Showing posts with label patch. Show all posts
Showing posts with label patch. Show all posts

The FBI wants you to factory reset your router. Here's how to do it

yowasuphomeboy 9:26 AM   , , , ,  
The VPNFilter malware problem is getting worse. Here's how to safeguard your home network, and a list of the affected models.
d-link-dir-867-6
The list of routers affected by VPNFilter has grown considerably.
Chris Monroe/CNET
Good news, everyone! Remember that FBI reboot-your-router warning in response to Russian malware VPNFilter? Turns out it's worse than originally thought, and a lot more people are going to need to do a lot more than just reboot their routers.
According to a new report from security firm Cisco Talos, the VPNFilter malware is "targeting more makes and models of devices than initially thought, and has additional capabilities, including the ability to deliver exploits to endpoints."
That means if you own one of the affected routers -- and that list has expanded to include models from Asus, D-LinkHuawei, Ubiquiti, Upvel and ZTE -- it's strongly recommended that you perform two key steps: upgrade the firmware and then factory-reset the router.
Ugh. This is going to suck. But we can get through it.

Step 1: Upgrade your router's firmware

In some ways this is the easier step, as it can often be done within the confines of your router's dashboard. Firmware is just the core software that operates the router, and updating it usually involves little more than a download and a few automated router restarts.
Of course, if you've never so much as looked at that dashboard, well, it may be time for a trip to the owner's manual -- or the router manufacturer's online help pages.
Because the firmware-update process varies from one make and model to another, here's a quick, generalized overview -- one that's based on upgrading an Asus WRT router.
Step i: Visit the Asus support site and download the most current firmware for your specific model.
Step ii: Open a browser window, type in 192.168.1.1 and press Enter. This will take you to the router's dashboard page -- but you may need a username and password to gain access. If you never changed the defaults, you should be able to find them in the instruction manual. (Often, the defaults are "admin" and "password," respectively.)
asus-firmware-upgrade-dialog
Updating your router's firmware may involve a screen like this.
Asus
Step iii: Click the Administration button (again, this is just for Asus routers; on other models it might be Configuration or Firmware or the like), then the Firmware Upgrade tab.
Step iv: Click Choose File and locate the firmware file you downloaded in Step 1. Then click Upload to perform the update.
This may take a few minutes, and your router will likely restart at least once during the process. Needless to say, you'll lose all internet connectivity while this is happening.
And, again, this is just one example of the firmware-update process. It's a common one, but the steps may be different for your model. 
Watch this: Russian hackers targeting your router: Here's what to...
1:23 

Step 2: Factory-reset your router

Now for the big hassle. You probably know that you can reboot or reset your router by pulling the power cord for a few seconds and then plugging it back in. But a factory reset is a little different. True to its name, it restores all the settings to their original, factory state, so once it's done, you get to have the fun of setting up your home network again.
Before you get started, make sure to write down the name and password of each Wi-Fi network currently configured on your router. You might have just one; I've seen houses that had five. You'll want to note these so you can recreate them verbatim after the factory reset.
Why is that important? Because if your current "SmithLAN" network becomes "Smith LAN" after the reset (just because you forgot and added a space this time), now you'll have to manually reconnect every device in your house to that "new" network. Hassle city.
The actual reset should be pretty easy. On some Linksys routers, for example, there's a small reset button on the unit itself. You press and hold it for 10 seconds and that's it. Alternately, you may be able to sign into the dashboard and execute the reset from there. In the aforementioned Asus example, in Step 3, you'd click the Restore/Save/Upload tab and then the Restore button.
Again, consult your router manual (or router's website) for the correct factory-reset steps for your model.
Here are links to the support directories for some of the affected routers (the complete list is in the next section): 
When it's done, you'll have to venture into the dashboard and recreate your networks. Thankfully, with your firmware upgraded and any trace of VPNFilter eradicated, you should be safeguarded from future attacks -- of this particular malware, anyway.

Which routers are affected?

