8/4/2020 Update: A major security hole was found in Secure Boot. A lot of software needs to be updated.

Windows 10 is installed in over 800 million devices but a fraction of those are running with increased security offered in this operating system.

In this tutorial we will show you how to enable Secure Boot and TPM to increase the security of Windows 10.

What is Secure Boot?

Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM).  This prevents it from starting the computer from malware, ransomware, etc.

What is a Trusted Platform Module (TPM) ?

TPM is a hardware chip that is either part of the motherboard or added on later.

Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM.

Enabling Secure Boot

Always backup your computer before making major modifications. Write down your current settings. Microsoft has some tips on enabling Secure Boot.  Each computer is different, so your screen options will vary.

1. Enter your PC’s BIOS setup by hitting the right key during bootup, such as F1, F2, F12, ESC or Delete.
2. Make sure your computer Boot Mode is set for UEFI, not Legacy
3. You may need to set Windows OS Configuration – Windows 10 WHQL Support to UEFI before you can see Secure Boot – It is called CSM for some BIOSes
   

4. Look for an option called Secure Boot – In MSI motherboards, it is located in Settings\Advanced\Windows OS Configuration Secure Boot

Set Secure Boot Mode – Custom

Select Key Management

Set Provision Factory Default Keys to Enabled

The Intel GOP driver was then installed.

After it is enabled, the Secure Boot Variable fields will get set and now you can go to the previous screen and actually Enable Secure Boot!

Compatibility Issues with Secure Boot

Some drivers will not install correctly when you are running with Secure Boot enabled.  Temporarily turn it off, install the driver, then re-enable.

MAKE SURE the driver is from a trustworthy source!

Make sure you have updated the TPM chip to the latest version to avoid TPM-FAIL. This primarily affects TPM modules with STMicroelectronics chips and Intel Platform Trust Technology (PTT). Infineon Chips are fine.

Enabling a TPM in Windows 10

Some PCs and motherboards come with TPM already installed.  In most cases, you need to figure out if your motherboard has a socket for a TPM. These are specific to hardware, you cannot put a MSI TPM board into a Asus motherboard.  If so buy one, turn off your PC, and install it.  Try to buy the TPM directly from the manufacturer, not from a random seller on Amazon or eBay.  Laughingly, our TPM board was made in China.  It could have been hacked during assembly! (So much for true security)

1. Enter your PC’s BIOS setup by hitting the right key during bootup, such as F1, F2, F12, ESC or Delete.

2. Look for an option called Trusted Computing- In MSI motherboards, it is located in Settings\Security\Trusted Computing

Set Security Device Support to Enabled – Set Device Select to Auto

Save the settings and restart your computer.  Re-Enter your PC’s BIOS select the same option

You should see additional options now that the TPM was found.

Restart the PC and enter Windows.  If the installation was successful, you should see these additional notes in the Windows Security – Device Security Screen.

Congratulations!

8/18/2024: iOS Devices can support DNS over HTTPS through this simple provision file addition.

8/1/2020: Netgear has major issues with many of its wireless routers.  Update now. Some will never be updated, if you have one of these obsolete routers, buy a new one.

7/23/2020: C-Data networking (Cdata, OptiLink, BLIY) equipment has multiple back doors. – The company says these are counterfeit versions.

1/22/2020: SIM Swap compromises using your smartphone to get text messages to authenticate with websites. Avoid using text messages to do rescue logins.  A new paper from Princeton researchers shows how easy it is to pull off a SIM Swap against AT&T, Verizon, T-Mobile and others.  Send text messages to a VoIP number such as Google Voice  instead. Do not allow Google Voice to forwards Texts/Calls to your main number.

1/20/2020: Virtually all Cablemodems have the Cable Haunt critical vulnerability. Call you cable operator an ask them to upate your cablemodem’s software now. You cannot do it on your own.

12/10/2019: Google Smart Lock is also a great way to generate second factor authentication but using your iPhone or Android phone and their app.

10/1/2019: iOS 13 has a handy feature to stop unwanted calls.  You can set the phone to send unknown callers straight to voicemail! (Those not in your contacts) – Settings – Phone – Silence Unknown Callers

5/12/2019: Thrangrycat Attacks Cisco Switches, Firewall and routers.  Update and patch now

3/19/2019: Windows 10 is loading more and more crap.  These scripts let you uninstall the junkware and reclaim privacy.

