Network Connectivity Devices Archive

AT&T moves towards a Mi-Fi with full 5G and Wi-Fi 6 for the American market

Article AT&T Netgear Nighthawk 5G Pro MiFi router press picture courtesy of AT&T

AT&T adds new a Netgear 5G hotspot that you will actually be able to buy | CNet

From the horse’s mouth

AT&T

NETGEAR Nighthawk 5G Hotspot Pro Arrives at AT&T Sept. 18 (Press Release)

5G Product Page (announcing pending arrival of this Mi-Fi hotspot)

NETGEAR

NIGHTHAWK® M5 MOBILE ROUTER (MR5200) – Product Page

My Comments

Telstra has become the first telco in the world to offer a “Mi-Fi” mobile-broadband router that supports both 5G mobile broadband across all bands including mmWave on the Internet side and Wi-Fi 6 connectivity on the LAN side. This was offered when they initially launched their 5G mobile broadband service and this kind of coverage was important for Australian use where 5G services are likely to be deployed in sparsely-populated regional and rural areas.

AT&T now is offering to the general American public a Mi-Fi device that works on the full 5G waveband for its Internet connection side, and Wi-Fi 6 for its local network side. Here, that covers the lower frequencies of the 5G waveband along with the higher frequencies associated with mmWave coverage.

They previously offered a 5G Mi-Fi device but this was offered to a very limited customer base. Also Verizon offers a similar device with 5G and Wi-Fi 6 but their device only works the mmWave bands rather than the whole of the 5G band.

In addition, the Netgear Nighthawk 5G Mobile Hotspot Pro, also known as the MR5200,  that AT&T offers has an Ethernet LAN connection for use with printers, network-attached storage devices, desktop computers and smart TVs. It has USB-C connectivity, most likely for power and data (5G modem) functionality.

The Netgear Nighthawk 5G Mobile Hotspot Pro is fit for purpose with American emergency service thanks to its ability to work with FirstNet, which is AT&T’s LTE emergency-services communications network,

This device is expected to cost US$510 upfront or US$17 / month over 30 months before service costs. As well, AT&T are offering data service plans for this device with you paying US$60 per month for a 15Gb monthly data allowance or US$85 per month for 35Gb.

Their overage fee is US$10 for every 2Gb over your plan’s limit and, at the moment, they don’t have a “throttled bandwidth” option available for their plans in lieu of that. That will limit AT&T’s 5G mobile-broadband service’s role to a secondary or temporary Internet service. It is symptomatic of an American telecommunications and Internet-service that has become highly concentrated over the last five years with it heading slowly back to the “Ma Bell” days.

AT&T is rolling out 5G mobile-broadband coverage over most of the key cities in the USA that matter with this coverage increasing at the moment.

But AT&T’s Netgear Nighthawk 5G Mobile Hotspot Pro is one of the first devices of this kind offered to a dense Northern-Hemisphere country that ticks all the boxes for the latest wireless mobile-communications technologies. That is to provide 5G mobile broadband across the low frequency bands and high-frequency mmWave bands and supply this data across a Wi-Fi 6 LAN.

It is showing that mobile-telephony carriers are fronting up with Mi-Fi devices that work the 5G mobile broadband and WI-Fi 6 standards, leading to some very capable devices and services.

Send to Kindle

AVM moves towards value-priced Wi-Fi 6 with the FritzBox 7530 AX

Article – German Language / Deutsche Sprache

AVM FritzBox 7530 press image courtesy of AVM GmBH

AVM to launch the Wi-Fi 6 version of the FritzBox 7530 modem router in Germany as the FritzBox 7530 AX – an affordable Wi-Fi 6 option

AVM Fritz!Box 7530 AX kann vorbestellt werden | Caschy’s Blog

Das ist die neue AVM Fritz!Box 7530 AX | Caschy’s Blog

My Comments

This year is being the year where some home-network hardware manufacturers are offering Wi-Fi routers equipped with Wi-Fi 6 to the mainstream user segment. This includes some of these devices being offered either at an affordable price or as carrier-supplied equipment when you sign up to Internet service. As well some of the devices being offered are infact modem routers that have an integrated modem for the broadband service.

Now AVM has joined the party by offering the FritzBox 7530 AX home Internet gateway router initially to the German market. This unit, which will retail there from 1 September for approximately EUR€169 is based on the FritzBox 7530 modem-router family.

