This Week in Tech 673: The Prozac Dash Button

Reinventing Microsoft, Amazon’s push into healthcare, new Apple Maps, and more.

–Apple vs Samsung settled: our long international nightmare is over.
–A proposed US law has patent trolls jumping for joy.
–Amazon jumps into the healthcare business by buying online pharmacy PillPack.
–Foxcon’s new Wisconsin plant breaks ground.
–Yet another Facebook security breach, but this time a bug bounty program catches the leak.
–Twitter’s new Ad Transparency Center opens new avenues for journalists.
–The sky is falling in Fortnite.
–WPA3 could make Wi-Fi a lot more secure.
–California follows Europe down the data privacy road.
–Christina Warren knows all the Andromeda secrets, but she’s not talking.
–AOL Instant Messenger is reborn! –StumbleUpon is not. 😦

Advertisements

Critical WPS vulnerability discovered in Bell Canada Home Hub routers

By | Neowin

In recent years, Wi-Fi has gained attention mainly due to the increased speeds afforded by the 802.11n and 802.11ac specifications. This has seen a flurry of new hardware hit the market enticing owners of older 802.11a/b/g hardware to upgrade to the latest and greatest kit.

However, Wi-Fi has seen numerous security setbacks throughout its lifetime. WEP encryption, deployed as part of the earlier Wi-Fi standards, was later found to be less secure than thought. This prompted the development of WPA with TKIP encryption as an interim measure until a more robust solution could be ratified. Ultimately, WEP ended up being easily cracked in under sixty seconds with the right tools. TKIP was deprecated from the 2012 revision of the 802.11 standard as it was no longer considered to be secure.

As such, the standing recommendation for any new Wi-Fi network has been to use WPA2+AES to ensure maximum security against attacks of any nature.

Unfortunately, it seems as though owners of the Bell Canada Home Hub 1000 and 2000 series routers may be in for a rude surprise. According to an anonymous user on DSL Reports and SergeantAlPowell on Reddit, a vulnerability in WPS (Wi-Fi Protected Setup) has been discovered that can compromise networks that have been secured with WPA2+AES.

Despite WPS being disabled, it seems that these Home Hub routers continued to respond to WPS requests. Furthermore, a default PIN of “12345670” coaxed these routers into supplying the passphrase that could be used to connect to the corresponding Wi-Fi network.

It seems that Bell has released a patch for the vulnerability in the form of a silent update for these affected devices. However, Bell Canada has not officially acknowledged the existence of the security issue or its rectification in the firmware version history.

Source: Reddit | DSL Reports

Super-fast Wi-Fi is coming to a public hotspot near you

Wireless hotspots that can deliver hundreds of megabits per second in real-world bandwidth will become more common as operators increase their investments in Wi-Fi networks.

Not much has been announced, but a range of fixed, cable and mobile operators have already started or are planning upgrades to 802.11ac, the fastest Wi-Fi technology yet, according to market research company IHS. By this time next year a noticeable number of hotspots will use it, said research director Richard Webb, who is currently conducting a survey to pinpoint operator plans. Overall operator spending on Wi-Fi networks in 2015 is expected to increase by 88 percent year-on-year.

Networks based on 802.11ac are faster thanks to features such as MIMO (multiple-input multiple-output) and beamforming. The former uses multiple antennas at the same time to increase data speeds, while beamforming aims the signal at the user to improve performance.

British Telecom and Boingo Wireless have already started to upgrade. There is a drive towards 802.11ac as public venues upgrade and get more serious about the role of Wi-Fi in their networks, according to Boingo. It has upgraded hotspots at airports, while BT has focused on hotels. For example, London hotels Every Piccadilly and Amba Charing Cross offer expected speeds of 196Mbps and 175Mbps using BT technology, according to Hotelwifitest.com.

The actual speeds that users get depend on a number of factors, including distance to the access point, the number of users on the network, and the number of antennas in their smartphone, tablet or laptop.

Read More: Super-fast Wi-Fi is coming to a public hotspot near you | PCWorld.

Google launches Project Fi wireless service

If you’re an Android user, Google likely already manages your day: your email, your contacts, stories that are relevant to you, and even your fitness goals. Well, now it can be your wireless carrier, too (provided you use a Nexus 6).