2/1/2019: Google has patch a major bug in Android where you can get hacked just by looking at a picture in a SMS, Email, or web page!  Update your Android software right away.  If your phone no longer gets updates, please consider buying a new one.

1/2019: Marvell’s Wi-Fi chip is used in millions of devices.  Unfortunately, it has a major security flaw. Look for updates soon.  Devices that have no way to get updated are worrisome.

12/2018: Marriott – Starwood Hotels got hacked, leaking a ton of data. Change your credit card if you booked there.

10/4/2018: Bloomberg reports that China has infiltrated major tech companies by compromising servers from their Chinese factories.  Never trust your hardware!

8/24/2018: HP Inkjet printers with Fax capability have a Faxploit exploit where someone could fax you a special page and take over your entire network. Patch now.

6/11/2018: The FBI has asked users to reboot your wireless router in an effort to prevent infection from the VPNFilter malware.   You should do more than this, write down its settings, reset it to default settings, and updated it to the latest software.

Always update the software for your router to the latest version.  If no update has occurred in the last 6 months, BUY a new one!  Affected devices include: (Expanded List)

Asus Devices:

RT-AC66U (new)
RT-N10 (new)
RT-N10E (new)
RT-N10U (new)
RT-N56U (new)
RT-N66U (new)

D-Link Devices:

DES-1210-08P (new)
DIR-300 (new)
DIR-300A (new)
DSR-250N (new)
DSR-500N (new)
DSR-1000 (new)
DSR-1000N (new)

Huawei Devices:

HG8245 (new)

Linksys Devices:

E1200
E2500
E3000 (new)
E3200 (new)
E4200 (new)
RV082 (new)
WRVS4400N

Mikrotik Devices:

CCR1009 (new)
CCR1016
CCR1036
CCR1072
CRS109 (new)
CRS112 (new)
CRS125 (new)
RB411 (new)
RB450 (new)
RB750 (new)
RB911 (new)
RB921 (new)
RB941 (new)
RB951 (new)
RB952 (new)
RB960 (new)
RB962 (new)
RB1100 (new)
RB1200 (new)
RB2011 (new)
RB3011 (new)
RB Groove (new)
RB Omnitik (new)
STX5 (new)

Netgear Devices:

DG834 (new)
DGN1000 (new)
DGN2200
DGN3500 (new)
FVS318N (new)
MBRN3000 (new)
R6400
R7000
R8000
WNR1000
WNR2000
WNR2200 (new)
WNR4000 (new)
WNDR3700 (new)
WNDR4000 (new)
WNDR4300 (new)
WNDR4300-TN (new)
UTM50 (new)

QNAP Devices:

TS251
TS439 Pro
Other QNAP NAS devices running QTS software

TP-Link Devices:

R600VPN
TL-WR741ND (new)
TL-WR841N (new)

Ubiquiti Devices:

NSM2 (new)
PBE M5 (new)

Upvel Devices:

Unknown Models* (new)

ZTE Devices:

ZXHN H108N (new)

4/24/2018: Windows Defender System Guard is now installed by the latest Windows 10 Updates. Make sure you are up to date.

3/21/2018: 1.1.1.1 is a free DNS Domain Name Service that helps hide the sites you goto. Cloudflare runs it and promises no logging.

3/15/2018: ID Thieves are using the IRS and filing fake tax returns. Remember that the IRS never calls or sends email to you.  They use old fashion US mail. Sign up for an IRS PIN if possible.

2/8/2018: Lenovo PCs with fingerprint readers need to be updated. Lenovo laptops with certain Broadcom Wi-Fi chips also need an update

1/12/2018: Laptops for Business use may have Intel AMT. You need to configure it or else your open to Intel AMT attacks.

1/5/2018: Meltdown and Spectre are 2 new processor chip bugs that affect most modern computers, smartphones, and tablets.  They will need software updates to mitigate this bad bug. More Details – Older system without updates are dangerous to continue to use. Time to buy new hardware.

11/21/2017: Quad9 is a free DNS Domain Name Service that helps prevent users from accessing malicious sites.  Run by IBM Security, Packet Clearing House (PCH) and The Global Cyber Alliance (GCA)

11/1/2017: Windows 10 controlled folder access anti-ransomeware is part of the Fall Creators Update.  It works well and should be used by all Windows 10 users.

