After a recent high profile media story highlighted how poor router security led to a police raid of the home of an innocent family, we take a look at how Wi-Fi piggybacking attacks against home and domestic targets, and VoIP hacking of businesses worldwide are growing threats.

What Happened?

It has been reported that in January this year during the lockdown, the family home of a couple and their two young children was unexpectedly raided by police. The shocked and frightened family could only look on as their desktop computer, two laptops (and a borrowed laptop), current (in-use) mobile phones and old mobile phones retrieved from drawers around the house were taken away by officers. The family found themselves with just a landline for communications, and under suspicion for a crime which, as it later transpired, they did not commit, and knew nothing about.

Work Laptop

To make matters worse, the father of the family was forced to tell his boss that the police required the decryption key to unlock his work laptop, thereby making him fear for his job.

Wi-Fi Accessed Due To Poor Router Security

When the devices, which the family were told had been taken for ‘evidence’, were finally returned two months later, it became clear that a mistake had been made because the family’s Wi-Fi connection had been used without their knowledge, and by an unknown party to upload illegal images to a chat site.

The evidence given to the police by the National Crime Agency which led to the raid, had suggested that the illegal uploading had come from the family’s IP address. In reality, the family had simply fallen victim to criminals piggybacking their insecure wireless connection. The weakness that had allowed the attack is believed to have been a weak/poor default password on their old router.

Router Danger

A recent Which? investigation looked at the security aspects of 13 models of (commonly used) old routers from companies such as Virgin, Sky, TalkTalk, EE, and Vodafone. It was discovered that 6 million users may have router models that have not been updated since 2018 at the latest, with some not being updated since as far back as 2016! The investigation discovered issues with more than half of all routers (of those surveyed).  This suggests that as many as 7.5 million users could have routers with security risks.

The main vulnerabilities threatening the security of business and home-user routers, which are often the same thing now with remote working, include weak default passwords that can be easily guessed by hackers, meaning that the router could be accessed remotely, from anywhere in the world. Local network vulnerabilities can also allow a cybercriminal to take control of a user’s device, see what a person is browsing, or even direct a user to malicious websites. A lack of recent updates to the Firmware of a router could also negatively affect a device’s performance, thereby affecting productivity, and leave outstanding security issues.

VoIP Systems Hacks on the Increase

Recent ‘Check Point’ research has also shown that there has been a big rise in cyber-fraud operations targeting VoIP phone systems worldwide. For example, a Gaza-based hacking group was found to be responsible targeting servers used by more than 1,200 organisations based across over 60 countries, with half of those targets being in the UK! What’s more, hackers worldwide are creating their own social media groups to share tips and know-how relating to VoIP phone system hacking and to organise and co-ordinate future attacks.

What To Do

Businesses can guard against router security threats by taking measures such as changing the username and password(s), ensuring that the router’s firmware up to date, changing the network name/SSID, stopping the Wi-Fi network name/SSID from being broadcast, enabling the router’s firewall, or simply opting for a router upgrade / a new, more secure router.

To guard against the threat of VoIP phone system hacks, businesses need to make sure that their security patch installation management systems and procedures are up to date, call billings are regularly analysed, there is clear and robust password policy in place, and that an intrusion prevention system is implemented.

In this article we take a look at what bandwidth is, ways to improve bandwidth, and we look at how bandwidth ‘throttling’ is used.

Bandwidth

Bandwidth refers to the maximum amount of data that can be transferred from one point to another over an internet connection in a given period of time. It is typically calculated and expressed in bits per second (bps) or megabits per second (Mbps).

The data that is transferred across the Internet is sent in the form of data ‘packets’, each containing a source and destination, and the content being transferred.  Networks with higher bandwidths are able to transfer larger numbers of data packets than connections with lower bandwidths.

Speed

Bandwidth is not the same as speed because while bandwidth refers to the amount of information received per second, speed refers to how fast that information is received or downloaded.

