Continuous attacks on routers and connected devices

In the last few months we have been flooded with reports about vulnerability and exploits on Internet connected devices such as routers, house automation devices (light switches), Point of Sale (POS) devices.

Let’s briefly review what has happened in this time:

 

AVM’s Fritz.Box

avm fritz

 

The sources in the media report that the patches that AVM, the producer of the routers delivered for all devices, were actually fixing another problem. The initial reports were mentioning that the vulnerability is related to remote access functionality in the router. Simply disabling it would have solved the problem, but the latest reports show that even without the remote control enabled, the routers are vulnerable. The only solution is to patch the devices with the latest firmware. Those who don’t know how to do this, must read the detailed instructions here (DE, EN).

 

Belkin

belkin

 

Belkin produces many products, but the house automation products (WeMo) and routers. The last vulnerability in the WeMo devices allows an attacker to overwrite the firmware and remote control the devices. The solution is not known at the moment, sources report that the only way to avoid an attack is either to shut down the device or to not allow access from the Internet.

 

Other routers: Asus, LinkSys, D-Link

Asus: allows attackers access to resources shared in the internal network

LinkSys: hit by the work TheMoon.

D-Link: allows unrestricted login through a backdoor

All these devices have known vulnerabilities and many of them are unpatched since months. A simple search in your favorite search engine after “<device> vulnerability” will give you hundreds or thousands of article about reports of vulnerabilities.

 

 

Solutions?

Not many, unfortunately.

The most obvious is to trigger a firmware update whenever possible and hope that the producer of the device has fixed the vulnerabilities.

If this is not the case, the mitigation of these risks is usually related to the access from the Internet, but not always. Whenever possible,  try to deactivate the remote access. Note that this doesn’t restrict in any way the functionality of the device, but it might restrict some of the functions. For example, some devices have mobile apps that remotely control the device. If such a configuration is done, these apps might not work anymore.

Some routers offer functionalities like Web server, FTP server, ActiveSync, iTunes sync, “Cloud Disk”, “Smart Access”, “Guest Access”, “Own Cloud”, “Media Streaming” and alike. All these have one thing in common: they allow access from the Internet via various protocols.

Whatever functionality your router has, if you are unsure what these functions do, just deactivate them.

 

Sorin Mustaca
IT Security Expert

 Thank you for reading this post on Avira TechblogFor latest news please follow us on FacebookTwitterGoogle+.

Kickstarter hacked, loses control over customer data

In an email with the subject “Important Kickstarter Security Notice“ sent to all customers, the CEO of  the company announced that on Wednesday, Feb 12, 2014, law enforcement officials contacted Kickstarter and alerted them that hackers had sought and gained unauthorized access to some of customers’ data.

kickstarter

How come that the law enforcement contacts the company to inform them about the breach? How did they find out that the company was hacked? I asked accountsecurity@kickstarter.com to provide more details. Let’s see if they reply.

Anyway, the good news is:

No credit card data of any kind was accessed by hackers. There is no evidence of unauthorized activity of any kind on your account.

The bad news is:

Accessed information included usernames, email addresses, mailing addresses, phone numbers, and encrypted passwords.

Make sure you change your password. If you used the same password and email address on other services, make sure you create a different password. Here you can learn how to make good passwords.

For more tips how to do this, check http://www.improve-your-security.org

 

Sorin Mustaca

IT Security Expert

Thank you for reading this post on Avira TechblogFor latest news please follow us on FacebookTwitterGoogle+.

Free Antivirus and Professional Security on Windows 8.1 receive the Virus Bulletin 100% award

Virus Bulletin has published the “VB 100% Comparative review on Windows 8.1” and we are happy to announce that Avira Free Antivirus and Avira Professional Security have received the Virus Bulletin 100% award.

vb100-freeav

 

There is not much to say about the results, except that they are flawless – 100% detection, 0 false positive and a very good 84% at the RAP test.

vb100

According to the VB, scanning was “pretty speedy for the most parts”, ”RAM use was low”, ”Detection was very strong as usual”.

