Routers, IP Cameras/Phones & IoT Devices can be Security Risks even with the Latest Firmware, and a Strong Admin Password

ZTE-ZXHN-F600W

I’ve just read an interesting article entitled “who makes the IoT things under attack“, explaining that devices connected to the Internet such as router, IP cameras, IP Phones, etc.. may be used by Botnet to launch DDoS attacks, and they do so using the default username and password. So you may think once you’ve updated the firmware when available, and changes the default admin/admin in the user interface, you’d be relatively safe. You’d be wrong, because the malware mentioned in the article, Mirai, uses Telnet or SSH trying a bunch of default username and password. That made me curious, so I scanned the ports on my TP-Link wireless router and ZTE ZXHN F600W fiber-to-the-home GPON modem pictured below, and installed by my Internet provider, the biggest in the country I live, so there may be hundred of thousands or millions of such modems in the country with the same default […]

Roqos Core AC Router Runs Debian on Intel Atom Bay Trail-I Processor for $19… Plus Monthly Subscriptions

Roqos Core router is interesting on several front. First it’s quite powerful and features-rich with an Intel Atom E3845 processor, five Gigabit Ethernet ports, 802.11ac WiFi, a USB 3.0 port, and even an HDMI port allowing you to use it as a Media Center too. It should also be quite customizable, software wise, since it runs Debian, and finally the business model is also different, as you only need to pay $19 for the router, with the catch that you need to subscribe Roqos Service with “advanced cybersecurity and parental control features” for $17 per month for at least 12 months, bringing the total to $223. After one year, you can opt out of the cloud service, and continue to use the router without the extra security features. Roqos Core RC10 router hardware specifications: SoC – Intel Atom Bay Trail-T E3845 quad core processor @ up to 1.91 GHz (10W […]

u-Blox Unveils SARA-R4 LTE Cat M1 and SARA-N2 NB-IoT Modules for Professional IoT Applications

While I’ve mostly read about SigFox and LoraWan solutions for long range, low power, and low bitrate communications for the Internet of Things so far, there are many active of planned LPWAN standards for IoT applications, and 3GPP Release 13 standard stipulates two LTE LPWAN standards, namely LTE Cat M1 (eMTC) and LTE Cat NB1 (NB-IoT), with the former  supporting 1 Mbps downlink and uplink peak data rates, and the latter 250 Kbps downlink, and 250 Kbps (multi-tone) or 20 Kbps (single tone) uplink data rates. U-Blox has released modules for both standard with SARA-R4 LTE Cat M1  and SATA-N2 NB-IoT modules. SARA-N2 Cat NB1 cellular module specifications: LPWAN Connectivity – 3GPP Release 13 NB1; NB-IoT bands: 5, 8, 20; downlink: 227 Kbps, uplink: 21 Kbps Positioning – GNSS via Modem Interfaces – 1x UART, 1x SPI, 2x GPIO, 1x DDC(I2C) for GNSS Features – Antenna supervisor, embedded IPv4 & […]

Rockchip RV1108 Cortex A7 + DSP SoC is Made for Audio & Video Conference and Recording Applications

[Update May 2017: Rockchip has renamed RK1108 to RV1108.] Rockchip has introduced RV1108 ARM Cortex A7 SoC with a 600 MHz DSP targeting visual communication, consumer electronics, automotive DVR, and security applications thanks to its 8-channel I2S audio codec and 1440p H.264 video encoder and decoder. Detailed specifications can be found on the official Rockchip Wiki: CPU – Single-core ARM Cortex-A7 Core processor with NEON and FPU,  32KB/32KB L1 I-Cache/D-Cache, Unified 128KB L2 Cache, and Trustzone Video/Image DSP – Up to 600 MHz, 32KB I-TCM and 32KB I-cache, 128KB D-TCM Memory 12KB internal SRAM DDR3/DDR3L interface – 16 Bits data width, 1 ranks (chip selects), up to 512 MB RAM NAND Flash Interface – 8-bit async NAND flash, 16-bit hardware ECC eMMC Interface – Compatible with standard iNAND interface, eMMC 4.51 standard. SD/MMC Interface – Compatible with SD 3.0, MMC 4.41 System Component 2x 64-bit timers with interrupt-based operation 8x […]

