Connect with us

Cars

Germany proposes router security guidelines

Published

on

The German government published at the start of the month an initial draft for rules on securing Small Office and Home Office (SOHO) routers.

Published by the German Federal Office for Information Security (BSI), the rules have been put together with input from router vendors, German telecoms, and the German hardware community.

Once approved, router manufacturers don’t have to abide by these requirements, but if they do, they can use a special sticker on their products showing their compliance.

Also: Cheat sheet: How to become a cybersecurity pro TechRepublic

The 22-page document, available in English here, lists tens of recommendations and rules for various router functions and features. We possibly couldn’t list all rules for this article, since some are really technical, but we selected a few of a greater importance:

  • Only DNS, HTTP, HTTPS, DHCP, DHCPv6, and ICMPv6 services should be available on the LAN and WiFi interface.
  • If the router has a guest WiFi mode, this mode must not allow access to the router’s configuration panel.
  • The Extended Service Set Identifier (ESSID) should not contain information that is derived from the router itself (such as the vendor name or router model).
  • The router must support the WPA2 protocol, and use it by default.
  • WiFi passwords should have a length of 20 digits or more.
  • WiFi passwords must not contain information derived from the router itself (vendor, model, MAC, etc.).
  • The router must allow any authenticated user to change this password.
  • The procedure of changing the WiFi password should not show a password strength meter or force users to use special characters.
  • After setup, the router must restrict access to the WAN interface, with the exception of a few services, such as (CWMP) TR-069, SIP, SIPS, and ICMPv6.
  • Routers must make CWMP available only if the ISP controls the router’s configuration from a remote, central location.
  • Password for the router’s configuration/admin panel must have at least 8 characters and must have a complex setup involving two of the following: uppercase letters, lowercase letters, special characters, numbers.
  • Just like WiFi passwords, admin panel passwords must not contain router-related information (vendor, model, MAC, etc.).
  • The router must allow the user to change this default admin panel password.
  • Password-based authentication MUST be protected against brute force attacks.
  • Routers must not ship with undocumented (backdoor) accounts.
  • In its default state, access to the admin panel must only be allowed via the LAN or WiFi interfaces.
  • If the router vendor wants to expose the admin panel via WAN, it must use TLS.
  • The end-user should be able to configure the port to be used for access to the configuration via the WAN interface.
  • The router admin panel must show the firmware version.
  • The router must users about an out-of-date or end-of-life firmware.
  • The router must keep and display a last login log.
  • The router must show the status and rules of any local firewall service.
  • The router must list all active services per each interface (LAN/WAN/WiFi).
  • Routers must include a way to perform factory resets.
  • The routers must support DHCP over LAN and WiFi.

These are just some of the BSI recommendations, and you’ll find more in the above-linked document.

The reason why Germany is taking steps to standardize router security has something to do with an incident that took place at the end of 2016 when a British hacker known as “BestBuy” attempted to hijack Deutsche Telekom routers, but bungled a firmware update and crashed nearly a million routers across Germany.

The BSI’s efforts to regulate SOHO routers haven’t pleased all parties involved. In a blog post last week, the Chaos Computer Club (CCC), a well-known community of German hackers, has criticized the first draft of these recommendations, calling them “a farce.”

CCC said it attended the BSI meetings on this topic together with members of OpenWrt, a software project that provides open-source firmware for SOHO routers, and they say telecom lobby groups have put considerable effort into sabotaging the rules as a whole.

The two groups raised two issues that they say were not included in the BSI recommendations, rules that were of crucial importance.

Also: The best facial recognition cameras you can buy today CNET

One was that all routers should come with an expiration date for the firmware that must be visible to users before they purchase the device. Second, after the vendor stops supporting a model’s firmware, vendors should allow users to install custom firmware on abandoned and EOL devices.

Talks on the BSI rules are expected to continue. In October, the state of California passed state legislation that established a strict set of rules for passwords used by Internet-connected (IoT) devices, marking this the first IoT-specific regulation in the world. While Germany isn’t passing official laws, it will become the first country that tries to pass any kind of router-specific guidelines.

Related security coverage:

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published.

Cars

Today’s Wordle Answer #472 – October 4, 2022 Solution And Hints

Published

on

The answer to today’s Wordle puzzle (#472 – October 4, 2022) is bough, which is what you call a branch, especially the main branch, of a tree. The word bough has roots (no pun intended) in the Old English word “bōg,” which means shoulder, similar to Old High German’s “buog,” which means the same thing (via Etymonline). There’s a popular Roman myth about the Golden Bough, which is a tree branch with golden leaves that enabled the trojan hero Aeneas to travel safely through the land of the dead. 

We solved the puzzle in three tries today, kicking things off with an expert-endorsed starter word, slate. We tried the word brush next, which turned out to be a really lucky guess with three green tiles. The answer was apparent by the third guess, and since we also solved the puzzle in three guesses yesterday, that begins a three-try streak that we hope we can continue tomorrow!

Continue Reading

Cars

How To Display iPhone 14 Pro’s Dynamic Island On Any Android Device

Published

on

You can also choose whether to display the cutout at the center of the display (for hole-punch cameras on the center of the display) or on the left for cameras placed in the corner. Remember that as you increase or decrease the cutout size, the icons shown in it will also scale to match. Thankfully, the app gives you a preview of the cutout when you are changing the settings.

You can also modify gestures such as single tap or long press. Dynamic Spot also allows you to change the default time, after which the pop-up automatically disappears. Additionally, you can fiddle with a lot of appearance-related settings, such as the animation when the Dynamic Island clone pops up or unfolds.

Just as on the iPhone 14 Pro, the Dynamic Spot on your Android app will show the app icon when a new notification arrives. You may selectively choose which apps display the notifications or allow all apps of them. You can also tap on the app’s icon to open the notification or long-press the icon to preview the notification.

Continue Reading

Cars

The 10 Wildest Features Of The Mercedes Maybach Off-Roader

Published

on

Sustainability is a word on every car manufacturer’s radar right now, with more focus being given to the idea of eco-friendly vehicles than ever before. The Off-Roader plays into that theme by featuring a prominent set of solar panels mounted on its hood, which could be used to generate power to extend the range of the car. It’s worth pointing out that this is all hypothetical, as the show car is non-functional, and has no drivetrain. Mercedes is keen to stress, though, that if the car did have a drivetrain, it would be all-electric, although no detail is given on the power or range that would be available to drivers.

The solar panels are interwoven with yet more Maybach logos, and their tinted finish makes them blend in almost seamlessly with the rest of the hood. It’s been pointed out by industry analysts that adding solar panels to cars is not always as environmentally friendly as it might seem, as the panels are only able to generate a very small amount of power. That power can easily be consumed by the added A/C strain caused by parking a car out in the sun all day to charge it. Car-mounted solar panels might be a flawed idea in practice, but even so, it’s interesting to see how Abloh was able to inconspicuously add them in without compromising the overall look of the car.

Continue Reading

Trending