Avira didn’t miss any VB100% award for the last few years.

Want to enjoy the flawless protection? Get your product today.

 

Sorin Mustaca

IT Security Expert

 Thank you for reading this post on Avira TechblogFor latest news please follow us on FacebookTwitterGoogle+.

Security tips to stay safe on Valentine’s Day

Tomorrow is Valentine’s Day, and many users, especially men, will be tempted to do some quick shopping or profile checking.

Fotolia (#57067202 - Heart defenses© Andrea Danti)

Here are a few tips to stay safe when you are in a hurry to shop, chat or research:

1. If a price is too good to be true, most of the time, it is not true

Cybercriminals are using social engineering in order to attract people with very good offers for many products. The offer is very diversified because most of the products don’t exist in most cases. The fraudsters just take the money and disappear. If you want to have a good price, get a Savings Advisor tool which also guarantees that the sellers are reliable.

2. Buy only from known shops

You don’t have time (and money) to waste and most of the time it is better to shop from a known shop than to risk to not receive the product or to receive something else. Now that most social networks have ads, it is even harder to filter what is reliable and what not. If you are not finding the right product in the known shops, consider some search, but in this case make sure you use a web filter. Avira has Web Protection integrated in all paid products which protects you from phishing and malware URLs.

3. Don’t fall for fake profiles

If you are just looking to meet someone you don’t know, don’t fall for profiles which post pictures with sexy (or naked) women or men. They are just fake accounts which either distribute malware or just redirect you to special portals which require a registration and/or a fee to join.

4. When researching about somebody, make sure you are looking at the right person

Let’s say that you just met someone and want to know more about her/him. Of course, the best place to start is Facebook or her/his favorite social network. Be sure that you are looking at the right person. If you don’t and engage a communication with her/him without being sure that you are talking to the right person, you might be reported as a stalker. And if you don’t communicate, you might buy the wrong present. ;)

5. Don’t share too much

Don’t share something which you wouldn’t show your mother. This applies to text, statuses , check-ins and pictures. The Internet never forgets: Everything you share will remain somewhere saved and will popup exactly when you expect less.

 

Sorin Mustaca

IT Security Expert

Thank you for reading this post on Avira TechblogFor latest news please follow us on FacebookTwitterGoogle+.

Did you know you can opt-out from Google’s targeted ads and tracking?

Google is generating most of its revenue with Advertisements.

On the settings page it says:

Ads enable free web services and content.

This might be true, but sometimes the ads are just annoying.

Here is what you can change in the way Google delivers ads and tracks your behavior on the web.

ads-google
(click to enlarge)

From this page, you can control what Google’s ad displays know about you.

This includes your gender, age, language, interests, as well as any advertiser campaigns you’ve blocked or interest-based ads of which you’ve opted out.

opt-out-ads

To opt out of Google’s interest-based ads, you must first manually remove all of the subjects listed, then click the Opt-Out link that appears. This is pretty annoying because Google generously sets all the values to “enable”.

example-interests-ads

 

To permanently opt out of Google’s DoubleClick cookie, which is Google’s main advertising cookie, you can install its DoubleClick opt-out add-on. Once installed, even if you clear all your cookies and restart your browser, it will prevent the DoubleClick cookie from being saved to your browser.

So, to conclude, it seems that the users have some kind of control. And after seeing this, things can only get better: there is a way to completely get out of the DoubleClick tracking. There is a closing statement from Google on that page:

Google adheres to advertising industry privacy standards. To learn about these standards, including how you can opt out of interest-based advertising from Google and other participating companies, visit our About Google Ads page. If you want to permanently opt out of the DoubleClick cookie, you can install the DoubleClick opt out extension.

 

Sorin Mustaca

IT Security Expert

Thank you for reading this post on Avira TechblogFor latest news please follow us on FacebookTwitterGoogle+.

