security

Posted on by Jean-Luc Aufranc (CNXSoft) - 28 Comments on OpenWrt 21.02 released with WPA3, HTTPS, TLS enabled by default

OpenWrt 21.02 released with WPA3, HTTPS, TLS enabled by default

OpenWrt 21.02

OpenWrt 21.02 has just been released with higher security with WPA3, HTTPS & TLS enabled by default, as well as initial support for the Distributed Switch Architecture (DSA), the Linux standard for configurable Ethernet switches. OpenWrt is the most popular open-source Linux distribution for routers and entry-level Linux-capable embedded systems, and the latest release includes over 5800 commits since the release of OpenWrt 19.07 in January 2020. WPA3 was already supported in OpenWrt 19.07, but not enabled by default,  OpenWrt 20.02 changes that, together with TLS thanks to trusted CA certificates from Mozilla. That means LuCi interface, wget, opkg package manager can all support HTTPS out-of-the-box. Note that HTTPS redirection can be disabled for LuCI in the configuration files. Another security change is that SELinux is now supported by OpenWrt, but not enabled by default. OpenWrt 21.02’s DSA implementation replaces the current swconfig system, but not all targets have been […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 7 Comments on Realtek AP-Router SDK vulnerabilities could impact millions of routers and IoT devices

Realtek AP-Router SDK vulnerabilities could impact millions of routers and IoT devices

Realtek SDK vulnerabilities

The IoT Inspector Research Lab has discovered four high and critical vulnerabilities in the Realtek AP-Router “Jungle” SDK used for RTL819x SoCs that could impact millions of WiFi routers and dongles. An attacker can use a network attack, e.g. without physical access to the device, to generate a buffer or stack overflow helping him access the system and execute his own code. Realtek has released an advisory (PDF) with patchsets for all four vulnerabilities so you should upgrade the firmware if you can. Summary of the four vulnerabilities: CVE-2021-35392 – Realtek Jungle SDK version v2.x up to v3.4.14B provides a ‘WiFi Simple Config’ server called wscd or mini_upnpd that implements both UPnP and SSDP protocols. The server is vulnerable to a heap buffer overflow that is present due to unsafe crafting of SSDP NOTIFY messages from received M-SEARCH messages ST header. CVE-2021-35393 – Also impacts ‘WiFi Simple Config’ server (wscd […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 9 Comments on $23 N6110E NVR supports AI features, 10TB SATA drive, up to 10 video channels

$23 N6110E NVR supports AI features, 10TB SATA drive, up to 10 video channels

N6110E SigmaStar SSR621Q network video recorder

Network video recorders (NRV) typically cost a couple of hundred dollars, but in the past, we noted a low-cost, entry-level NVR with a single Ethernet port may sell for under $50. But now, I’ve been made aware that $20 Linux-based NVR’s had shown up on Aliexpress either based on XM8536D processor, or SigmaStar SSR621Q dual-core Cortex-A7 processor.  I’ll look at the N6110E model with the latter that sells for $22.99 plus shipping as it includes an enclosure and is said to support up to 10 channels, as well as AI features such as face & human body detection, “auto tracking” (vehicle tracking?), and mixed-traffic detection. N6110E NVR specifications: SoC – SigmaStar SSR621Q processor/DSP with two Cortex-A7 cores, 256MB DDR3 RAM according to linux-chenxing Video decoding – H.265 , H.264 up to 1x 8MP @ 30 fps, 1x 5MP @ 30 fps, 2x 4MP @ 30fps, 4x 3MP @ 20 fps, […]

Posted on by Jean-Luc Aufranc (CNXSoft) - No Comments on Foscam SPC WiFi Spotlight Camera Review – Part1: Unboxing and Teardown

Foscam SPC WiFi Spotlight Camera Review – Part1: Unboxing and Teardown

WiFi Spolight camera

I’ve been reviewing a few IP cameras with built-in AI features with Vacom Cam, Reolink RLC-810A, and Annke CZ400 AI security camera which had by far the most advanced features going beyond human detection with luggage monitoring, line crossing-detection, and many more. Today, I’ve received another model with basic human detection. But Foscam SPC security camera also happens to come with a motion-activated spotlight, and it is the first camera I’ve ever received with support for dual-band WiFi meaning 2.4GHz or 5 GHz WiFi can be used as needed. In the first part of the review, I’ll go through the specs, do an unboxing, and go through teardown photos to check the internals. Foscam SPC key features and specifications Some of the highlights listed in the user manual and package: Camera 4MP camera up to 2560×1440 resolution @ 25 fps, 156° view of view (diagonal) HDR support 2x white LED […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 16 Comments on TPM 2.0 modules quadruple in price, run out of stock following Windows 11 announcement