Latency

The latency/delay/ping rate is the time lag that users experience while waiting for something to load (e.g. web pages). Even if plenty of bandwidth is available, reducing latency will improve the speed at which data packets move across the network.

Not all data makes it through to its destination. Taking bandwidth as the maximum that could get through, the ‘throughput’ refers to how much actually makes it to the destination. Some data can be prevented from doing so due to factors such as packet loss caused by errors in transmission or congestion.

Broadband

Internet Service Providers (ISPs) enable users to connect to the Internet at high speed through broadband. This is essentially a wide bandwidth data transmission carrying different types of signals through an infrastructure made of different components along the route (e.g. coaxial cable or optical fibre). Different ISPs offer different broadband speeds but, as previously mentioned, speed is not the same thing as bandwidth.

Ways To Improve Bandwidth

Some of the key ways that you can improve bandwidth are to:

– Upgrade your plan with your ISP to get higher Mbps e.g. to a Fios Gigabit Connection.  This may be helpful for those who stream large amounts of content and use many different devices.

– Update/upgrade the router or frequently reboot the router to strengthen the Internet connection.

– Use physical, Ethernet wire connections to the router. This can help to get around problems such as connection issues with other devices.

Throttling

Bandwidth throttling is a way that ISPs intentionally slow down their internet service/slow down the data transmission for reasons including regulating network traffic, saving money, minimising bandwidth congestion, or, as in most cases, due to excess use on a plan that has a data cap. Throttling is not illegal but users should be informed if the ISP is using it.

Avoiding Throttling

One way to avoid throttling is to use a virtual private network (VPN) as ISPs cannot see the encrypted traffic. Users can test whether their service is being throttled, for example, by running two speed tests, one using the normal connection and one using a VPN.  If the VPN is much faster, this could indicate that throttling is being used.

What Does This Mean For Your Business?

Businesses, therefore, need to assess how much bandwidth they are likely to need, e.g. by taking into account factors such as how many employees need to be accessing the network and the bandwidth requirements needed for the applications that they use. Other ways to help include getting on the right plan from the ISP, using cables to the router, organising network backups and updates, monitoring and policing the traffic, migrating apps to the cloud, using WAN optimisation tools, and more. For businesses to maximise productivity and continuity, how to maximise their bandwidth is, therefore, an important consideration.

With many of us now owning tech items such as laptops, desktops, and printers, we look at the best ways to prepare tech hardware for a safe journey to a new home.

Tech Owners

An Aviva survey from 2020 showed that the average UK home now has 10.3 internet-enabled devices (286 million in UK homes) and that having children in the home increases the average number of devices.  For example, a UK home with 3 children can now typically hosts 15.4 internet-enabled items.

Add to these statistics the fact that the number of people working from home in the UK almost doubled during the pandemic (ONS figures) to 25.9%, and it’s clear that our tech devices, such as laptops and PCs, have a value and importance well beyond their physical price tag as work tools, vital communications and home research tools, and entertainment gateways.

When it comes to moving home, therefore, it is especially important to ensure that these items are protected and that they can quickly resume their function safely at their new destination.

Preparation of Tech For The Removals Journey

Good preparation begins with good IT practice and extends to preparing for any possible risks to your tech items. Key preparation activities should be:

– Backing Up. Having a reliable, secure, cloud-based backup service for your work and vital data should be standard work practice anyway to preserve business continuity and to preserve valuable memories (photos and videos). Before moving, however, backing up PCs and laptops can ensure that in the event of any physical damage to an item, your data has been saved.

– Connection. Making sure in advance, where possible, that where you’re moving to has enough sockets, phone points, and likely a decent likely broadband provision (check with your provider if in doubt) can enable a fast tech setup at the other end.

– Security. Make sure that prior to removal, devices have password protection in place so that only you access them, and that any sensitive data is not stored on the device itself (which should be part of normal backup procedures).

– Careful disassembly. It is easier for your removals company, and safer (for the device) to ensure that everything has been disassembled in an organised way (e.g. peripherals, leads, power adapters, your router, monitors, and computers). Arranging the items so that each device and its cables and adapters go in the same box can speed up re-assembly at the other end.

