All posts in “wi-fi”

How to buy the best router

With all the connected home products, smart TVs, smartphones, and other mobile devices ruling our lives, it’s more important than ever to outfit your home or business with a wireless router that can handle the increased demand for Wi-Fi connectivity.  Here’s what you need to know when buying a router.

Miku watches your baby (and your baby’s heartbeat) while you relax

Using technology that sounds like it comes straight out of Predator, Miku is a new baby monitor that watches and senses your baby’s vitals in real time. The system not only broadcasts a secure feed of your baby’s sleep time but it also analyzes the heart rate and breathing without wearables.

The system uses military technology to sense the baby’s vitals and it will store video even if the Wi-Fi goes out.

The Miku Baby Monitor uses patent-pending AI and machine learning technology called SensorFusion, which combines optical and wireless sensing to build a full and accurate picture of the baby’s critical health metrics with no wires or wearables. Beyond breathing and sleeping patterns, these sensors track temperature and humidity levels to ensure the baby’s environment is stable. Miku’s technology and corresponding app work with smartphones from anywhere in the world and sends instant alerts when it matters most, giving parents a tranquil peace of mind.

The app also records data over time, giving the parents a better understanding of sleep patterns and the like. Developed by CEO and new parent Eric White, the Miku builds on White’s experience building gear and software for the Department of Defense, ITT, L3 and Picatinny.

The team believes the monitor will also work will with elder care as well, allowing worried children to keep an eye on their parents.

“The Miku Baby Monitor is only the beginning for us,” said White. “As a new father, I know there is a huge need for this level of technology and sophistication in a product people entrust to help care for their loved ones. The applications for Miku’s technology are limitless.”

The Miku is available for order now and costs $399.

Netgear adds gigabit routers to its Orbi mesh

My favorite mesh gear, Netgear’s Orbi, has gotten a considerable speed update. The new router, called the RBK50, supports Wi-Fi 6 802.11ax technology which will send gigabit wireless speeds from router to router in your mesh.

WiFi 6 is still new to the industry and there isn’t much support outside of specific hardware like this.

Performance of the industry leading Orbi Mesh Wi-Fi Systems is improved by adding 1024 QAM with a 4×4 Wi-Fi 6 backhaul, increasing the speeds, coverage and capacity of this dedicated wireless link between the Orbi router and satellites.

With an advanced Wi-Fi 6 networking SoC from Qualcomm Technologies, Inc., Orbi with Wi-Fi 6 will support even higher performance simultaneous Wi-Fi streams, making it possible to deliver gigabit internet to far more devices and enable these gigabit internet homes to take advantage of new Wi-Fi 6 performance, which will be designed into the next generation of mobile and smart home devices.

The new routers will ship in Q3 2019 or later. No pricing is available yet.

D-Link thinks 5G will cut your cords forever

Network gear maker D-Link just announced a 5G router that sends high-speed Wi-Fi through your house without cables. The router, called the DWR-2010, should allow users to get massive speeds over 5G networks without running cable. Don’t expect to pick this up at the local Best Buy, however, as the 5G router will probably ship from wireless service providers.

The DWR-2010 also offers customization options for service providers, making it suitable for deployment on a range of network configurations. The gateway features an embedded 5G NR (New Radio) NSA module and can operate on the sub-6 GHz or mmWave frequencies in 200 MHz (2 x 100 MHz) or 800 MHz (8 x 100 MHz) configurations. Complete with remote management (TR-069) and FOTA, the DWR-2010 provides hassle-free operation and a better customer experience.

D-Link also announced some new Exo mesh routers as well as a cute little mydlink devices including a smart switch and a weird little water sensor that will warn you when your water heater explodes. The Indoor Wi-Fi Smart Plug (DSP-W118) and Outdoor Wi-Fi Smart Plug (DSP-W320) will control your lights and appliances both indoors and out.

Expect these cool tools to hit stores in Q2 2019.

Google sat on a Chromecast bug for years, now hackers could wreak havoc

Google was warned of a bug in its Chromecast media streaming stick years ago, but did not fix it. Now, hackers are exploiting the bug — and security researchers say things could get even worse.

A hacker, known as Hacker Giraffe, has become the latest person to figure out how to trick Google’s media streamer into playing any YouTube video they want — including videos that are custom-made. This time around, the hacker hijacked thousands of Chromecasts, forcing them to display a pop-up notice that’s viewable on the connected TV, warning the user that their misconfigured router is exposing their Chromecast and smart TV to hackers like himself.