TPM 2.0 modules quadruple in price, run out of stock following Windows 11 announcement

TPM 2.0 module price

Microsoft announced Windows 11 with new system requirements that include having hardware with a TPM 2.0 chip. Yesterday, we noted that could be an issue, as not all computers, laptops, and tablets may come with a Trusted Platform Module (TPM), especially if version 2.0 is required. Microsoft explains it’s for a good reason, name improved security, but the requirement has already had an impact on the market, even though Windows 11 is not officially available just yet, as TPM 2.0 modules have quadrupled in price according to a Tweet from Shen Ye, senior director, global head of hardware products for HTC. Note that while the bottom scale shows dates, it only shows dates when the price changes and the price was indeed $24.90 before Microsoft’s announcement, and gradually went up to $99.90 within 12 hours. At the time of writing, that module is out of stock on Amazon. Shen further […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 4 Comments on Software bills of materials (SBOM) could help improve cybersecurity

Software bills of materials (SBOM) could help improve cybersecurity

Software bill of materials

There have been some widely publicized hacks in recent months including the SolarWinds hack and the Colonial pipeline cyber attack. Those two were particularly costly and disruptive, and the US government issued an executive order that lists some of the requirements to stretch cybersecurity. Since there are many attach vectors, the list of requirements is fairly long, but one that caught my eyes in the “Enhancing Software Supply Chain Security” section reads as follows: (vii) providing a purchaser a Software Bill of Materials (SBOM) for each product directly or by publishing it on a public website; Bills of materials (BoM) are commonly used for hardware design, but the idea behind a software bill of materials is to make sure outdated software libraries with known vulnerabilities are not included in a specific program. The 2021 Open Source Security and Risk Analysis (OSSRA) report exposes vulnerabilities and license conflicts found in more […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 2 Comments on Edge AI system combines Foxconn FXN3102 Arm SoC with Hailo-8 or Lightspeeur 2801S AI accelerator

Edge AI system combines Foxconn FXN3102 Arm SoC with Hailo-8 or Lightspeeur 2801S AI accelerator

Foxconn FXN3102 edge ai computing system

Did you know Foxconn makes processors now? Well, they do, or at least can pretend they do to as we’ll see below. Foxconn FXN3102 24-core Arm Cortex-A53 processor is found in Vecow VAC-1000, a compact Edge AI computing system, that also features either an Hailo-8 AI accelerator or Gyrfalcon Lightspeeur 2801S NPU. The Ubuntu 18.04 server system also comes with up to 16GB DDR4-2133 memory, optional NX Witness VMS (Video Management System) supported, and targets intelligent surveillance applications such as public surveillance or traffic monitoring, as well as smart retail, factory automation, and any other AIoT/Industry 4.0 applications. Vecow VAC-1000 specifications: SoC – Foxconn FXN3102 24-core Arm Cortex-A53 processor @ up to 1.0 GHz System Memory – 8GB or 16GB DDR4 2133MHz ECC SO-DIMM Storage 64GB eMMC flash, 512MB SPI Flash, up to 512KB EEPROM 1x SATA III port up to 6 Gbps 1x M.2 2280 Key M socket for […]

Posted on by Jean-Luc Aufranc (CNXSoft) - 3 Comments on Sonoff & Tuya smart plugs found to transmit unencrypted passwords

Sonoff & Tuya smart plugs found to transmit unencrypted passwords

Sonoff Tuya security vulnerability

There are many low-cost smart plugs based on ESP8266 that provide a convenient way to control lights or home appliances with your smartphone. But cybersecurity firm A&O IT Group found vulnerabilities in ITEAD’s Sonoff S26 and Ener-J Wi-fi (Tuya) smart plugs that would allow an attacker to easily access your wireless network. The first security vulnerability is pretty common and hard to exploit since it’s only a concern during the setup.  Sonoff S26 starts itself into access point mode with ITEAD-1001xxxxxx SSID, and is set up through the eWelink app with the user not needing to know the password. But with older firmware is was needed, so ITEAD still shares the default password: 12345678 in the user manual, and it can be used to connect to the smart plug by anyone. But once configured, it’s not accessible anymore as the smart plug should be in client mode connected to your […]