But its Wi-Fi access point is compliant to Wi-Fi 6 (IEEE 802.11ax) wireless-networking standards and uses a 2-stream approach for each waveband. This means it will offer 1200Mb/s data transfer speed on the 5GHz waveband and 600Mb/s on the legacy 2.4GHz waveband. It has a VDSL modem along with the ability to have one of the four Gigabit Ethernet LAN ports as a WAN (Internet service) port for fibre-optic connectivity.

There is VoIP capability with a built-in analogue telephony adaptor for legacy handsets along with a DECT base station for DECT cordless handsets. It supports DECT-ULE-based home automation with a primary intention to work with AVM’s DECT-ULE home-automation devices, namely their smart plugs and thermostatic radiator valves.

Of course, there will be the secure reliable home-network expectations that AVM is know for. This includes keeping these devices automatically updated with the latest firmware, something that was considered out of the ordinary for this class of device.

What is being highlighted is the idea of more companies providing Wi-Fi 6 as part of a commodity-priced home-network router, which will lead to this wireless-network technology becoming more ubiquitous.

Send to Kindle

Telstra’s latest Mi-Fi router ticks the boxes for future-proof operation

Article Telstra 5G Wi-Fi Pro mobile broadband router product picture courtesy of Telstra

Telstra now have a mmWave-capable 5G hotspot | PC World

From the horse’s mouth

Telstra

Telstra 5G Wi-Fi Pro router

Press Release

Product Page – has latest pricing and mobile-broadband service contracts

5G mmWave Mobile Broadband Technology

White Paper

My Comments

Telstra has fronted up with their latest premium portable mobile broadband router for the 5G mobile-broadband infrastructure. But this “Mi-Fi” known as the Telstra 5G Wi-Fi Pro ticks all the boxes as far as being future-proof is concerned.

Here, on the WAN (Internet) side, this device supports 5G with mmWave technology while on the LAN (local network) side, it works on the latest Wi-Fi 6 standard for 2.4GHz and 5GHz bands thus bringing your mobile network up to date with the latest standards.Of course it can work with existing 4G LTE networks and exploits what Telstra has to offer in this context.  This has a 4500mAh battery that can be removed and can run for nine hours providing full data transfer. It can be charged via a USB-C connection according to the QC 3.0 protocol and the open-frame Power Delivery 2.0 protocol, meaning you can charge it with your brand-new Ultrabook’s charger or run it for a long time using a USB-C PD powerbank.

The Telstra 5G Wi-Fi Pro costs AUD$599 straight up. Or you could buy this device on a post-paid Telstra service plan for AUD$24.95 / month on 24-month plan plus mobile data plan the cost of the mobile-broadband data service.

What is this mmWave 5G mobile broadband all about?

The mmWave 5G mobile broadband technology is an extremely-high-frequency variant of 5G mobile broadband technology which works between 24GHz to 100GHz. Telstra’s initial trial run of this technology at Gold Coast worked on 26GHz. The same technology has been sued with various fixed point-to-point wireless links and satellite-Internet services but is use as a mobile broadband technology is what is being identified here.

Due to the very short wavelength, mmWave 5G technology will have a short operating range of a few hundred metres from the base station. This means that to cover a significant area, the service provider will need to install many “femtocell” base stations across the area and they will typically operate at a signal strength similar to a Wi-Fi access point or router. It means that the electromagnetic energy levels are 1000 times below the maximum energy level expected for safe operation.

Therefore mmWave 5G technology is pitched for operating environments where there is a high concentration of users so as to avoid “loading” very few base stations with many users, thus denying the users adequate bandwidth. This is a situation most of us will have experienced when attempting to benefit from an Internet resource on our mobile devices while on a packed commuter train.

Here, you will see this technology be used at busy public-transport interchanges including airports; event venues like convention centres or sports stadiums; or shopping centres. You may even find it being used in high-rise residential, commercial and hotel developments where there is expected to be many people within the development.

At the moment, Telstra has to license the necessary spectrum in order to set up a mmWave 5G service and will need to see other devices come on board prepared for this technology.

mmWave 5G mobile broadband will simply be pressed in to service as a complementary technology to the existing 5G mobile broadband technologies. In this case it is about highly-concentrated operating environments with many devices.

