Tag: firmware update

Article – French language / Langue Française

A firmware update will give WPA3 Wi-Fi security to the Freebox Révolution and newer Freebox devices

Mise à jour du Freebox Server (Révolution/mini/One/Delta/Pop) 4.2.0 | Freebox.fr Blog

My Comments

Free.fr have pushed forward the idea of using a firmware update to deliver the WPA3 Wi-Fi network security standard to recent Freebox Server modem-routers that are part of their Freebox Internet service packages.

This is part of the FreeOS 4.2.0 major firmware update which also improves Wi-Fi network stability; implements QR-based device enrolment for the Wi-Fi network along with profile-driven parental control. It will apply to the Freebox Révolution which I see as the poster child of a highly-competitive French Internet service market and descendent devices like the mini, one, Delta and Pop.

The WPA3 functionality will be configured to work in WPA2+WPA3 compatibility mode to cater for extant WPA2 client devices that exist on the home network. This is because most home-network devices like printers or Internet radios won’t even have the ability to be updated to work with WPA3-secured networks.

At the moment, Free is rolling out updates to their mobile apps to support WPA3 on the mobile operating systems. It is most likely until Google, Apple and mobile-phone vendors offer WPA3 “out-of-the-box” with their smartphone and tablet platforms.

What I like of Free’s software-driven approach is that there is no need to replace the modem-router to have your network implement WPA3 Wi-Fi network security. It is very similar to what AVM did to enable distributed Wi-Fi functionality in a significant number of their FritzBox routers and other devices in their existing home-network product range where this function was part of a firmware upgrade.

It is avoiding the need for customers to purchase new hardware if they need to move to WPA3 network security and I would see this as a significant trend regarding European-designed home-network hardware where newer network capabilities are just a firmware update away.

Previous HomeNetworking01.info coverage

The Sonos debacle has raised questions about our personal tech’s life cycle

My Comments

In January, Sonos introduced the “Recycle Mode” which effectively disabled your Sonos network-multiroom-audio device after a certain number of days. It was seen as a way to detach the device from your Sonos-based network-multiroom-audio setup and wipe all of your data out of the device when you relinquish it to an e-waste recycling facility.

It was part of them establishing an end-of-feature-support rule for their older devices made prior to 2015 due to newer faster processing silicon in the newer devices. That is where older devices will only receive software-quality updates and won’t benefit from any newer functionality that Sonos releases.

But there is a reality with this kind of equipment where it is effectively “pushed down” to secondary areas as a way to build out that Sonos audio setup. As well, people do give the equipment away to family, friends and community organisations they are a part of, or sell the equipment through the second-hand market where those of us “putting our foot in the Sonos door” may buy this equipment at a cheaper price.

The social-media users were concerned about the use of that “Recycle Mode” which disabled the Sonos equipment due to it not being available for giving away or selling to the second-hand market. Sonos have answered this issue by removing the “Recycle Mode” and requiring users who are done with a particular piece of Sonos equipment to perform a factory-reset procedure (Sonos instructions) on that unit.

It is a procedure you may do if the equipment is faulty and you want to bring it to a “known quantity” as part of troubleshooting it. But performing this procedure before you relinquish the equipment effectively detaches it from your Sonos account and multi-room audio system while removing any personal configuration data from it including parameters associated with your home network.

They still have to address the issue of a Sonos audio setup consisting of legacy and newer equipment and what happens when newer features come out. The problem still raised is the fact that older equipment would preclude modern equipment from receiving functionality updates. It is although a Sonos multiroom setup will benefit from software-quality updates even if it cannot receive functionality updates.

As well, they would need to address what happens when an online media service revises their software links that enable access to their service via consumer-electronics devices. Would a software update to accommodate this revision be considered a feature-update or a software-quality update whether the result is to provide the same functionality as before or accommodate the service’s new features?

What is being called out is how a high-value network-media device with an expectedly-long service life should he maintained through its service life. It includes how long should it be supported for and what should happen towards its end-of-support time.

If you are running a recent NETGEAR router, make sure its firmware is up to date

Article

Netgear Patches Its Router’s Security Holes, Download Your Updated Firmware Today | Lifehacker

From the horse’s mouth

NETGEAR

Original Security Advisory

Models affected

My Comments

NETGEAR had faced a serious problem with some of its recent-model routers due to a security exploit in the firmware that drives these network-Internet “edge” devices. Previous coverage about this issue had required you to use another router for your home network to stay secure.

This has had NETGEAR rush out firmware updates for each of these affected routers in order to mitigate the recently-discovered security exploit.

A problem that besets most of the commonly-available home-network bardware is that firmware updating requires you to visit the manufacturer’s site, download the firmware as a special file package for your device, then upload that package to your device via its Web-based management interface. This can daunt some computer users who haven’t much experience with these kind of hardware maintenance tasks.