Packing Tech Devices For Removals

Tech devices and peripherals are high value and contain small components that can be easily damaged by knocks and bumps.  Also, some devices are rarely disassembled after their original assembly in the home, so users can be unfamiliar with which lead goes where, and belongs to which device.  With these concerns in mind, when preparing for your home removals:

– Ensure that you have boxes, bubble wrap, packing paper, tape, and enough soft materials to pack them with similar protection to when they were first shipped.

– Record what goes where. Taking a photo on your phone of where cables are plugged in, and or using labelling (round cables) or colour-coded tape can help you to re-assemble your tech hardware quickly at its new home.

– Take portable storage devices with you.  If you still use storage devices such as USBs, or even external hard drives, you may decide that its better and safer to take these with you (e.g. in a bag/box in your car) so that you can minimise the chance of losing them or forgetting which box you put them in.  Cloud back-up storage can be a much safer way of keeping your personal data safe.

– Label your boxes.  Clearly labelling your tech device boxes will help you to quickly find and re-assemble them at the other end.

– Trust your removals company. Your removals company has experience in safely transporting tech devices and high-value, delicate home and office hardware. Their fully trained, trustworthy staff are able to assess your situation from the quote to the move itself. Your removals company should also be able to give advice wherever it’s needed.

If you need to send an email containing private/sensitive information, you can do it in Gmail using confidential mode. Here’s how:

– Open Gmail and log into your account.

– In the upper-left corner of the screen, select Compose.

– At the bottom of the New Message window, marked by a padlock and clock icon, is an option to ‘Turn confidential mode on/off’. Turn it to ‘on’.

– Set the expiration date for the email i.e.,1 day, 1week, 1 month, 3 months, or 5 years.

– If you would like the email to require a passcode in order for it to be read, select the ‘SMS passcode’ checkbox.

– Click ‘Save’.

– Write the email and send it.

It’s worth noting that the contents of any emails you send using this confidential mode can’t be forwarded by the recipient, copied, printed, or downloaded.

As part of Google’s latest security updates to Chrome and Android, users will not only be alerted if any of the passwords in their Password manager are compromised but will also be given the opportunity to make a quick fix.

Quick Fix – Change Password

In the ongoing competitive battle between Google’s Chrome browser (and its Android OS) and Apple’s equivalent, Google has released new security updates. Part of the updates to the Password Manager that’s built-in to Chrome and Android is the new quick-fix feature which will enable the Google Assistant to navigate to the compromised accounts and change passwords within seconds.

Benefits

Firstly, the fact that users are alerted when a password has been compromised is valuable because if users are made aware of a problem, they can quickly take action before more damage is done, rather than simply finding out after the event (e.g. stolen data or money) and/or the password being used by other attackers after being passed on/sold on.

Secondly, having a fast-track route to a quick fix through being offered a one-click ‘Change Password’ button means that users can minimise the amount of time that they are exposed to risk, and can quickly and conveniently change a password without having to go back to the site where it has been compromised, click on the forgot password/change password link, and go through a longer process that way.

Setting Up The Feature

The feature, which is powered by Google’s AI technology (since 2018) ‘Duplex’, is available to users who have turned “Safe Browsing” on and who are signed-in and syncing to Chrome.

On Android, for example, to receive alerts if any passwords have been compromised (e.g. in a data leak on a third-party website or app) navigating to the ‘Settings’ in Chrome and selecting ‘Privacy and security’ > ‘Safe browsing’ and tapping on ‘Standard protection’ gives users the option to switch “Warn you if passwords are exposed in a data breach” to on or off.

Users can also choose to check saved passwords themselves to see if any have been exposed in a data breach. Again, this can be done via ‘Settings’ in the Chrome app, by tapping ‘Passwords’ > ‘Check Passwords’.

What Does This Mean For Your Business?

