Connect with us


Germany proposes router security guidelines



The German government published at the start of the month an initial draft for rules on securing Small Office and Home Office (SOHO) routers.

Published by the German Federal Office for Information Security (BSI), the rules have been put together with input from router vendors, German telecoms, and the German hardware community.

Once approved, router manufacturers don’t have to abide by these requirements, but if they do, they can use a special sticker on their products showing their compliance.

Also: Cheat sheet: How to become a cybersecurity pro TechRepublic

The 22-page document, available in English here, lists tens of recommendations and rules for various router functions and features. We possibly couldn’t list all rules for this article, since some are really technical, but we selected a few of a greater importance:

  • Only DNS, HTTP, HTTPS, DHCP, DHCPv6, and ICMPv6 services should be available on the LAN and WiFi interface.
  • If the router has a guest WiFi mode, this mode must not allow access to the router’s configuration panel.
  • The Extended Service Set Identifier (ESSID) should not contain information that is derived from the router itself (such as the vendor name or router model).
  • The router must support the WPA2 protocol, and use it by default.
  • WiFi passwords should have a length of 20 digits or more.
  • WiFi passwords must not contain information derived from the router itself (vendor, model, MAC, etc.).
  • The router must allow any authenticated user to change this password.
  • The procedure of changing the WiFi password should not show a password strength meter or force users to use special characters.
  • After setup, the router must restrict access to the WAN interface, with the exception of a few services, such as (CWMP) TR-069, SIP, SIPS, and ICMPv6.
  • Routers must make CWMP available only if the ISP controls the router’s configuration from a remote, central location.
  • Password for the router’s configuration/admin panel must have at least 8 characters and must have a complex setup involving two of the following: uppercase letters, lowercase letters, special characters, numbers.
  • Just like WiFi passwords, admin panel passwords must not contain router-related information (vendor, model, MAC, etc.).
  • The router must allow the user to change this default admin panel password.
  • Password-based authentication MUST be protected against brute force attacks.
  • Routers must not ship with undocumented (backdoor) accounts.
  • In its default state, access to the admin panel must only be allowed via the LAN or WiFi interfaces.
  • If the router vendor wants to expose the admin panel via WAN, it must use TLS.
  • The end-user should be able to configure the port to be used for access to the configuration via the WAN interface.
  • The router admin panel must show the firmware version.
  • The router must users about an out-of-date or end-of-life firmware.
  • The router must keep and display a last login log.
  • The router must show the status and rules of any local firewall service.
  • The router must list all active services per each interface (LAN/WAN/WiFi).
  • Routers must include a way to perform factory resets.
  • The routers must support DHCP over LAN and WiFi.

These are just some of the BSI recommendations, and you’ll find more in the above-linked document.

The reason why Germany is taking steps to standardize router security has something to do with an incident that took place at the end of 2016 when a British hacker known as “BestBuy” attempted to hijack Deutsche Telekom routers, but bungled a firmware update and crashed nearly a million routers across Germany.

The BSI’s efforts to regulate SOHO routers haven’t pleased all parties involved. In a blog post last week, the Chaos Computer Club (CCC), a well-known community of German hackers, has criticized the first draft of these recommendations, calling them “a farce.”

CCC said it attended the BSI meetings on this topic together with members of OpenWrt, a software project that provides open-source firmware for SOHO routers, and they say telecom lobby groups have put considerable effort into sabotaging the rules as a whole.

The two groups raised two issues that they say were not included in the BSI recommendations, rules that were of crucial importance.

Also: The best facial recognition cameras you can buy today CNET

One was that all routers should come with an expiration date for the firmware that must be visible to users before they purchase the device. Second, after the vendor stops supporting a model’s firmware, vendors should allow users to install custom firmware on abandoned and EOL devices.

Talks on the BSI rules are expected to continue. In October, the state of California passed state legislation that established a strict set of rules for passwords used by Internet-connected (IoT) devices, marking this the first IoT-specific regulation in the world. While Germany isn’t passing official laws, it will become the first country that tries to pass any kind of router-specific guidelines.