Courtesy of Cisco Talos, here's a current list of the models that can be affected by VPNFilter. Those identified as new weren't included in the original report.
Asus
  • RT-AC66U (new)
  • RT-N10 (new)
  • RT-N10E (new)
  • RT-N10U (new)
  • RT-N56U (new)
  • RT-N66U (new)
D-Link
  • DES-1210-08P (new)
  • DIR-300 (new)
  • DIR-300A (new)
  • DSR-250N (new)
  • DSR-500N (new)
  • DSR-1000 (new)
  • DSR-1000N (new)
Huawei
  • HG8245 (new)
Linksys
  • E1200
  • E2500
  • E3000 (new)
  • E3200 (new)
  • E4200 (new)
  • RV082 (new)
  • WRVS4400N
Mikrotik
  • CCR1009 (new)
  • CCR1016
  • CCR1036
  • CCR1072
  • CRS109 (new)
  • CRS112 (new)
  • CRS125 (new)
  • RB411 (new)
  • RB450 (new)
  • RB750 (new)
  • RB911 (new)
  • RB921 (new)
  • RB941 (new)
  • RB951 (new)
  • RB952 (new)
  • RB960 (new)
  • RB962 (new)
  • RB1100 (new)
  • RB1200 (new)
  • RB2011 (new)
  • RB3011 (new)
  • RB Groove (new)
  • RB Omnitik (new)
  • STX5 (new)
Netgear
  • DG834 (new)
  • DGN1000 (new)
  • DGN2200
  • DGN3500 (new)
  • FVS318N (new)
  • MBRN3000 (new)
  • R6400
  • R7000
  • R8000
  • WNR1000
  • WNR2000
  • WNR2200 (new)
  • WNR4000 (new)
  • WNDR3700 (new)
  • WNDR4000 (new)
  • WNDR4300 (new)
  • WNDR4300-TN (new)
  • UTM50 (new)
Qnap
  • TS251
  • TS439 Pro
  • Other QNAP NAS devices running QTS software
TP-Link
  • R600VPN
  • TL-WR741ND (new)
  • TL-WR841N (new)
Ubiquiti
NSM2 (new)
  • PBE M5 (new)
  • Upvel
    • Unknown models (new)
    ZTE
    • ZXHN H108N (new)
via cnet

Update your Android now – many holes fixed including ‘BroadPwn’ Wi-Fi bug

yowasuphomeboy 12:51 PM   , , , ,  

Google’s July 2017 security fixes for Android are out.
As far as we can see, there are 138 bugs listed, each with its own CVE number, of which 18 are listed with the tag “RCE”.
RCE stands for Remote Code Execution, and denotes the sort of vulnerability that could be abused by a crook to run some sort of program sent in from outside – without any user interaction.
Generally speaking, RCE bugs give outsiders a sneaky chance to trigger the sort of insecure behaviour that would usually either pop up an obvious “Are you sure?” warning, or be blocked outright by the operating system.
In other words, RCEs can typically be used for so-called “drive-by” attacks, where just visiting a web page or looking at an email might leave you silently infected with malware.
The majority of the July 2017 RCE bugs in Android appear under the heading “Media framework”, which means they are Android flaws that are exposed when files such as images or videos are processed for display.
Like the infamous Stagefright bug in Android back in 2015, bugs of this sort can potentially be triggered by actions that don’t arouse suspicion, because images and videos can unexceptionably be embedded in innocent-looking content such as MMS messages and web pages.
There’s also an RCE bug in Android’s built-in FTP client – this one affects all Android versions still getting patches, from 4.4.4 all the way to 7.1.2.
We’re not sure how easy it is to trigger this bug, but we’re assuming it’s tricky to exploit because Google gives it only a moderate rating.
(Mild risk ratings are unusual for RCEs – they usually attract a high or critical rating because there’s a lot at stake if an RCE vulnerability does get exploited.)

“Proximate attacker” warning

The most intriguing bug this month, however, is an RCE flaw in the Broadcom Wi-Fi code that’s used by Android devices equipped with certain Broadcom wireless chips.
According to Google, “a proximate attacker [could] execute arbitrary code within the context of the kernel”.
In plain English, that means a crook who’s within Wi-Fi range could fire off booby-trapped network packets at your Wi-Fi hardware, trigger a bug in the wireless device…
…and end up with the same programmatic powers as the Android operating system on your device.
Given that the Android kernel is responsible for keeping your apps apart, for example by preventing the new fitness app you just installed from sneaking a look at your browsing history, a security compromise inside the kernel itself is about as serious as it gets.
Unfortunately, we can’t yet give you any real detail about the Broadcom RCE patch.
The researcher who found the bug will be presenting his findings at the end of July 2017 at the Black Hat 2017 conference in Las Vegas.
Until then, all we really have are teasers for his forthcoming talk, and a the funky-sounding name BroadPwn for the vulnerability.
(Understandably, no one who’s about to unveil a cool exploit at Black Hat wants to risk giving away a TL;DR version before the talk takes place – that would be like leaking the names of the Oscar winners a week before the awards ceremony.)
Interestingly, back in April 2017, a number of security issues in Broadcom wireless firmware were found to affect both iOS and Android devices – so if you’re an iPhone user, don’t be surprised if this month’s Google patches are quickly followed by a security patch from Apple, too.