This is one of several new security features announced in answer to Apple’s recent iOS 14.5.1, and macOS 11.3.1 security updates, and specifically, is an answer to Apple introducing compromised password alerts with iOS 14. Clearly, being alerted and being able to check password compromises, and being able to change a password quickly and easily is likely to be very beneficial to users.  Google also recently announced that it will soon be automatically enrolling its users in Two-Step Verification ‘2SV’ to improve the security of its services, but the future of authentication and verification is most likely to be ‘passwordless’ and based on biometrics. For example, last year, Google announced that users could verify their identity by using their fingerprint or screen lock instead of a password when visiting certain Google services (e.g. Pixel devices and all Android 7+ devices) due to Google’s collaboration with many other organisations within the FIDO Alliance and the W3C that led to the development of the FIDO2 standards, W3C WebAuthn and FIDO CTAP that allows fingerprint verification.  Both Apple and Google may, therefore, be highlighting features based around more traditional security ideas now, but the direction of travel is away from passwords altogether.

Google has announced the release of the first beta of Android 12 which has a range of new features including some security measures which Google hopes can match those of Apple.

Design Change

Announced recently at a developer conference, and on Google’s blog, the addition of the new features to Android 12 mark the “biggest design change in Android’s history”.

In addition to being able to completely personalise their Android phone with a custom colour palette and redesigned widgets, Google says that users will also notice that the Android 12 OS is much faster, smoother, and more responsive to touch, with smooth motion and animations.

Security Features

Some of the features that have really caught the attention of tech commentators are those designed to give Android security features that are on a par with its competitor Apple.

These new features include:

– A new Privacy Dashboard.  This offers users the convenience and ease of having a single view into permissions and settings as well as showing what data is being accessed, how often and by which apps. The dashboard also makes it easy for users to revoke app permissions.

– A new indicator for the microphone and cameras. Similar to iOS indicators, the new Android 12 indicator (top right) lets now users know when their apps are accessing the microphone or camera, and two new toggles in Quick Settings allow users to remove app access to these sensors for the entire system.  These features enable users to guard against cyber criminals using (via apps) the camera or microphone to spy, eavesdrop, and steal personal data.

– Approximate location permissions.  This feature recognises the fact that apps don’t need to know a user’s exact location to function properly and, therefore, just giving an approximate location gives the user more control over how much information is shared with apps.

– Android Private Compute Core. This is a kind of sandbox, like the partitions used for passwords or biometric data, but can hold data for use in machine learning. The Android Private Compute Core enables features like Live Caption, Now Playing and Smart Reply and because all the audio and language processing happens on-device, isolated from the network, this preserves user privacy.

– Password Manager improvements.  Then new features being introduced to Google Chrome and Android’s Password Manager include making it easier for users to import passwords e.g., from NordPass, and an automatic password alert that tells users when Google detects that any saved passwords have been compromised in a security breach. Also, a new quick fix feature will enable the Google Assistant to navigate to the compromised accounts and change passwords within seconds, thereby trying to minimise the amount of time that users are exposed to risk.

Apple Update

It’s a fortnight since Apple (Google’s big competitor) released its critical iOS 14.5.1, macOS 11.3.1 security updates, so it’s not surprising that the new Android security features are being announced now.  Some tech commentators have noted, however, that the latest Android security and privacy updates don’t have an answer to Apple’s App-Tracking Transparency Feature, which requires apps to ask users for permission before tracking them across the web. It has been reported, however, that Google is still working on an alternative.

What Does This Mean For Your Business?

For Google, this update of Android is as much a competitive move as a simple update, designed to close the perceived (security) gap between its benefits and that of Apple’s iOS, and to challenge the idea in the marketplace that Apple products are always more secure. These extra security features will also be of benefit to business and domestic consumers alike but features such as the improved Password Manager may be bad news for companies like Nord (NordPass) and LogMeIn (the owners of LastPass) as it will be easier to transfer passwords across to Android. Google’s Android OS does still, however, have some catching up to do with Apple on features such as Tracking Transparency.