Not one to waste an opportunity, the hacker also asks that you subscribe to PewDiePie, an awful internet person with a popular YouTube following. (He’s the same hacker who tricked thousands of exposed printers into printing support for PewDiePie.)

The bug, dubbed CastHack, exploits a weakness in both Chromecast and the router it connects to. Some home routers have enabled Universal Plug and Play (UPnP), a networking standard that can be exploited in many ways. UPnP forwards ports from the internal network to the internet, making Chromecasts and other devices viewable and accessible from anywhere on the internet.

As Hacker Giraffe says, disabling UPnP should fix the problem.

“We have received reports from users who have had an unauthorized video played on their TVs via a Chromecast device,” a Google spokesperson told TechCrunch. “This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable,” the spokesperson said.

That’s true on one hand, but it doesn’t address the years-old bug that gives anyone with access to a Chromecast the ability to hijack the media stream and display whatever they want, because Chromecast doesn’t check to see if someone is authorized to change the video stream. (Google did not respond to our follow-up question.)

Hacker Giraffe sent this YouTube video to thousands of exposed Chromecast devices, warning that their streams could be easily hijacked. (Screenshot: TechCrunch)

Bishop Fox, a security consultancy firm, first found the bug in 2014, not long after the Chromecast debuted. The researchers found that they could conduct a “deauth” attack that disconnects the Chromecast from the Wi-Fi network it was connected to, causing it to revert back to its out-of-the-box state, waiting for a device to tell it where to connect and what to stream. That’s when it can be hijacked and forced to stream whatever the hijacker wants. All of this can be done in an instant — as they did — with a touch of a button on a custom-built handheld remote.

Two years later, U.K. cybersecurity firm Pen Test Partners discovered that the Chromecast was still vulnerable to “deauth” attacks, making it easy to play content on a neighbor’s Chromecasts in just a few minutes.

Ken Munro, who founded Pen Test Partners, says there’s “no surprise that somebody else stumbled on to it,” given both Bishop Fix found it in 2014 and his company tested it in 2016.

“In fairness, we never thought that the service would be exposed on the public internet, so that is a very valid finding of his, full credit to him for that,” Munro told TechCrunch.

He said the way the attack is conducted is different, but the method of exploitation is the same. CastHack can be exploited over the internet, while Bishop Fox and his “deauth” attacks can be carried out within range of the Wi-Fi network — yet, both attacks let the hacker control what’s displayed on the TV from the Chromecast, he said.

Munro said Google should have fixed its bug in 2014 when it first had the chance.

“Allowing control over a local network without authentication is a really silly idea on [Google’s] part,” he said. “Because users do silly things, like expose their TVs on the internet, and hackers find bugs in services that can be exploited.”

Hacker Giraffe is the latest to resort to “Good Samaritan security,” by warning users of the issues and providing advice on how to fix them before malicious hackers take over, where tech companies and device makers have largely failed.

But Munro said that these kinds of attacks — although obnoxious and intrusive on the face of it — could be exploited to have far more malicious consequences.

[embedded content]

In a blog post Wednesday, Munro said it was easy to exploit other smart home devices — like an Amazon Echo — by hijacking a Chromecast and forcing it to play commands that are loud enough to be picked up by its microphone. That’s happened before, when smart assistants get confused when they overhear words on the television or radio, and suddenly and without warning purchase items from Amazon. (You can and should turn on a PIN for ordering through Amazon.)

To name a few, Munro said it’s possible to force a Chromecast into loading a YouTube video created by an attacker to trick an Echo to: “Alexa, order an iPad,” or, “Alexa, turn off the house alarm,” or, “Alexa, set an alarm every day at 3am.”

Amazon Echos and other smart devices are widely considered to be secure, even if they’re prone to overhearing things they shouldn’t. Often, the weakest link are humans. Second to that, it’s the other devices around smart home assistants that pose the biggest risk, said Munro in his blog post. That was demonstrated recently when Canadian security researcher Render Man showed how using a sound transducer against a window can trick a nearby Amazon Echo into unlocking a network-connected smart lock on the front door of a house.

“Google needs to properly fix the Chromecast deauth bug that allows casting of YouTube traffic,” said Munro.