download on 22 December 2017 for my TP-Link RE450 AC1750 WiFi range extender. I should have discovered this earlier!

This is an important firmware update, because it includes the security bug fix for the WPA2 Security (KRACKs) Vulnerability.

Other enhancements and bug fixes in this version of firmware include:
  • Improved online detection method and reduced unnecessary data traffic.
  • Improved the system stability and wireless stability.
  • Fixed the wireless compatibility with Volvo cars.
  • Fixed the wireless compatibility with some wireless network card.
You can download the new firmware update file from TP-Link official website, under the Support > Firmware section.

To update the firmware, unzip the downloaded file, and upload it to your RE450 WiFi range extender by login into the device, and go to System Tools > Firmware Upgrade section.

Your existing configuration in the RE450 will still remain after this firmware update.

After the update, you will see the firmware version changed to 1.0.0 Build 20171215 Rel. 55534.


Wednesday, July 11, 2018

Insecurity in the Internet of Things (IoT)

The Open Web Application Security Project’s (OWASP) List of Top 10 Internet of Things (IoT)Vulnerabilities sums up most of the concerns and attack vectors surrounding the IoT category of devices as below:
  • Insecure web interface
  • Insufficient authentication/authorization
  • Insecure network services
  • Lack of transport encryption
  • Privacy concerns
  • Insecure cloud interface
  • Insecure mobile interface
  • Insufficient security configurability
  • Insecure software/firmware
  • Poor physical security

During a research by Symantec in 2015, they found issues such as the following:
  • Around 19% of all tested mobile apps that are used to control IoT devices did not use Secure Socket Layer (SSL) connections to the cloud
  • None of the analyzed devices provided mutual authentication between the client and the server
  • Some devices offered no enforcement and often no possibility of strong passwords
  • Some IoT cloud interfaces did not support two-factor authentication (2FA)
  • Many IoT services did not have lock-out or delaying measures to protect users’ accounts against brute-force attacks
  • Some devices did not implement protections against account harvesting
  • Many of the IoT cloud platforms included common web application vulnerabilities
  • 10 security issues were found in 15 web portals used to control IoT devices without performing any deep tests. 6 of them were serious issues, allowing unauthorized access to the backend systems.
  • Most of the IoT services did not provide signed or encrypted firmware updates, if updates were provided at all
 
The above information is excerpted from a Symantec white paper regarding the Insecurity in the IoT.
 
 
 

Tuesday, July 10, 2018

My electronic UV light mosquito trap

There has been increased dengue fever cases in my residential area. As a preventive measure, I have bought some electronic ultraviolet light mosquito traps to capture the mosquitoes found in my house.


The body of this mosquito trap is mostly made by plastic, which might be the reason for its cheap price selling at around RM25 only. Anyhow, as long as it works, I am happy with it.

The most important parts of this mosquito trap are its 6 LED lights on top which emit purplish visible light and ultraviolet light which function to attract the mosquitoes to fly to it, and a small fan to suck the mosquitoes down into the trapping chamber.

As you can see from the photo, the trapping chamber can be opened up like a drawer, and you can inspect the amount of insects trapped and died inside, wash it and put it back to the device.

Its fan will generate some noise during operation, not very loud, but still audible at close distance, especially during quiet time. It's suction is not very powerful, so probably can only able to suck in the mosquitoes which flied very near to it, and might not be strong enough to suck in larger insects such as flies, cockroaches, etc.

Now, this question is, does it really work? I really can find dead mosquitoes in the trap. There isn't much mosquito in my house all the while though.



So, it really works! It might not be as effective as those models that use electrocute to kill the insects, but at this price I think is a worth.


Friday, July 6, 2018

ADcase the handphone case with special dampers that can save the phone from dropping damage

ADcase (active damping case) is a very innovative handphone case invented by a German engineering student called Philip Frenzel. It has just won an award from German Mechatronics Society.


The phone case has special shock-absorbers made with metal springs at its 4 corners. In normal situation, the shock-absorbers are hiding inside the case, and the case just looks like other normal handphone cases.

When sensors inside the case detected that the phone is on free fall dropping, it will immediately unfold the metal springs before hitting the ground. In this way, it can effectively protect the phone from damage due to dropping.

After the falling, the dampers can be manually folded back into the case and are therefore reusable.

You can watch the video below to see how ADcase reacts when the phone is dropping.



Very brilliant idea, isn't it?

Thursday, July 5, 2018

WiFi Alliance introduced WiFi Certified WPA3 to replace current WPA2 security standard

WiFi Alliance has just introduced WiFi CERTIFIED WPA3 (Wi-Fi Protected Access version 3) as the next generation WiFi security standard, bringing new capabilities to enhance WiFi protections in both personal and enterprise wireless networks.


Key capabilities of WPA3 include:
  • WPA3-Personal: more resilient, password-based authentication even when users choose passwords that is simple to remember. WPA3 will leverage on Simultaneous Authentication of Equals (SAE), which is a secure key establishment protocol between devices, to provide stronger protections for users against password guessing attempts by third parties.
  • WPA3-Enterprise: offers the equivalent of 192-bit cryptographic strength, providing additional protections for networks transmitting sensitive data, such as government or finance. The 192-bit security suite ensures a consistent combination of cryptographic tools are deployed across WPA3 networks.
With the evolution of WiFi security from current WPA2 to WPA3, we can expect:
  • WiFi password to be a lot more difficult to crack.
  • WiFi CERTIFIED Easy Connect - IoT devices can connect to WiFi network more easily.
  • WiFi data sniffed and recorded without knowing your password will not be able to decrypt even if your password is obtained later.
  • WiFi CERTIFIED Enhanced Open - communication in open connection (WiFi connection without the need of any password) will also be encrypted, therefore much more secured than WPA2 open connection. In current WPA2, if the WiFi is connected using open connection without the need of password, the communication between the WiFi connected device and access point is not encrypted.
  • Stronger WiFi encryption by replacing the existing PSK (Pre-Shared Key) system in WPA2 with the new SAE system.
Anyhow, in order to enjoy the benefits of using WiFi WPA3, both the access point (or wireless router) and the connecting device must support this new WiFi security standard. Devices that support WPA3 will probably hitting the market from year 2019 onwards and gradually replacing the existing which only support up to WPA2.