10/16/2017: KRACK attack on Wi-Fi. Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.  Virtually ALL Wi-Fi equipped devices need to be updated.  The attack is particularly bad on Android 6.0 and Linux. If you have a device with no updates (eg Internet of Things), you will be open to attacks. Using a VPN helps.

10/6/2017: Kaspersky has been implicated in stealing data from the NSA.  Uninstall any of their antivirus software right away.  It is now banned in the US government. Best Buy has stopped selling it.

9/8/2017: In September 2017, Equifax got hacked affecting 143 Million customers. (Almost everyone!) Equifax is offering complimentary identity theft protection. – Do more! Setup a Credit Freeze.

9/1/2017: Arris NVG589, NVG599 and possibly other modems, routers, gateways sold for AT&T’s U-verse service have a major security hole. If you have one, you need to update it as soon as possible to software newer than 9.2.2 or apply this fix.

5/12/2017: Wanna Cry ransomware is spreading fast.  It exploits a Microsoft bug that was patched in March 2017.  It is more infectious because it can spread throughout a local network.

WannaKiwi – Decrypts files WannaCryp ransomware. Do not reboot after getting infected.

A basic lesson in patching right away and stop running old Operating systems.  Microsoft took the unusual step to put out a Windows XP, 8 , Windows Server 2003 patch to help stop this. If you use any of these OS’s, upgrade to Windows 10 now.

4/12/2017: 2 easy ways to increase your security and not have to constantly update are:

• Uninstall Adobe Flash
• Uninstall Adobe Reader

4/4/2017: Google Project Zero has found a major flaw in a WiFi chip that is used on many Android and iPhones. Hackers can run malware on devices. Apple iOS 10.3.1 and newer fixes the bug. Android patches are rolling out soon. Make sure you update your device. Any phone that does not get security updates any more, should be recycled and replaced.

3/16/2017: Matthew Green, a well respected cryptographer and professor at Johns Hopkins has a great article discussing Secure Computing – Desktops vs Smartphones, iOS vs Android and more..

2/16/2017: Apricorn makes a secure USB flash drives that require a pin code to be entered before they function.  No software or drivers required, so it works with any operating system. Dust and water resistant durable aluminium housing

2/2/2017: Laser Printers are vulnerable to security issues. Popular printer models manufactured by Dell, Brother, Konica, Samsung, HP, and Lexmark are all affected.

2/1/2017: Netgear has updated firmware for many routers that fixes a major security hole.

1/30/2017: Security minded people use VPNs to secure their communications. Many Android VPN clients have privacy and security risks.  Be careful which you use.

12/12/2016: 26 different low cost Android devices on the MTK platform have Trojan horses built in.

12/8/2016: Keyless Car Entry: Security minded folks would never buy a car that has this feature. The National Insurance Crime Bureau has a post on how a Mystery Device is used to relay your key fob’s signal to steal cars.  It is best to wrap your key fob in foil or some RF blocking shield when you are away from the vehicle.

11/30/2016: Gooligan Malware has infected over 1million Android phones, most of which downloaded apps outside the official Google Play store.

11/15/2016: Some Cheap cell phones made in China have spyware that sends all your texts to China. This includes the $50 BLU R1 HD sold by amazon! Update the firmware of this device NOW.

10/2/2016: D-Link DWR-932B  and Quanta 4G LTE QDH routers have major security holes- Upgrade it to the latest firmware. Details

9/22/2016: Do you run a website? If so make sure you test it for security vulnerabilities. Tinfoil Security has a nice free 90 day trial.

9/21/2016: Yahoo finally admits to a biggest breach ever. It happened back in 2014 of 500 million accounts. Change your passwords, never enter ‘real’ information into security questions. Use a Yahoo Account Key instead of a password.

9/18/2016: The Rowhammer memory vulnerability is getting important everyday. See if your hardware is vulnerable using Memtest86.

7/29/2016: No More Ransom.org (Kaspersky Lab in collaboration with Europol, the Dutch National Police and Intel Security) has a new site to help vicitims.  It has a page with Decryption Tools. Beware of this company though.

7/12/2016: Kanguru makes a fast USB 3.0 flash drive with physical write protect switch and a digitally signed secure firmware to protect against Badusb.  One of the first to do this. Get item to put a Linux Live CD like Ubuntu on and keep it from getting modified by malware.