Personally, I would like to see steps taken to support automatic firmware upgrades such as what AVM are doing with their Fritz!Box devices, or at least the ability to click on a button in the management interface to start the download and update process for the device’s firmware. This is a practice that is being implemented in most of the European-made modem routers, along with most consumer-electronics devices like Smart TVs and set-top video peripherals.

There is also the issue of protecting the update files so that you aren’t installing malware on your device and it may involve processes like authenticity checks for software delivered as part of a firmware update or functionality add-on.

The update procedure

The update procedure will require you to download the updated firmware package using your regular desktop or laptop computer. Here, they recommend that you connect your regular computer directly to the router using an Ethernet cable if you can do so for the download and update process to be sure that this process works reliably.

Follow the link listed in this article to the NETGEAR-hosted support page for your router’s model. You will see the link for the firmware package you need to download. Here, you download that firmware package to your “downloads” folder.

Then, once you have downloaded the firmware from the NETGEAR site, you log in to your router’s management page from that same computer using your favourite Web browser. For these routers, the URL is http://www.routerlogin.net. Subsequently, you have to visit the ADVANCED tab, then the Administration option, then the Firmware Upgrade option.

In that screen, you click the Browse button, which will pop up a file-system dialog box where you have to find the firmware file that you downloaded in your “downloads” folder. Once you have selected the firmware file, click the Upload button to transfer the firmware to your router, whereupon it will commence the updating process. Leave the router alone during this process so as not to interrupt this critical process. You will see a progress bar to indicate how the upgrade is progressing.

Once this update procedure is done, a good practice would be to regularly visit NETGEAR’s support pages for your particular router and check for newer firmware on a regular basis. Then, if there is newer firmware available for your device, update it following the instructions on their Website or the general instructions listed in this article.

Conclusion

The increased awareness by industry and computer media regarding software quality and data security for dedicated-purpose devices connected to the Internet along with consumer / small-business network-infrastructure devices is going to make companies who design these devices or the software that runs them wake up regarding these issues.

Article

The security of network connectivity equipment is now in question thanks to the Krebs On Security DDoS attack

The EU’s latest idea to secure the Internet of Things? Sticky labels | Naked Security Blog

My Comments

The European Commission wants to push forward with a set of minimum standards for data security especially in context with “dedicated-function” devices including the “Internet Of Things” or “Internet Of Everything”. This also includes a simplified consumer-facing product-label system along with a customer-education program very similar to what has taken place in most countries concerning the energy efficiency of the appliances or the nutritional value of the foodstuffs we purchase.

This issue has been driven by a recent cyber attack on the Krebs On Security blog where the “Mirai” botnet was used to overload that security blog, the latest in a string of many attacks that were inflicted against data-security journalist Brian Krebs. But this botnet was hosted not on regular computers that were running malware downloaded from questionable Internet sites, nor was it hosted on Web hosts that were serving small-time Websites running a popular content management system. It was based on poorly-secured “dedicated-function” devices like network-infrastructure devices, video-surveillance devices, printers and “Internet Of Things” devices that had their firmware meddled with.

… as could other Internet-Of-Things devices like these room thermostats

There will be issues that concern how we set network-enabled equipment up to operate securely along with the level of software maintenance that takes place for their firmware. A question always raised in this context is the setup or installation procedure that you perform when you first use these devices – whether this should be about a “default-for-security” procedure like requiring an administrator password of sufficient strength to be set before you can use the device.

But I also see another question concerning the “durables” class of equipment like refrigerators, televisions, building security and the like which is expected to be pushed on for a long time, typically past the time that a manufacturer would cease providing support for it. What needs to happen is an approach towards keeping the software maintained such as, perhaps, open-sourcing it or establishing a baseline software for that device.

Manufacturers could be researching ways to implement centralised simplified secure setup for consumer “Internet-Of-Things” devices along with maintaining the software that comes with these devices. This could be also about working on these issues with industry associations so that this kind of management can work industry-wide.

But the certification and distinct labelling requirement could be about enforcing secure-by-design approaches so that customers prefer hardware that has this quality. Similarly, a distinct label could be implemented to show that a device benefits from regular secure software maintenance so that it is protected against newer threats.

It usually just requires something to happen in a significant manner to be a wake-up call regarding computer and data security. But once a standard is worked out, it could answer the question of keeping “dedicated-purpose” computing devices secure.

Article

Now can be updated every Patch Tuesday

Hello XBox, Welcome To Patch Tuesday | Supersite For Windows

My Comments

Due to a very strong security reality, the IT industry ins pushing a requirement for companies who make dedicated-purpose devices like games consoles and network infrastructure devices to have a continual software-revision process.

This is involving a requirement to develop and deliver software updates and patches as soon as they are aware of any bugs and security exploits. The preferred installation for these updates is to have a totally hands-off approach that occurs whenever the device is connected to the Internet.