What to do?

As usual, we’re going to repeat our usual mantra: “Patch early, patch often.”
What we can’t tell you is when the vendors of devices other than Google’s own Nexus and Pixel phones will be ready with their patches – if you’re worried, ask your vendor or the carrier who supplied your device.
Also, we can’t give you a handy list of the thousands of different Android devices out there that not only include Broadcom wireless cards but also have firmware that’s affected by the BroadPwn bug.
Once again, if you are worried, ask your supplier or mobile carrier.
Having said that, we can offer you Sophos Mobile Security for Android, 100% free of charge: although it won’t patch the abovementioned security holes for you, it will stop you from browsing to risky websites and from downloading booby-trapped adware and malware apps.
A good Android anti-virus not only makes it harder for crooks to push risky content onto your device but also stops them pulling you towards phishing pages, survey scams and other criminally oriented websites.

Update your iPhone to avoid being hacked over Wi-Fi

yowasuphomeboy 11:16 AM   , , , , ,  

It’s only been five days since Apple’s last security update for iOS, when dozens of serious security vulnerabilities were patched.
As we mentioned last week, the recent iOS 10.3 and macOS 10.12.4 updates included numerous fixes dealing with “arbitrary code execution with kernel privileges”.
Any exploit that lets an external attacker tell the operating system kernel itself what to is a serious concern that ought to be patched as soon as possible – hesitation is not an option.
After all, it’s the kernel that’s responsible for managing security in the rest of the system.





Take this analogy with pinch of salt, but an exploit that gives a remote attacker regular user access is like planting a spy in the Naval corps with a Lieutenant’s rank.
If you can grab local administrator access, that’s like boosting yourself straight to Captain or Commodore; but if you can own the kernel (this is not a pun), you’ve landed among the senior Admiral staff, right at the top of the command structure.
So make sure you don’t miss the latest we-didn’t-quite-get-this-one-out-last-time update to iOS 10.3.1:
iOS 10.3.1

Released April 3, 2017

Wi-Fi

Available for: iPhone 5 and later, 
               iPad 4th generation and later, 
               iPod touch 6th generation and later

Impact:        An attacker within range may be able to 
               execute arbitrary code on the Wi-Fi chip

Description:   A stack buffer overflow was addressed 
               through improved input validation.

CVE-2017-6975: Gal Beniamini of Google Project Zero
This is rather different from the usual sort of attack – the main CPU, operating system and installed apps are left well alone.
Most network attacks rely on security holes at a much higher level, in software components such as databases, web servers, email clients, browsers and browser plugins.
So, attacking the Wi-Fi network card itself might seem like small beer.
After all, the attacks that won hundreds of thousands of dollars at the recent Pwn2Own competition went after the heart of the operating system itself, to give the intruders what you might call an “access all areas” pass.
Nevertheless, the CPU of an externally-facing device like a Wi-Fi card is a cunning place to mount an attack.
It’s a bit like being just outside the castle walls, on what most security-minded insiders would consider the wrong side of the moat and drawbridge.
But with a bit of cunning you may be able to position yourself where you can eavesdrop on every message coming in and out of the castle…
…all the while being ignored along with the many unimportant-looking peasants and hangers-on who’ll never have the privilege of entering the castle itself.
Better yet, once you’ve eavesdropped on what you wanted to hear, you’re already on the outside, so you don’t have to run the gauntlet of the guards to get back out to a place where you can pass your message on.

What to do?

As far as we know, this isn’t a zero-day because it was responsibly disclosed and patched before anyone else found out about it.
Cybercrooks have a vague idea of where to start looking now the bug that has been described, but there’s a huge gap between knowing that an exploitable bug exists and rediscovering it independently.
We applied the update as soon as Apple’s notification email arrived (the download was under 30MB), and we’re happy to assume that we’ve therefore beaten even the most enthusiatic crooks to the punch this time.
You can accelerate your own patch by manually visiting Settings | General | Software Update to force an upgrade, rather than waiting for your turn in Apple’s autoupdate queue.
Subscribe to: Posts (Atom)