5/20/2016: ID Ransomware helps you figure out which ransomware you are effected by, so you can look for remedies other than paying. Bleeping Computer has a Support forum for Ransomware

• ESET has a decryptor for TeslaCrypt infections

2/24/2016: MouseJack is a new security vulnerability that allows a malware to be remotely downloaded onto a computer via a hijacked wireless mouse or keyboard connection. A hacker could remotely type in commands or move your mouse. Update the firmware on your wireless mouse/keyboard if possible, otherwise use a wired mouse – keyboard.

Logitech Update – Worked for us, but required several tries.

2/5/2016: Netgear Wireless routers do not automatically add passwords to hard drives that are plugged into them, leaving them accessible to anyone on the Internet. Make sure you change the default password. Hackers can use Shodan to find you quickly.

1/19/2016: The Wall Street Journal commissioned a security researcher to test 20 popular internet Wireless Routers. 10 had known security weaknesses. 4 had old firmware that when upgraded could contain undocumented security problems.  Keep your router’s software update and if it is older than 2 years, you should buy a new one. Most networking companies’ stop updating them after a year or two. How to setup a Secure Wireless Router was updated.

11/17/2015: Several tutorials have updated lists of secure instant messaging apps. Forget about using popular ones like Whatsapp, Line, Viber, WeChat, they have all been monitored.

Try ones like:

• Silent Circle
• Redphone
• OSTel
• Chat Secure
• Signal (Formerly Textsecure)

7/24/2015: First of its kind. 1.4 Million 2013-2015 model year Chrysler, Dodge, Jeep Vehicles are vulnerable to remote hacking that can cause the vehicle to be controlled remotely. Get the special USB drive and update your car now.

4/28/2014: A new Internet Explorer Vulnerability that has no patch, is being actively exploited by malware. US Computer Emergency Readiness Team suggests people stop using Internet Explorer. Windows XP users need to use an alternative browser like Chrome or Firefox.

If you have to run Internet Explorer, you should install the Enhanced Mitigation Experience Toolkit or unregister the VGX.dll as mention in Microsoft’s Security Bulletin

4/10/2014: Heartbleed Security Hole. Servers that use certain versions of OpenSSL software to create secure connections are vulnerable to a major bug. Lastpass has a page that can help you test websites for this bug. Flippie.io has one too.

4/7/2014: Users should change their passwords for the following sites due to the Heartbleed Internet Security Bug: fitbit.com, github.com, rememberthemilk.com, yahoo.com. Cnet has a nice list.

2/1/2014: If you own an Asus or Linksys E-series wireless router, make sure it has been updated to prevent the Moon worm. How to setup a Secure Wireless Router was updated.

Internet of Things Scanner

Run this online scanner to see if any of your IOT devices are visible and need to be secured.

October 2017 Wi-Fi KRACK attack Warning

KRACK attack on Wi-Fi. Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.  Virtually ALL Wi-Fi equipped devices need to be updated.  The attack is particularly bad on Android 6.0 and Linux. If you have a device with no updates (eg Internet of Things), you will be open to attacks.

You should not be using any non-802.11ac devices any more, if at all possible; and you should make absolutely certain you’ve updated the firmware on all routers to the latest available version.

If that newest available firmware version is older than November 2017, it is without a doubt vulnerable to KRACK, and you’re going to need to discard and replace that device. If it’s older than, say, July 2018 it might or might not include KRACK mitigations, and you should go through all of that device’s firmware release notes since November 2017 to make certain.

Securing Internet of Things, Smart Home Devices

More and more gadgets for the home are connected to the Internet for additional functionality. Refrigerators to Thermostats to Door Locks, the list is never ending. Do not forget about security. You may have created an open door for hackers, become part of an evil Botnet, or illegal activity without your knoawledge.

A vulnerable webcam can give ANYONE on the Internet a view of your home. Secure these home gadgets as strongly as possible. Many can NEVER be updated, which means that you should discontinue their usage.