Send to Kindle

An unmanaged Ethernet switch engineered for media streaming now available

Article

English Electric 8Switch audiophile Ethernet switch press picture courtesy of The Chord Company

English Electric 8Switch audiophile Gigabit Ethernet switch

English Electric’s NEW 8Switch Audiophile Ethernet Switch | Audio Bacon

From the horse’s mouth

English Electric

8Switch (Product Page)

My Comments

I have covered on HomeNetworking01.info the fact that the home network is being considered part of the home audio and video scene, even in the context of high-end applications where excellence is considered paramount. This is due to the rise of  audio-video content-streaming services including Spotify and Internet radio; along with the use of DLNA/UPnP-AV to facilitate the use of network-attached storage devices to share multimedia with dedicated home AV equipment. Have a look at these articles, and this one highlighting the Naim NDX audiophile network media player in order to see what I am about with this trend.

Naim NDS network audio player

… fit or audiophile network media players like the Naim NDX and NDS network media players

In the UK, where there is a significant small industry around esoteric hi-fi, a company has come forward with an unmanaged Gigabit Ethernet switch optimised for streaming multimedia, especially high-end music content. It is one of the first network-infrastructure devices targeted to the home or other small networks that is optimised for this purpose.

English Electric, a historic electrical-engineering brand resurrected by the Chord audiophile hi-fi connections brand, has answered the reality of the home network being part of a hi-fi setup. This is due to streaming content services like Internet radio, Spotify and Tidal along with the use of NAS units and DLNA-compliant network media players to play master-quality audio files through hi-fi setups.

Dish Joey 4K set-top box press picture courtesy of Dish Networks America

or set-top boxes and smart TVs associated with Netflix and similar online video services

This switch, known as the 8Switch, has been engineered for high data-packet reliability and resistance to electrical noise and mechanical vibration.

It uses a power supply of a similar standard to what would be used to power medical equipment in a hospital which is about providing clean reliable smooth power to the device while keeping AC-borne electrical interference out of the circuitry and network. The aluminium housing is designed to isolate the circuitry from surrounding mechanical vibration to assure reliable operation. Even the Ethernet sockets are optimised for high reliability and low noise in order to satisfy demanding audiophile/multimedia applications.

The clock circuitry that sequences the flow of data through the switch is specially optimised for real-time media streaming. This is thanks to a highly-optimised custom-designed crystal oscillator that assures high accuracy and reduced electrical noise, which yields reduced jitter and packet loss.

At the moment, the English Electric 8Switch is available in the UK for GBP£450 and is being sold through some UK-based hi-fi boutiques who sell Chord high-end audio cables. They will even throw in one of Chord’s audiophile/multimedia-grade Ethernet patch cords so you can connect it to your home network or a network AV component with the right cable.

Chord initially pitches the English Electric 8Switch being pitched to be used as a regional switch to interlink a cluster of network-enabled AV components include a NAS like a ripping NAS used primarily for storing multimedia content. It would be uplinked to your existing home-network router for Internet access when it comes to using streaming services or the rest of your home network.

I also see it of benefit for small-business and community-organisation audio/video setups that are heading towards using IP networks as an interconnection method. This would include those churches heading towards online livestreaming of services or small production teams using the latest network-based audio-video technology. It can even appeal to broadcast-LAN subsystems like Sat>IP where you are using multiple devices and want assured reliability for your devices’ network connection.

The English Electric 8Switch is another example of a home-network Ethernet switch that has been designed for a specific niche and devices like this could pave the way for companies to design network-infrastructure hardware that answer these specific needs.

Send to Kindle

Telstra is the first telco to supply home-network hardware that supports Wi-Fi EasyMesh

Telstra Smarty Modem Generation 2 modem router press picture courtesy of Telstra

Telstra Smart Modem Generation 2 – the first carrier-supplied modem router to be certified as compatible with Wi-Fi EasyMesh

Article – From the horse’s mouth

Telstra

Telstra offers world-first Wi-Fi EasyMesh™ standard in new Smart Wi-Fi Booster™ 2.0 (Press Release)

Previous HomeNetworking01.info coverage on Wi-Fi EasyMesh

Wi-Fi defines a new standard for distributed wireless netowrks

My Comments

Typically Australian telcos and ISPs who supply a modem-router to their customers as part of providing Internet service are associated with supplying substandard hardware that doesn’t honour current home-network expectations.

This time, Telstra has broken the mould with their Smart Modem Generation 2 modem router and the Smart Booster Generation 2 range extender. Here, these devices support Wi-Fi EasyMesh so they can work with other routers or range extenders that are compliant to this standard.