February 11. is the “Safer Internet Day”

Safer Internet Day (SID) is organised by Insafe in February of each year to promote safer and more responsible use of online technology and mobile phones, especially amongst children and young people across the world.

Safer Internet Day 2014 is celebrated today, 11. February 2014. The strapline for the campaign is “Let’s create a better internet together”.

These days, cybercriminals aren’t only after our computers’ resources and our financial information. They can make a serious profit by hacking into our social media accounts. That’s why it’s important to know how to properly protect our online assets against them.

In order to make your day in the Internet safer, I offer only today the eBook “Improve Your Security” completely  free to download. Note that the book is written in English. Many of the chapters of the book have been translated in German and are available in Avira Techblog in German.

book
The book is split into five chapters:

- Accounts and Passwords

- Online Security

- Device Security

- Protect yourself against advertisements and tracking

and a chapter that provides security tips. The best thing about the last chapter is that the tips are formatted in a way that allows users to easily print them on paper. This can be highly useful, especially for less advanced users who are more accustomed to working with instructions printed on paper.

The even greater news is that this book is continuously updated since the threat landscape also changes constantly. In order to keep the pace with the threats, once registered with the LeanPub website, you get all updates of the books for free.

The next chapters which are going to be released soon are:

- Security Myths

- Guidance for parents and tutors in regard to online safety

 

The book has a dedicated website where I publish articles which later will become part of the book: http://www.improve-your-security.org.  If you subscribe to the RSS Feed, you will be able to benefit of the security tips even before they get moved in the book.

Start reading and improving your security today !

Have a Safer Internet Day!

 

Sorin Mustaca

IT Security Expert

Thank you for reading this post on Avira TechblogFor latest news please follow us on FacebookTwitterGoogle+.

Security warning for all FRITZ!Box users registered with the MyFRITZ! service

avm

AVM, the producer of the well-known home router FRITZ!Box, has issued a security advisory and contacted all users of the cloud service MyFRITZ! to warn them about a potential fraudulent use of telephone services connecting through FRITZ!Box routers.

avm-warning

 

(click to enlarge)

According to AVM, it appears that attackers are connecting to the router on the external interface and somehow get administrative access. Such an attack is only possible if the attacker knows the precise combination of e-mail address or FRITZ!Box username, FRITZ!Box IP address, and the passwords for remote access and the FRITZ!Box interface. All these are available in the MyFRITZ! cloud service. With this information, they are able to add an expensive VoIP provider and set it as default service for telephony. This way, any phone call made through the AVM router would be made through the expensive VoIP provider.

AVM says that it is possible that these attacks are linked to the theft of 16 million digital identities that was recently announced by the German Federal Office for Information Security (BSI).

AVM also advises users to change the password of the email address registered in the Push service.

Seeing this advice, I can’t stop thinking that it might be possible that the MyFRITZ! cloud service was hacked and the user data compromised. I guess we will know this after AVM finishes their investigations.

 

Here is how to make sure that you are not a victim and how to prevent to become one:

Checking telephony devices and deleting unknown IP telephones.

Delete any unknown IP telephones to make sure that the cannot be used to make make fraudulent calls:

  1. Click “Telephony” in the FRITZ!Box user interface.
  2. Click “Telephony Devices” in the “Telephony” menu.
  3. 3. You can recognize IP telephones because “LAN/WLAN” will be displayed in the “Connection” or “Port” column for that telephone. Click the corresponding “Delete” button to delete any IP telephones you are not familiar with.

sh1_en

Deleting call diversions to unknown telephone numbers and disabling call through

  1. Click “Telephony” in the FRITZ!Box user interface.
  2. Click “Call Handling” in the “Telephony” menu.
  3. Switch to the “Call Diversion” tab and delete all entries that divert calls to international numbers you are not familiar with.
  4. Switch to the “Call Through” tab and disable the option “Enable call through”.
  5. Click “Apply” to save your settings.

More details are available on the AVM website.

Sorin Mustaca

IT Security Expert

Thank you for reading this post on Avira TechblogFor latest news please follow us on FacebookTwitterGoogle+.