After months of rumors, Google’s Project Fi is finally live. The search giant promises “fast speed in more places and better connections to Wi-Fi” by teaming up with Sprint and T-mobile to offer a wide swath of Wi-Fi and 4G LTE coverage. You can use Google’s handy search widget to see if the service is available in your area.

Basic plans cost $20 for unlimited calls and texts, plus $10 per GB for data. You have to specific how much data you want ahead of time (so, 4GB a month will cost you a total of $60), but Google has a twist: they’ll credit your bill for your unused data. There are no family plans available.

A phone with Project Fi will automatically connect to public, open Wi-Fi networks to make calls and transmit data. Google maintains a list of hotspots with robust and reliable connections. To secure your data, all transmissions over public Wi-Fi hotspots are encrypted.

Project Fi appears intended primarily for mobile coverage throughout the U.S., though there are international rates if you’re traveling overseas. These mirror T-Mobile’s offerings on post-paid plans: In 120 countries, you get free data (capped at 256kbps) and texts, while calls cost 20 cents a minute. There are also special rates for calling other countries from the US, which should bode well for those with family members spread throughout the world.

Read More: Google launches Project Fi wireless service.

Comcast slapped with class-action lawsuit for turning customers’ routers into public hotspots

Comcast’s controversial decision to transform its customers’ wireless routers into public Wi-Fi hotspots has, predictably, landed the company in even more hot water.

A pair of disgruntled customers recently filed a class-action lawsuit against the cable, television and Internet provider in San Francisco. Toyer Grear and Joycelyn Harris claim Comcast is exploiting them (and other Comcast subscribers) for profit by forcing customers’ residential routers to serve double-duty as public hotspots without their consent and at their expense.

On newer routers leased to customers by Comcast, the company has been adding a secondary Internet broadcast channel for hotspot use. This additional channel is said to be separate from customers’ primary connection. Those that provide their own hardware aren’t affected.

According to the suit, a test performed by networking technology company Speedify found that routers activated as public hotspots consume 30 to 40 percent more electricity under heavy load.

Over time, Speedify believes this practice will eventually push tens of millions of dollars per month of the electricity bill needed to run the Comcast’s public Wi-Fi network onto consumers.

The two also believe that subjecting customers’ Internet connections to public use is a detriment to security. What’s more, they claim to be suffering from decreased, inadequate speeds on their home Wi-Fi networks ever since the second channel was activated.

The suit seeks an injunction to stop Comcast from using the routers in this way in addition to unspecified damages.

via Comcast slapped with class-action lawsuit for turning customers’ routers into public hotspots – TechSpot.

What’s next for Wi-Fi? A second wave of 802.11ac devices, and then: 802.11ax

Now that blazing-fast routers based on the IEEE 802.11ac standard are finally entering the mainstream, intrepid engineers are busily cooking up all-new hardware that will make that gear’s performance seem quaint by comparison.

That’s not to say 802.11ac is about to fall by the wayside—after all, the IEEE didn’t officially ratify the standard until December 2013. It’s just that the chipsets capable of delivering all the features and performance in that standard are still in development.

You see, most of the first wave of 802.11ac routers were based on draft versions of the 802.11ac standard. While some newer routers, such as Netgear’s six-antenna Nighthawk X6, are implementing cool tricks to squeeze more performance from that technology, a second wave of 802.11ac routers will hit the beach in early 2015.

“Wave 2 802.11ac routers will deliver maximum physical link rates in the range of 7- to 10Gbps.”

These devices support a number of optional features in that standard that will deliver even higher wireless performance. At the same time, new and complementary wireless technologies designed for specialized applications will also appear.

But there’s no point in trying to cheat obsolescence by putting off your next router purchase: The industry is already hard at work developing the successor to 802.11ac. Let’s dive into what’s next for Wi-Fi.

The two-party system

The IEEE (Institute of Electrical and Electronics Engineers) defines Wi-Fi standards such as 802.11ac and the older 802.11n. The Wi-Fi Alliance (an association of companies that build wireless-networking devices) certifies that the hardware based on those standards will work together.