At the moment, the Smart Modem can handle 4 of the range extenders and Telstra’s marketing collateral specifies that these devices can only work with each other. This is most likely due to the inexistence of routers or range extenders from other suppliers that work to this standard when the Smart Modem Generation 2 and Smart Booster Generation 2 were released.

The media release was talking of 450,000 Generation 2 Smart Modems in service around Australia, most likely due to NBN providing an excuse to upgrade one’s modem-router. As I said in my post about this standard, it is independent of the hardware base that the Wi-Fi infrastructure devices have thus allowing an extant device to benefit from this technology through a firmware upgrade.

Here, Telstra has taken the step of providing the functionality to the existing Generation 2 Smart Modem fleet by offering it as part of a firmware upgrade as what should happen with carrier-supplied network equipment. This will be done in an automatic manner on an overnight basis or when you first connect your modem to the Internet service.

This is showing that a telco or ISP doesn’t need to reinvent the wheel when offering a distributed-Wi-Fi setup. Here, they can have their carrier-supplied Wi-Fi EasyMesh-compliant modem router work with third-party EasyMesh-compliant repeaters that are suited for the job.,

Send to Kindle

AVM earns Connect awards for their routers

Article – From the horse’s mouth

AVM FRITZ!Box 3490 - Press photo courtesy AVM

AVM earns more industry recognition for their Fritz!Box devices

AVM

AVM is delighted to win two Connect awards (Press Release)

My Comments

AVM has just earned two Connect awards for their German-designed home-network technology.

The first of these was for the Fritz!Box routers and mesh setup. No wonder they would earn industry recognition for their home-network products especially since they were the first company to break the mould regarding home-network routers by supplying self-updating firmware.

The issue of self-updating firmware became very important due to the fact that most of us aren’t updating our home-network router’s firmware regularly and it was a security hole. This is thanks to the “out-of-the-box” software coming with bugs and weaknesses that can be exploited by hackers against the typical home network.

Another step in the right direction was to implement distributed-wireless networking through a free software update rather than requiring customers to replace their AVM home-network devices. This was about providing a function update to the Fritz!Box modem router’s FritzOS firmware to open up this functionality. There was even the ability to roll out the functionality to Fritz!WLAN Repeaters and Fritz!Powerline access points to bring on the simplified distributed-wireless functionality to them all. It also applied to some recent-model Fritz!Box modem routers to cater for the reality that an older router can be “pushed down” to be an access point while the new router works as the edge of your home network.

But they also earned awards for their IP-based telephony equipment which was considered important as European telcos are moving towards IP-based telephony and away from the traditional telephone system. One of the products was a CAT-iQ DECT cordless handset that worked with their Fritz!Box modem routers that had DECT hase-station functionality for VoIP telephony. This had abilities similar to what you would expect of a mobile phone of the “feature phone” class.

What is being shown here is that the European companies are coming through on functionality innovation when it comes to the home-network “edge” router or infrastructure devices for your home network.

Send to Kindle

The UK to mandate security standards for home network routers and smart devices

Articles UK Flag

UK mulls security warnings for smart home devices | Engadget

New UK Laws to Make Broadband Routers and IoT Kit More Secure | ISP Review

From the horse’s mouth

UK Government – Department of Digital, Culture, Media and Sport

Plans announced to introduce new laws for internet connected devices (Press Release}

My Comments

A common issue that is being continually raised through the IT security circles is the lack of security associated with network-infrastructure devices and dedicated-function devices. This is more so with devices that are targeted at households or small businesses.

Typical issues include use of simple default user credentials which are rarely changed by the end-user once the device is commissioned and the ability to slip malware on to this class of device. This led to situations like the Mirai botnet used for distributed denial-of-service attacks along with a recent Russia-sponsored malware attack involving home-network routers.

Various government bodies aren’t letting industry handle this issue themselves and are using secondary legislation or mandated standards to enforce the availability of devices that are “secure by design”. This is in addition to technology standards bodies like Z-Wave who stand behind logo-driven standards using their clout to enforce a secure-by-design approach.

Netgear DG834G ADSL2 wireless router

Home-network routers will soon be required to have a cybersecurity-compliance label to be sold in the UK

The German federal government took a step towards having home-network routers “secure by design”. This is by having the BSI who are the country’s federal office for information security determine the TR-03148 secure-design standard for this class of device.  This addresses minimum standards for Wi-Fi network segments, the device management account and user experience, along with software quality control for the device’s firmware.