Avira Free Android Security wins perfect score from AV-TEST

Avira Free Android Security app earned a perfect score and a “Certified” rating from AV-TEST. Avira Free Android Security scored a perfect 13 out of 13 points in AV-TEST’s January 2014 Android Mobile Security Test, which reviewed 30 different products on their performance, detection rates, protection from malware and overall product usability.

thumb_cert_140123

Avira Free Android Security automatically scans the user’s mobile device for viruses, spyware, Trojans and other malware. Users can also block annoying contacts from calling or texting. Additionally, users can log into my.avira.com to remotely locate their device (via GPS, WiFi or cellular signal) on a map or make it ‘yell’ for attention if it goes missing (even if the ringer is turned off), and can remotely lock or wipe the device if it gets stolen.

This is a good reward for the hard work that is being done in the Avira labs. The multitude of samples increases every week and we see a significant amount of threats. Probably the most dangerous of these threats are the apps in the Security and Privacy Risk category which include the pay-per-SMS registration apps with recurring billing and the apps that send SMS to extra charge numbers.

But, there are other threats as well:

- Adware -> they throw all kind of ads in your browser

- Trojans -> silently steal data and send it to cybercriminals without you noticing anything untill is too late.

I personally recommend this app for any Android device, because you never know what apps are out there. I got used to see ” X scanned apps are safe” in the events .

 

android-app-safe

 

Download Avira Free Android at Google Play:  https://play.google.com/store/apps/details?id=com.avira.android&hl=en

Get details or download from the dedicated page: http://www.avira.com/en/avira-android-security

 

Sorin Mustaca

IT Security Expert

 

Thank you for reading this post on Avira TechblogFor latest news please follow us on FacebookTwitterGoogle+.

Avira Free Mac Security – Update 2 released

We released this week the Update 2 of the Avira Free Mac Security for Mac OS X 10.8 and 10.9.

Screen Shot 2014-01-08 at 11.08.53

This update adds a long awaited feature: turn real-time protection ON and OFF.

The functionality is available from the menu bar

tray

 

and the dock bar

 

programs

 

In order to protect your Mac better, it is required to have administrative rights in order to deactivate the real time protection.

Once you do that, the umbrella will be displayed as closed in all places.

tray-closed

prog-closed

 

Of course, we don’t recommend to do this!

On top of this, there have been many bug fixes, speed and usability improvements implemented (“Quick System scan” is faster).

Why don’t you give it a try?

 

 

Sorin Mustaca

Product Manager and IT Security Expert

 

 

Thank you for reading this post on Avira Techblog!

For latest news please follow us on Facebook, Twitter, Google+.

BSI launched a service to check if your online credentials were compromised

Germany’s Federal Office for Information Security (BSI) warns that cybercriminals have compromised around 16 million email addresses of online accounts. BSI launched a service to help users find out if their credentials have been stolen: https://www.sicherheitstest.bsi.de/ (in German)

bsi-check

After you submit, you see in a second window a code which is going to be present in the email that you might receive. If your email address is not present in the list of BSI, you will not receive any email.

bsi-check-after

 

No matter whether you understand German or not, all you need to do is to check the box on the top left corner, add your email in the field and then click on the blue button.
According to BSI, researchers and law enforcement agencies have determined that 16 million usernames (usually email addresses) and passwords have been compromised after analyzing botnets.

We know that many users use the same login information for multiple online services, despite the fact that we continuously warn that this is not a good practice. If you do this, then the first thing is to check if your email has been compromised using the above site. No matter if you get any results back or not, you should change the password for each service according to the advice we wrote here.

Avira is involved in the BSI initiative by providing the free second opinion scanner PC Cleaner.

If you wonder what does this have to do with the email address: the credentials were stolen by malware installed on the PC. This tool does nothing else than scan your computer and search for malware (any kind of malware, not only that responsible for stealing credentials).

 

 

Sorin Mustaca

IT Security Expert