Google QUIC is a Secure UDP Protocol Aiming to Replace TCP + TLS

A lot of traffic over the Internet goes through  secure https connections. Under the hood this requires a 3-way handshake to establish a TCP connection, followed by even more packets exchanged between the client and server to negotiate TLS in order to establish a secure connection.  Google is now working one the new experimental QUIC protocol that uses the “send and forget” UDP protocol, together with its own crypto, and its own way to making sure the connection is properly establish. The whole idea about QUIC is to reduce the effect of latency (e.g. ping time) by exchanging less messages to achieve the same secure connectivity. For example, if there’s a 200ms latency between a server and a client, and if a TCP connection requires 4 packets, while a QUIC/UDP connection requires only 1 packet, you’ll save about 600ms. One downside with UDP according to Jim Roskind, designer of QUIC, […]

Embedded Linux Conference & IoT Summit Europe 2016 Schedule

Embedded Linux Conference & IoT summit 2016 first took place in the US in April, but the events are now also scheduled in Europe on October 11 – 13 in Berlin, Germany, and the schedule has now been published. Even if you are no going to attend, it’s always interesting to find out more about the topic covered in that type of events, so I had a look, and created my own virtual schedule with some of the sessions. Tuesday, October 11 10:40 – 11:30 – JerryScript: An Ultra-lightweight JavaScript Engine for the Internet of Things – Tilmann Scheller, Samsung Electronics JerryScript is a lightweight JavaScript engine designed to bring the success of JavaScript to small IoT devices like lamps, thermometers, switches and sensors. This class of devices tends to use resource-constrained microcontrollers which are too small to fit a large JavaScript engine like V8 or JavaScriptCore. JerryScript is heavily […]

Wanscam HW0029-4 is a Solar Powered All Weather IP Security Camera with WiFi, 3G/4G Connectivity

I’ve just watched a video on ARMDevices.net about Enlaps Tikee solar powered device designed to take timelapses over several days and transfer the pictures / video over WiFi, 3G, or 4G. The project has been fully funded on Indiegogo at the beginning of the year, and shipping is scheduled for Q4 2016. It looks like an interesting device for a niche market, but since I’ve noticed some products launched on Kickstarter already exists in one form or another in China, I’ve decided to have a look on Aliexpress, and I found Wanscan HW00269-4 solar powered camera with 3G/4G connectivity, and while it addresses a completely different need, as a 720p IP security camera, I still decided to have a closer look. Wanscam HW0029-4 specifications: SoC – Hisilicon Hi3518E ARM9 processor @ 440 MHz Storage – Built-in 16GB, expandable to 128GB Camera / video recording 1/2 1MP Star light CMOS sensor 8mm […]

UL Goes Beyond Electrical Safety with UL 2900 IoT Security Standard

UL is a company providing testing and safety certifications with electrical, building, fire, mechanical and other codes to ensure products sold to consumers and companies are as safe as possible, and follow their UL standards. For example, you should probably look for the UL logo on any 100~240V electrical appliances, power supplies, etc… to make sure you purchase safe products, and also in order to avoid voiding any insurance you may have in case of fire. The company is now getting into cybersecurity, specifically for IoT security, with UL 2900 standard. The standard is currently divided into three parts: UL 2900-1 – Outline of Investigation for Software Cybersecurity for Network-Connectable Products, Part 1: General Requirements UL 2900-2-1 – Outline of Investigation for Software Cybersecurity for Network-Connectable Products, Part 2-1: Particular Requirements for Network Connectable Components of Healthcare Systems UL2900-2-2 – Outline of Investigation for Software Cybersecurity for Network-Connectable Products, Part […]

EmbeddedTS embedded systems design