Similarly, the European Union have started on the legal framework for a “secure-by-design” certification approach, perhaps with what the press describe as an analogy to the “traffic-light” labelling on food and drink packaging to indicate nutritional value. It is based on their GDPR data-security and user-privacy efforts and both the German and European efforts are underscoring the European concern about data security and user privacy thanks to the existence of police states within Europe through the 20th century.

Amazon Echo on kitchen bench press photo courtesy of Amazon USA

… as will smart-home devices like the Amazon Echo

But the UK government have taken their own steps towards mandating home-network devices be designed for security. It will use their consumer-protection and trading-standards laws to have a security-rating label on these devices, with a long-term view of making these labels mandatory. It is in a similar vein to various product-labelling requirements for other consumer goods to denote factors like energy or water consumption or functionality abilities.

Here, the device will be have requirements like proper credential management for user and management credentials; proper software quality and integrity control including update and end-of-support policies; simplified setup and maintenance procedures; and the ability to remove personal data from the device or reset it to a known state such as when the customer relinquishes the device.

Other countries may use their trading-standards laws in this same vein to enforce a secure-by-design approach for dedicated-function devices sold to consumers and small businesses. It may also be part of various data-security and user-privacy remits that various jurisdictions will be pursuing.

The emphasis on having proper software quality and integrity requirements as part of a secure-by-design approach for modem routers, smart TVs and “smart-home” devices is something I value. This is due to the fact that a bug in the device’s firmware could make it vulnerable to a security exploit. As well, it will also encourage the ability to have these devices work with highly-optimised firmware and implement newer requirements effectively.

At least more countries are taking a step towards proper cybersecurity requirements for devices sold to households and small businesses by using labels and trading-standards requirements for this purpose.

Send to Kindle

The successor to the Freebox Révolution has arrived in France

Articles Freebox Delta press photo courtesy of Iliad (Free.fr)

Xavier Niel unveils new Freebox with Alexa, Devialet, Sigfox, Netflix | TechCrunch

French Language / Langue française

Free annonce ses nouvelles Freebox : la Freebox Delta et la Freebox One | FreeNews

Freebox One : pour les accros à Netflix (et c’est tout) | ZDNet.fr

Freebox Delta : voici la box qui doit sauver Free | ZDNet.fr

From the horse’s mouth

Free.fr (French Language / Langue française)

Freebox Delta (Press Release / Communiqué de presse – PDF)

Freebox One (Press Release / Communiqué de presse – PDF)

My Comments

While the “gilets jaunes” were protesting about the cost of living in France, Free.fr had just launched a long-awaited successor to the Freebox Révolution modem-router and media player setup.

The Freebox Révolution was a device symbolic of the highly-competitive telecommunications and Internet-service market that exists in France. It is a xDSL modem-router with an Ethernet connection and a NAS that is also a DLNA-compliant media server. It works with a set-top media player that has an integrated PVR and Blu-Ray player. But over the years, these units took on new functionality that was extraordinary for carrier-provided equipment such as VPN endpoint and Apple AirPlay functionality. Infact I saw it as a benchmark for devices supplied by telcos and ISPs for Internet access when it came to functionality.

Here, there are two systems – one called the Freebox Delta which is positioned at the premium end of the market, and the other called the Freebox One which is positioned as an entry-level offering.

The Freebox Delta has a server unit which combines a modem-router and a NAS that is equivalent to a baseline 4-bay standalone NAS. The WAN (Internet) side can work with a 10Gb fibre connection, an xDSL connection or a 4G mobile broadband connection. But it is the first modem-router that can aggregate the bandwidth of an xDSL connection and a 4G mobile broadband connection for increased throughput.

On the LAN side, there is a Wi-Fi 5 (802.11ac) connection working across three bands and implementing MU-MIMO wireless connectivity. It is in conjunction with an integral four-port Gigabit Ethernet switch. There is the ability to link to the Freebox Delta Player in another room using the FreePlugs which are Gigabit HomePlug AV2 adaptors that Free.fr provides but these are actually network adaptors that use the USB-C peripheral connection approach.

The VoIP functionality that any “box” service offered by the French carriers provides has an RJ11 endpoint for a telephone as well as a DECT base station. There is a USB-C connection along with NFC support.