Related security coverage:

Source link

Continue Reading
Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *


The Cold War Mystery That Remains Unsolved



The USS Scorpion was commissioned on July 29, 1960, and came as a formidable Cold War nuclear-powered vessel. The innovation of the submarine, combined with the high tensions of the time and the constant state of alert brought on by the Cold War, kept the Skipjack active and working almost constantly.

In August 1960, the Scorpion set out to European waters before eventually, in 1961, being transferred to a base in Norfolk, Virginia. The Scorpion kept a standard routine of patrolling the Atlantic coastline and practicing nuclear warfare drills. After a mechanical overhaul lasting from June 1963 to May 1964, the USS Scorpion began patrol of European waters. In 1966, the submarine was sent on an assignment to the Black Sea.

This constant state of patrol meant another overhaul was necessary after the voyage to the Black Sea. However, given the state of the Cold War and the need for submarines to be ready to combat the Soviets at a moment’s notice, the USS Scorpion’s readiness was put above proper maintenance even after years of constant patrol.

Continue Reading


The Feature That You Likely Didn’t Know Your iPhone Camera Had



If you’ve ever wanted to take photos while recording video without having to resort to screen captures of video stills, Apple has something for that in almost all of the new phones it’s released since September 2019. QuickTake is a built-in and easy-to-use feature that lets you record video and snap pictures using the same device, with no need to switch between camera modes or download any additional camera apps.

There’s a small catch, however. While the process is very simple when you know how to turn it on, it may affect the overall quality of your photos. In essence, if your photo settings are adjusted for higher-quality images, those settings won’t carry over to video. And since QuickTake uses video camera sensors rather than the regular ones, there’s not much you can do to change that. Newer iPhone models do support up to 4K video, which could yield better results.

Regardless, whatever your reasons for wanting to take photos while simultaneously recording video with your iPhone may be, it’s a very simple process.

How to use QuickTake

Making use of your iPhone’s QuickTake feature doesn’t require any special setup or settings changes — it’s already part of the default Camera app so long as you’re using iOS 13 or newer.

  1. Open the Camera app and leave it on the default Photo mode. You should see “Photo” highlighted in yellow, just above the Shutter Button.
  2. When you’re ready to record, press and hold the Shutter Button to begin recording video. Recording will stop if you release the Shutter Button.
  3. Slide your finger from the Shutter Button over to the Lock icon in the bottom-right corner of the screen (where the button for swapping between front- and rear-facing cameras normally is).
  4. The Lock icon will change to a small Shutter Button, and the video recording button will change to the regular recording icon. At this point, your iPhone will continue to record video if you remove your finger from the screen.
  5. While your video is recording, tap the small Shutter Button in the bottom-right corner of the screen to take photos.
  6. Tap the recording button (it will look like a Stop button while recording) to stop taking video.

The QuickTake video you’ve recorded and all of the photos you snapped will appear in your Photos app. Due to videos being added to the Photos app once recording stops (rather than when it starts), the new video will appear after your QuickTake photos.

Continue Reading


The Science Behind The Deadly Lake



A buildup of carbon dioxide gas is not uncommon for crater lakes, with many of them occasionally releasing bubbles of it over time. Volcanic activity taking place below the Earth’s surface (and below the lake itself) will cause gasses to seep up through the lakebed and into the water. Something that generally isn’t a concern as deeper, colder water is able to absorb substantial amounts of carbon dioxide, but if the concentration gets too dense it can create bubbles that float up to and burst on the surface of the water.

This in itself is common, and the volume of carbon dioxide usually released in this manner will dissipate into the air quickly. However, it’s theorized that Lake Nyos had been amassing an uncharacteristically large amount of gas due to a combination of factors like location, local climate, overall depth, and water pressure. Once that buildup had been disturbed, it all came rocketing out.

Whether it was due to a rock slide, strong winds, or an unexpected temperature change throwing off the delicate balance is still unknown. But whatever the catalyst was, it caused the lower layer of deep, carbon-infused water to start to rise. Which then began to warm up, reducing its ability to contain the gas. The resulting perpetual cycle of rising waters and gasses creates the type of explosion you might see after opening a carbonated beverage after it’s been shaken vigorously.

Continue Reading