Wi-Fi Alliance certification is not a requirement (manufacturers must pay for the designation), but it can be reassuring to consumers, especially in the early days. That’s because the IEEE can take several years to finalize its standards (it started working on 802.11ac in 2008 and finished in late 2013). Manufacturers often don’t want to wait, so they’ll bring new products to market as soon as the ink dries on an early draft. Buffalo shipped the first 802.11ac router in 2012, but the Wi-Fi Alliance didn’t launch its first 802.11ac certification program until mid 2013.

SU-MIMO (single-user multiple input/multiple output) technology was one of the hallmarks of the older 802.11n standard. It allowed multiple spatial streams to be transmitted to a single client. This technology was carried over to the 802.11ac standard, which added a more-powerful modulation technique (among other things) to deliver a maximum physical link rate of 433Mbps per spatial stream.

IEEE logo

Since it can support up to three such streams simultaneously, a Wave 1 802.11ac router can send and receive data at a maximum physical link rate of 1.3Gbps. Compare that to 802.11n routers, which provide up to three spatial streams with maximum physical link rates of just 150Mbps each (for aggregate throughput of just 450Mbps).

Wave 2 802.11ac routers will arrive sometime in 2015. These devices will also operate on the less-crowded 5GHz frequency band, but they’ll take advantage of several optional elements of the 802.11ac standard: First, they’ll support a feature called MU-MIMO (multi-user multiple input/multiple output), which allows them to transmit multiple spatial streams to multiple clients simultaneously.

Qualcomm multi-user MIMO Qualcomm

This Qualcomm illustration compares single-user MIMO to multi-user MIMO with beamforming. (Qualcomm’s Vive product line supports MU-MIMO.)

Second, they’ll bond multiple channels on the 5GHz frequency band to create a single channel that provides 160MHz of bandwidth (Wave 1 802.11ac routers can also bond 5GHz channels, but the bonded channel is only 80MHz wide). Third, where 802.11n and Wave 1 802.11ac routers support a maximum of three spatial streams, Wave 2 802.11ac routers will potentially support up to eight spatial streams.

Using some combination of wider channels or additional spatial streams (there isn’t enough available bandwidth to do both), improved beamforming, and other techniques, Wave 2 802.11ac routers will deliver maximum physical link rates in the range of 7- to 10Gbps. Quantenna Communications announced its first Wave 2 802.11ac chipset last April.

Full Story: What’s next for Wi-Fi? A second wave of 802.11ac devices, and then: 802.11ax | PCWorld.

Free Wi-Fi networks in SF, San Jose enable seamless switching with Hotspot 2.0

San Francisco and San Jose are now at the cutting edge of another tech trend, and one that has nothing to do with smartwatches or social-media startups—not directly, at least.

The two cities have geared up their free public Wi-Fi networks so users can automatically get on both after going through a one-time security step on either network. The capability went live earlier this month and is being officially announced on Monday.

The cities are among the first Wi-Fi operators in the world to make their networks cooperate using the emerging Hotspot 2.0 standard. There’s one big limitation, in that their deployment only works with a list of Apple iOS 7 and OS X Mavericks devices for now, but they will broaden device support in the future.

Hotspot 2.0 is intended to make it as easy to move between Wi-Fi networks as it is to roam from one cellular carrier to another. The Wi-Fi Alliance is certifying Hotspot 2.0 devices and infrastructure under the name Passpoint.

Hotspot 2.0 is still being used mostly by service providers, such as Boingo Wireless and Time Warner Cable, across networks of hotspots that they control. But the two cities at either end of Silicon Valley operate totally independent networks. They’re pioneers in using a standard that eventually could allow all sorts of Wi-Fi hotspots to automatically give users secure connections.

Both cities’ networks have been easy to get on from the beginning. San Jose started turning on free Wi-Fi last year, and it now has more than 400 access points working there and at its airport two miles away. San Francisco lit up its Wi-Fi along a three-mile stretch of its central Market Street late last year. Users don’t have to give any information to use either network, just tap through a splash screen to agree to terms of service.