Wi-Fi Network Connection

Here are some general tips to secure your new IOT or smart home devices:

1. Change the default password or credentials of the Device
2. Update the device to the latest firmware available. If the company does not have a firmware update page on their website, we would return it. Do this again every couple months.
3. Connect your IOT device such as a Dropcam or Nest Smoke Detector to your Guest Wi-Fi network whenever possible.  This network should be walled off from the normal network, preventing access to all your Computers.  Malicious devices could snoop on your network and quietly send information without your knowledge.
4. If the Wireless routers guest network is not secure, it is even better to have 3 routers in a Y configuration. You can purchase an inexpensive router that hooks up to your Cable/DSL modem, then have 2 separate wireless routers connected to this device. Put all Internet of Things devices on one of the Y routers. Connect your computers, smartphones, tablets to the other router.
5. Have the Guest network that IOT devices are on, use a different dns server
6. Turn off uPNP on your router to prevent ports from being opened up to access IOT devices.
7. Never poke a hole through your firewall for a device. It could then be accessed by anyone on the Internet! Use Shields Up! to look for open ports.
8. Peer to Peer capabilities are hard to secure. Avoid devices with this.
9. Cheaper IOT devices especially no name ones sold on Amazon or eBay should be avoided. Most of these are rarely built with security in mind and are never updated.  Stick to brand name, IE Netgear, Google, Ring, etc..

Even the NSA is loving the rise of all these IOT devices to let them hack more easily. CCTV cameras were involved in a DDoS attacks, taking down small businesses who did not pay ransom.

Hacked Internet of Things Insecure Device List

Baby Monitors

Gynoii – Details

iBaby M3S, iBaby M6 – Details

Lens Peek-a-View – Details

Philips In.Sight B120/37 – Details

Summer Baby Zoom Wifi Monitor & Internet Viewing System – Details

TRENDnet WiFi Baby Cam TV-IP743SIC – Details

Home

AuYou Wi-Fi Smart Outlet Switch – Details

Ceomate Bluetooth Smart Doorlock – Details

Elecycle EL797 & EL797G Smart Padlock – Details

iBluock Padlock – Details

Garage doors with no rolling codes – Details

Kwikset – Smartkey locks – Details

Lagute Sciener Smart Doorlock v3.3.0 – Details

LIFX Smart LED Light Bulb – Details

Mesh Motion Bitlock Padlock v1.4.9 – Details

Okidokey Smart Doorlock v2.4 – Details

Plantraco Phantomlock v1.6 – Details

Poly Control Danalock Doorlock – Details

Quicklock Doorlock & Padlock – Details

Samsung Smart TVs 2015 – Details

TRANE Comfortlink XL850 – Details

Vians Bluetooth Smart Doorlock – Details

Kitchen Appliances

Smarter Wi-Fi iKettle – Details

Pacemakers

St. Jude Medical Cardiac Pacemakers – Details

Pets

Dog Training System – Details

Security

Yale Zigbee Doorlock – Details

Toys

Boosted, Revo, Yuneec Electric Skateboards – Details

Cayla Doll – Details – Banned in Germany ($26,000 fine!)

Cloud Pets – Details

Fredi Baby Monitor – Details

Hello Barbie – Details

iSPY Camera Tank – Details

Vtech Learning Lodge – Details

Webcams – IP Cameras – DVR

This category is a minefield.  Look how many people have their cameras made public on Insecam.com – Stick to a Dropcam or Ring Doorbell camera.

In September 2016 a massive number of IP Cameras and DVRs were hacked and used to DDOS or take off the Internet due to high traffic, websites. Each has a hard coded telnet username and password of root – xc3511 – XiongMai Technologies of Hangzhou, China, created many of these devices that are rebranded by others and sold. If you have one, updated it and change its password immediately.

We would never buy a no-name IP camera from amazon, you are just asking for it.

ACTi IP Camera – default login

ANKO Products DVR – default login

AVTECH IP Ccameras, NVR, DVR – Details

Axis IP Camera – default login – Watch video with no Passwords! – Update your camera

CCTV-DVR – Over 70 different Vendors – Details

D-Link DCS930L, DCS932L – Details

Dahua Security Cameras – default login– Must change default password and update firmware right away – Some have hardcoded backdoor ONVIF password of admin/admin. – Details – Includes:

DH-IPC-HDW23A0RN-ZS
DH-IPC-HDBW23A0RN-ZS
DH-IPC-HDBW13A0SN
DH-IPC-HDW13A0SN
DH-IPC-HFW13A0SN-W
DH-IPC-HDBW13A0SN
DH-IPC-HDW13A0SN
DH-IPC-HFW13A0SN-W
DHI-HCVR51A04HE-S3
DHI-HCVR51A08HE-S3
DHI-HCVR58A32S-S2