But Free.fr are even having the Freebox Delta as part of a home-automation system by providing hardware and software support for home-automation hub functionality. It is thanks to Free’s partnership with the Sigfox smart-home software platform. This is based around Zigbee technology with Free.fr and others supplying “smart-home” devices complying with this technology.

The Freebox Delta Player is effectively a connected speaker made by Devialet, a French hi-fi name of respect when it comes to speaker.  But it is a soundbar that uses 6 drivers to yield effectively a 5.1 surround-sound experience.

It works with a French-based voice-driven home assistant (OK Freebox) that handles basic commands but can work with Amazon Alexa which gives it access to the Amazon Alexa Skills library. This is achieved through a four-microphone array and is another way for a European company to effectively answer Silicon Valley in the field of voice-driven assistant platforms.

It can yield pictures to the 4K HDR 10 standard using an HDMI 2.1 socket compliant with the HDCP 2.2 standard and supporting eARC audio transfer that allows for best use with 4K UHD TVs. There is also a DVB-T2 tuner for over-the-air digital TV. You can control the Freebox Delta Player using a wirelessly-charged touchscreen remote which charges on a Qi-compliant wireless charging plate integrated in this media player. Let’s not forget that this device is up-to-date by implementing USB-C peripheral connectivity for two peripherals.

The Freebox Delta will cost EUR€480 to buy, with payment options of  EUR€120 per month over 4 months, EUR€10 per month over 48 months or the full upfront price being paid. The service will cost at least EUR€49.99 per month.

Freebox One press picture courtesy of Iliad (Free.fr)

Freebox One – the entry-level solution

The Freebox One is an entry level single-piece multimedia player and modem-router unit. This will have a Gigabit Fibre and xDSL connectivity on the WAN (Internet) side and Wi-Fi 5 (802.11ac) and four Gigabit Ethernet ports on the LAN side. There will be the DECT VoIP base for the telephony function along with a DVB-T connection for digital TV. It can work with 4K HDR 10 via an HDMI 2.1 (HDCP 2.2 compliant) port for your 4K UHDTV.

It has a front-panel display that is similar to the previous generation of Freebox systems.  You can get this device for EUR€29.99 per month for first year, EUR€39.99 per month as a Freebox hardware-and-services package of the kind you get in France.

With both Freebox systems, I would expect that Free.fr will regularly release new firmware that will add extra functionality to these devices over the years. When you get these “boxes”, you will find that there is more of an incentive to visit the “mis à jour” part of the user interface and frequently update their software.

By offering the Freebox Delta for sale rather tied with a multiple-play service package, Free.fr wants to be able to sell this unit as a device you can use with other services. This means that they can put themselves on the same footing as AVM by being another Continental-European source of highly-capable always-updated consumer premises equipment for your home network.

But what needs to happen is for the European consumer IT firms to create hardware and software platforms that can effectively answer what Silicon Valley has to offer. Who knows which European companies will end up as the “Airbus” or “Arianespace” of consumer and small-business IT?

Send to Kindle

Germany to set a minimum security standard for home-network routers

Article

Telstra Gateway Frontier modem router press picture courtesy of Telstra

Germany has defined a minimum standard for secure broadband router design

Germany proposes router security guidelines | ZDNet

From the horse’s mouth

BSI (German Federal Office for Information Security)

TR-03148 Secure Broadband Router 1.0 (PDF)

My Comments

It is being identified that network connectivity devices and devices that are part of the Internet-Of-Things are being considered the weakest point of the secure Internet ecosystem. This is due to issues like security not being factored in to the device’s design along with improper software quality assurance when it comes to the devices’ firmware.

The first major incident that brought this issue to the fore was the Mirai botnet attack on some Websites and dynamic-DNS servers through the use of compromised firmware installed in network videosurveillance cameras. Recently in 2016, a similar Mirai-style attack attempt was launched by the “BestBuy” hacker involving home-network routers built by Zyxel and Speedport.There was a large installed base of these routers because they were provided as standard customer-premises equipment by Deutsche Telekom in Germany. But the attempt failed due to buggy software and the routers crashed.

Now the BSI who are Germany’s federal information-security government department have taken steps towards a baseline set of guidelines concerning security-by-design for these home-network routers. It addresses both the Internet-based attacker sithation and the local-network-based attacker situation such as a computer running malware.