This is becoming more important not just to protect games software against piracy, but to protect users’ privacy especially as games consoles are being capable of working with cameras and microphones and being part of online-gaming ecosystems where players’ details are being hosted online or on the device’s secondary storage. Similarly these devices are being part of the online-entertainment and home-network ecosystem which gives them access network-connected devices and online services.

Microsoft has extended the approach they have with the Windows platform and brought the XBox One games console in to the software-update rhythm that is known as “Patch Tuesday”. This is where Microsoft delivers all the software updates and patches for the Windows platform on the second Tuesday of every month rather than on an ad-hoc pattern. It creates a level of predictability when it comes to keeping your computer’s operating software up-to-date and in most home and small-business setups, it is effectively a hands-off “blind update” but may require a computer to be restarted.

It is part of running XBox One on a Windows 10 codebase which will expose it to the same kind of vulnerabilities as a “regular” computer. As well, the XBox One will also end up being one of the platforms covered by Microsoft’s bug-bounty programs where computer users are paid to “smoke out” bugs in their computer software. This places importance on having operating software that is kept regularly patched and updated. It also shows that games consoles, like other computing devices can be vulnerable to bugs that can expose security weaknesses or can be vulnerable to “zero-day” security exploits that aren’t discovered by the software developer.

What could this eventually mean for software updating as far as games-consoles and similar devices go? This could put the pressure for manufacturers to develop a continual software-update rhythm including bug-bounty / vulnerability-reward programs and even push for longer software life cycles.

Article

Chromecast Audio Gets Hi-Res Audio, Synced Songs | Tom’s Guide

Chromecast Audio Is Now The Super Cheap Way To Wirelessly Fill Multiple Rooms With Music | Gizmodo

From the horse’s mouth

Google

Blog Post

My Comments

Those of us who own or are considering a Google Chromecast Audio device should apply the latest firmware update to this device. It will add two key functions to this device that will improve sound quality and useability.

If you connect a Google Chromecast Audio to one of the latest top-notch hi-fi amplifiers, you can let this amp rock when you feed the Chromecast “master-grade” (96kHz / 24-bit) FLAC files. You may be able to pick these files up from any “download-to-own” online-music store that courts audiophiles and offers the “master-grade” content.

As well, having multiple Chromecast Audio devices with this latest firmware can allow you to create a multiroom audio setup. Here, you use your Chrome extension program or Chromecast mobile app to create an ad-hoc synchronous playback setup involving one or more of these devices.

The low cost, typically of US$35, may make the Chromecast Audio appeal as a cheap option to connect a pair of active speakers, that 1980s-era “ghetto blaster” or a stereo system to your home network. It could even be seen as a “stocking-stuffer” gift that could earn its keep beyond the Christmas shopping season.

Article

HP adds protection against firmware attacks to enterprise printers | PC World

My Comments

An issue that has become a reality with dedicated-purpose devices like printers, network infrastructure hardware and the Internet Of Everything is making sure these devices run software that isn’t a threat to their users’ safety and security and the integrity of their users’ data.

Most device manufacturers tackle this through a regular software-update program but this requires users to download and deploy the newer firmware which is the software that runs these devices. It is also the same path where, in some cases, these devices acquire extra functionality. AVM, a German network-hardware manufacturer, took this further by providing automatic updating of their routers’ firmware so users don’t have to worry about making sure their router is up to date and secure.

But Hewlett-Packard have approached this issue from another angle by implementing watchdog procedures that make sure rogue software isn’t installed and running on their devices. Here, the printers implement a detection routine for unauthorised BIOS and firmware modifications in a similar manner to what is implemented with business-grade computers. This effort is based on their experience with developing regular computers including equipment pitched at business and government applications.

Here, when the printer validates the integrity of its BIOS during the start-up phase and loads a clean known-to-be-good copy of the BIOS if the software in the machine is compromised. Then, when the machine loads its firmware, it uses code-signing to verify the integrity of that firmware in a similar manner to what is done with most desktop and mobile operating systems. The firmware also implements an activity checker that identifies if memory operations are “against the grain” similar to well-bred endpoint-protection software. The watchdog software will cause the machine to restart from the known-to-be-good firmware if this happens.

Initially this functionality will be rolled out to this year’s LaserJet Enterprise printers and MFCs with any of the OfficeJet Enterprise X or LaserJet Enterprise machines made since 2011 being able to benefit from some of this functionality courtesy of a software update. There is a wish for this kind of functionality to trickle down to the consumer and small-business desktop printers that HP makes.

What I like of this is that HP has put forward the idea of continual software integrity checking in to embedded and dedicated devices. This isn’t a cure-all for security issues but has to be considered along with a continual software-update cycle. Personally these two mechanisms could be considered important for most dedicated-purpose device applications where compromised software can threaten personal safety, security or privacy; with the best example being Internet routers, modems and gateways.