Dahua IP Camera – default login

Dahua IP Camera HDW4300C – default login

Dahua DVR – default login

Defeway – Watch video with no Passwords

Dreambox TV receiver- default login

Eminent EM6220 – Details

EV ZLX Two-way Speaker

Foscam – different brand names in Europe – Authenticate you with ‘admin’ without requiring password – Foscam C1 IP – Details

Guangzhou Juan Optical – default login

Netgear Arlo – Details

RaySharp DVRs – Details

Samsung IP Camera – Details

Shenzhen Anran Security Cameras – Details

Shenzhen Neo iDoorbell or NIP-22 – Details

Sony – IPELA Engine IP Cameras – Details

SNC-CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC EB602R, SNC-EB630, SNC-EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL, SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, and SNC-ER521C.

Toshiba Network Camera – Details

VideoIQ – Details

Vivotek IP Camera – Details

Security Researchers have found Security Holes

SmartThings – Details

Sony – Watch video with no Passwords!

TPLink- Watch video with no Passwords!

Universal Plug and Play UPnP – Always turn it off in your router! – Details

Vacron – Details

Wireless IP Camera (P2) Wificam – Details also known as:

Foscam C2 also known as: Chacon, Thomson, 7links, Netis, Turbox, Novodio, Ambientcam, Nexxt, Technaxx, Qcam, Ivue, Ebode, Sab, and Opticam.