Key requirements

Wi-Fi segments

There are requirements concerning the LAN-side private and guest Wi-Fi segments created by these devices. They have to work using WPA2 or newer standards as the default security standard and the default ESSIDs (wireless network names) and Wi-Fi passphrases can’t relate to the router itself like its make or model or any interface’s MAC address.

As well, guest Wi-Fi and community / hotspot Wi-Fi have to be treated as distinct separate logical networks on the LAN side and they have to be “fenced off” from each other. They will still have access to the WAN interfaces which will be the Internet service. The standard doesn’t address whether these networks should implement client-device isolation because there may be setups involving a requirement to discover printers or multimedia devices on these networks using client software.

Router management

The passwords for the management account or the Wi-Fi segment passphrases have to be tested against a password-strength algorithm when a user defines a new password. This would be to indicate how strong they are, perhaps through a traffic-light indicator. The minimum requirement for a strong password would be to have at least eight characters with at least 2 each of uppercase, lowercase, number and special characters.

For the management account, there has to be a log of all login attempts along with lockout-type algorithms to deter brute-force password attacks. It would be similar to a code-protected car radio that imposes a time delay if the wrong passcode is entered in the radio. There will be an expectation to have session-specific security measures like a session timeout if you don’t interact with the management page for a certain amount of time.

Other requirements for device management will include that the device management Webpage be only accessible from the main home network represented by the primary private Wi-Fi segment or the Ethernet segment. As well, there can’t be any undocumented “backdoor” accounts on the router when it is delivered to the customer.

Firmware updating

But the BSI TR-03148 Secure Broadband Router guidelines also addresses that sore point associated with router firmware. They address the issue of updating your router with the latest firmware whether through an online update or a file you download to your regular computer and upload to the router.

But it is preferred that automatic online updates take place regarding security-related updates. This will most likely extend to other “point releases” which address software quality or device performance. Of course, the end-user will need to manually update major versions of the firmware, usually where new functionality or major user-interface changes take place.

The router manufacturer will be required to rectify newly-discovered high-severity security exploits without undue delay once they are notified. Here, the end users will be notified about these software updates through the manufacturer’s own public-facing Website or the router’s management page.

Like with most regular-computer and mobile operating systems, the use of software signatures will be required to authenticate new and updated firmware. Users could install unsigned firmware like the open-source highly-functional firmware of the OpenWRT kind but they will need to be warned about the deployment of unsigned firmware on their devices as part of the deployment process. The ability to use unsigned firmware was an issue raised by the “computer geek” community who liked to tinker with and “soup up” their network hardware.

Users will also need to be notified when a manufacturer ceases to provide firmware-update support for their router model. But this can hang the end-user high and dry especially if there are newly-discovered weaknesses in the firmware after the manufacturer ceases to provide that software support.

The standard also places support for an “anti-bricking” arrangement where redundant on-device storage of prior firmware can exist. This is to avoid the router from “bricking” or irreversibly failing if downloaded firmware comes with software or file errors.

Other issues that need to be addressed

There are still some issues regarding this standard and other secure-by-design mandates.

One of these is whether there is a minimum length of time for a device manufacturer to continue providing security and software-quality firmware updates for a router model or series after it is superseded. This is because of risks like us purchasing equipment that has just been superseded typically to take advantage of lower prices,  or us keeping a router in service for as long as possible. This may be of concern especially if a new generation of equipment is being released rather than a model that was given a software-compatible hardware refresh.

Solutions that could be used include open-sourcing the firmware like what was done with the Linksys WRT-54G or establishing a known-to-be-good baseline firmware source for these devices while continuing to rectify exploits that are discovered in that firmware.

Another is the existence of a logo-driven “secure-by-design” campaign directed at retailers and the general public in order to encourage us to buy or specify routers that are compliant to this standard.

An issue that needs to be raised is whether to require that the modem routers or Internet-gateways supplied as standard customer-premises-equipment by German ISPs and telcos have a “secure-by-design” requirement. This is more of an issue with Internet service provided to the average household where these customers are not likely to fuss about anything beyond getting Internet connectivity.

Conclusion

The BSI will definitely exert market clout through Europe, if not just the German-speaking countries when it comes to the issue of a home network that is “secure by design”. Although the European Union has taken some action about the Internet Of Things and a secure-by-design approach, they could have the power to make these guidelines a market requirement for equipment sold in to the European, Middle Eastern and African areas.