But while easy to use, the networks were also open and unencrypted. Both cities have now activated the Wi-Fi Alliance standard WPA2 Enterprise (Wi-Fi Protected Access) so visitors can choose to go onto Wi-Fi securely, with AES 256-bit encryption of their traffic. There’s still no sign-up process, but the network sets configurations on the user’s device so it can take advantage of WPA2. Along the way, each user is authenticated and authorized through a cloud-based service to use the network. From then on, whenever in range, the user’s device will automatically get on.

Full Story: Free Wi-Fi networks in SF, San Jose enable seamless switching with Hotspot 2.0 | PCWorld.

Intel Centrino Wi-Fi users still experiencing connectivity issues

Earlier this year a number of users reported disconnection errors with Intel’s Centrino 6230 / 6235 Wi-Fi adapters. The chip maker has since released a series of updates but it would seem the issue still persists and affected users are losing their patience waiting for a fix.

Neowin was the first to break the story back in April and since then, a number of users have contacted the publication noting their accounts on Intel’s forum have been deleted. Interestingly enough, even the original author’s messages and account have since been removed.

Most users experiencing the issue say their new laptop connects to their wireless network without issue for a few hours. After that, the connection will drop and trying to reconnect will often result in a message saying the wireless network doesn’t exist. Disabling then turning the Wi-Fi back on will usually reconnect a user but the same thing will happen again a couple of hours later.

Users say the issue is most apparent when download large files at high speeds or when playing multiplayer games.

One reader contacted the publication to offer up a response received from Intel. In it, the user was told Intel engineers are acutely aware of the problem and there are two upcoming software releases in the pipeline that should help alleviate the issues. The first is expected within the next couple of weeks with a follow-up scheduled for around six weeks from now.

Until then, the only fix appears to be to disable 802.11n mode which of course will have an impact on connection speeds.

via Intel Centrino Wi-Fi users still experiencing connectivity issues – TechSpot.

Researchers crack iOS-generated hotspot passwords in 24 seconds

If you’re an iPhone or iPad owner who uses hotspot mode but never bothered to change the seemingly-random password suggested by iOS, now is definitely a good time. German researchers have discovered (pdf) the passwords iOS issues can be easily predicted, allowing them to be cracked in as little as one minute using consumer hardware.

The algorithm iOS uses to generate hotspot keys takes a dictionary word, adds a couple of numbers and voila — an easily memorable password is born. The problem though, is despite the endless variety of words available in the English language, iOS draws its password inspiration from a narrow selection of just 1,842 words.

The second issue is certain words appear several times more frequently than other words. For example, out of nearly 2,000 words, “suave” had a 1-in-125 chance of being used. Meanwhile, “macaws” — the tenth most-likely word to be used — appeared 1-in-345 times. Knowing iOS’ preferred word selection allows brute force crackers to start with the most common ones first, further reducing the time needed.

A PC armed with a Radeon HD 6990 GPU was able to crack the average iPhone hotspot in 52 seconds while four Radeon HD 7970s yielded an average of just 24 seconds. GPUs are favored amongst crackers for their ability to perform massively parallell computations.

Although researchers revealed how easily an iOS-generated hotspot password can be brute forced, other exploits like attacking iOS’ PSK authentication method help to facilitate the process. Because handheld devices aren’t equipped with high-end GPUs, researchers even discussed offloading the computational work to a cloud-based service like CloudCracker for cracking hotspots on-the-go.

Of course, Apple doesn’t have a monopoly on devices with easily cracked hotspot passwords. Windows Phone and some Android handsets don’t fare much better.

Windows Phone, for example, auto-generates hotspot passwords consisting of eight numbers. This means you already know what the password could be, making Windows Phone susceptible to brute force attacks. More research may reveal an additional weakness though, which could narrow that selection of 10^8 possibilities down to something even more tractable.

Meanwhile, Android’s default password generator conjures sufficiently strong passwords, but some vendors have taken the liberty of greatly reducing its effectiveness. “Android-based models of the smartphone and tablet manufacturer HTC are even shipped with constant default passwords consisting of a static string (1234567890)” researchers noted.

When boiled down to its nuts and bolts though, the moral of this story is probably this: always create your own passwords, provided you follow some of the basic principles for creating strong ones.

via Researchers crack iOS-generated hotspot passwords in 24 seconds – TechSpot.