It could also be seen by other IT bodies as an expected minimum for proper router design for home, SOHO and SME routers. Even ISPs or telcos may see it as an obligation to their customers to use this standard when it comes to specifying customer-premises equipment that is supplied to the end user.

At least the issue of “secured by design” is being continually raised regarding home-network infrastructure and the Internet Of Things to harden these devices and prevent them from being roped in to the next Mirai-style botnet.

Send to Kindle

SAT-IP technology to extend to terrestrial and cable TV setups

Article – From the horse’s mouth

Broadcast-LAN setup

This could become the way to distribute cable and terrestrial TV around the home in Europe

AVM

SAT>IP — what is it? (Blog Post relating to DVB-C broadcast-LAN abilities in some AVM FritzBox cable modem routers)

My Comments

In Europe, SAT-IP, properly spelt SAT>IP, has been established as a broadcast-LAN standard for satellite-TV setups. This implements a satellite broadcast-LAN tuner that connects between the satellite dish and your home network, whereupon a a compatible TV or set-top box or a computing device running compatible software “tunes in” and picks up the satellite broadcast.

Lenovo Yoga Tab Android tablet

A mobile-platform tablet running a SAT-IP client could end up serving as a portable TV for a cable or terrestrial TV setup

At the moment, Panasonic smart TVs pitched to the European market can work with a SAT-IP setup, with Loewe rolling this feature in to their models, but there is a wide range of software including VLC that can work with this setup along with a significant number of set-top boxes.

But this technology is being taken further by extending it to terrestrial and cable TV setups, especially in Germany which has a infrastructure-agnostic policy regarding the distribution of free-to-air and pay TV. That is you could watch Tatort on Das Erste in that country no matter whether you are using the traditional TV antenna, a cable-TV infrastructure or a satellite dish. Some online resources in that country even use the name TV-IP or TV>IP to describe this all-encompassing approach.

Dell Inspiron 13 7000 2-in-1 Intel 8th Generation CPU at QT Melbourne hotel - presentation mode

.. as could one of these Windows-based 2-in-1 convertibles

There is still the issue with rented properties and most multi-family developments where there is only one point of entry for the cable-TV service and it becomes more of a hassle to add extra cable-TV outlets around the premises for extra sets. There is also the fact that most of us are using laptops, tablets and smartphones in lieu of the portable TV for doing things like watching “guilty-pleasure” TV around the home.

AVM are releasing Fritz!OS 7 firmware for their Fritz!Box 6490 Cable and Fritz!Box 6590 Cable modem routers that provides a SAT-IP server functionality to extend these devices’ broadcast-LAN abilities, initially facilitated using DLNA. They also are rolling this function to the Fritz!WLAN Repeater DVB-C which is another broadcast-LAN device for cable TV in addition to a Wi-FI repeater.

Once updated, these Fritz!Box cable modem routers and the Fritz!WLAN Repeater DVB-C will present the DVB-C cable-TV and radio signals to any SAT-IP client device or software as if you are using a SAT-IP satellite broadcast-LAN device. I also see this working with those SMATV (shared satellite dish) setups for larger building that repackage satellite TV and terrestrial TV channels as DVB-C-compatible cable-TV channels.

I wouldn’t put it past other broadcast-LAN vendors courting the European market to have their non-satellite devices become SAT-IP servers. But also what needs to happen is that more TV manufacturers to implement SAT-IP-based technologies “out of the box” across their product ranges.

It could appeal to a hassle-free approach to TV-location approach where you have a single entry point for your TV aerial, cable-TV service or satellite dish but you use your home network, be it Wi-Fi 5/6 (802.11ac/ax), HomePlug AV2 or Ethernet, and a SAT-IP compatible broadcast-LAN box to permit you to relocate your TV or add more sets as you please. This is without having to call in a TV-aerial technician to install extra sockets or get the landlord to assent to their installation.

Another factor that would drive SAT-IP or TV-IP further would be to build support for it in to games consoles and similar devices that are expected to be single-box multimedia terminals. Think of devices like the XBox One, PS4, Apple TV and the like, or regular computers running their native operating systems.

But it may be seen as a big ask unless this technology is implemented beyond continental Europe. This is due to the common tech attitude that if a technology isn’t implemented beyond a particular geographic area or isn’t implemented in the USA, it will miss the boat for native operating-system support.

Send to Kindle