3G+IPCam Other
3SVISION Other
3com CASA
3com Other
3xLogic Other
3xLogic Radio
4UCAM Other
4XEM Other
555 Other
7Links 3677
7Links 3677-675
7Links 3720-675
7Links 3720-919
7Links IP-Cam-in
7Links IP-Wi-Fi
7Links IPC-760HD
7Links IPC-770HD
7Links Incam
7Links Other
7Links PX-3615-675
7Links PX-3671-675
7Links PX-3720-675
7Links PX3309
7Links PX3615
7Links ipc-720
7Links px-3675
7Links px-3719-675
7Links px-3720-675
A4Tech Other
ABS Other
ADT RC8021W
AGUILERA AQUILERA
AJT AJT-019129-BBCEF
ALinking ALC
ALinking Other
ALinking dax
AMC Other
ANRAN ip180
APKLINK Other
AQUILA AV-IPE03
AQUILA AV-IPE04
AVACOM 5060
AVACOM 5980
AVACOM H5060W
AVACOM NEW
AVACOM Other
AVACOM h5060w
AVACOM h5080w
Acromedia IN-010
Acromedia Other
Advance Other
Advanced+home lc-1140
Aeoss J6358
Aetos 400w
Agasio A500W
Agasio A502W
Agasio A512
Agasio A533W
Agasio A602W
Agasio A603W
Agasio Other
AirLink Other
Airmobi HSC321
Airsight Other
Airsight X10
Airsight X34A
Airsight X36A
Airsight XC39A
Airsight XX34A
Airsight XX36A
Airsight XX40A
Airsight XX60A
Airsight x10
Airsight x10Airsight
Airsight xc36a
Airsight xc49a
Airsight xx39A
Airsight xx40a
Airsight xx49a
Airsight xx51A
Airsight xx51a
Airsight xx52a
Airsight xx59a
Airsight xx60a
Akai AK7400
Akai SP-T03WP
Alecto 150
Alecto Atheros
Alecto DVC-125IP
Alecto DVC-150-IP
Alecto DVC-1601
Alecto DVC-215IP
Alecto DVC-255-IP
Alecto dv150
Alecto dvc-150ip
Alfa 0002HD
Alfa Other
Allnet 2213
Allnet ALL2212
Allnet ALL2213
Amovision Other
Android+IP+cam IPwebcam
Anjiel ip-sd-sh13d
Apexis AH9063CW
Apexis APM-H803-WS
Apexis APM-H804-WS
Apexis APM-J011
Apexis APM-J011-Richard
Apexis APM-J011-WS
Apexis APM-J012
Apexis APM-J012-WS
Apexis APM-J0233
Apexis APM-J8015-WS
Apexis GENERIC
Apexis H
Apexis HD
Apexis J
Apexis Other
Apexis PIPCAM8
Apexis Pyle
Apexis XF-IP49
Apexis apexis
Apexis apm-
Apexis dealextreme
Aquila+Vizion Other
Area51 Other
ArmorView Other
Asagio A622W
Asagio Other
Asgari 720U
Asgari Other
Asgari PTG2
Asgari UIR-G2
Atheros ar9285
AvantGarde SUMPPLE
B-Qtech Other
B-Series B-1
BRAUN HD-560
BRAUN HD505
Beaulieu Other
Bionics Other
Bionics ROBOCAM
Bionics Robocam
Bionics T6892WP
Bionics t6892wp
Black+Label B2601
Bravolink Other
Breno Other
CDR+king APM-J011-WS
CDR+king Other
CDR+king SEC-015-C
CDR+king SEC-016-NE
CDR+king SEC-028-NE
CDR+king SEC-029-NE
CDR+king SEC-039-NE
CDR+king sec-016-ne
CDXX Other
CDXXcamera Any
CP+PLUS CP-EPK-HC10L1
CPTCAM Other
Camscam JWEV-372869-BCBAB
Casa Other
Cengiz Other
Chinavasion Gunnie
Chinavasion H30
Chinavasion IP611W
Chinavasion Other
Chinavasion ip609aw
Chinavasion ip611w
Cloud MV1
Cloud Other
CnM IP103
CnM Other
CnM sec-ip-cam
Compro NC150/420/500
Comtac CS2
Comtac CS9267
Conceptronic CIPCAM720PTIWL
Conceptronic cipcamptiwl
Cybernova Other
Cybernova WIP604
Cybernova WIP604MW
D-Link DCS-910
D-Link DCS-930L
D-Link L-series
D-Link Other
DB+Power 003arfu
DB+Power DBPOWER
DB+Power ERIK
DB+Power HC-WV06
DB+Power HD011P
DB+Power HD012P
DB+Power HD015P
DB+Power L-615W
DB+Power LA040
DB+Power Other
DB+Power Other2
DB+Power VA-033K
DB+Power VA0038K
DB+Power VA003K+
DB+Power VA0044_M
DB+Power VA033K
DB+Power VA033K+
DB+Power VA035K
DB+Power VA036K
DB+Power VA038
DB+Power VA038k
DB+Power VA039K
DB+Power VA039K-Test
DB+Power VA040
DB+Power VA390k
DB+Power b
DB+Power b-series
DB+Power extcams
DB+Power eye
DB+Power kiskFirstCam
DB+Power va033k
DB+Power va039k
DB+Power wifi
DBB IP607W
DEVICECLIENTQ CNB
DKSEG Other
DNT CamDoo
DVR DVR
DVS-IP-CAM Other
DVS-IP-CAM Outdoor/IR
Dagro DAGRO-003368-JLWYX
Dagro Other
Dericam H216W
Dericam H502W
Dericam M01W
Dericam M2/6/8
Dericam M502W
Dericam M601W
Dericam M801W
Dericam Other
Digix Other
Digoo BB-M2
Digoo MM==BB-M2
Digoo bb-m2
Dinon 8673
Dinon 8675
Dinon SEGEV-105
Dinon segev-103
Dome Other
Drilling+machines Other
E-Lock 1000
ENSIDIO IP102W
EOpen Open730
EST ES-IP602IW
EST IP743W
EST Other
EZCam EPK-EP10L1
EZCam EZCam
EZCam Other
EZCam PAN/TILT
EZCam Pan/Tilt
EasyCam EC-101HD
EasyCam EC-101HDSD
EasyCam EC-101SD
EasyCam EC-102
EasyCam Other
EasyN 187
EasyN 1BF
EasyN 720P
EasyN F
EasyN F-136
EasyN F-M136
EasyN F-M166
EasyN F-M181
EasyN F-M1b1
EasyN F-SERIES
EasyN F133
EasyN F2-611B
EasyN F3
EasyN F3-166
EasyN F3-176M
EasyN F3-M166
EasyN F3-SERIES
EasyN F3-Series
EasyN F3-m187
EasyN F3M187
EasyN FS-613A-M136
EasyN FS-613B
EasyN FS-613B-M166
EasyN FS-613B-MJPEG
EasyN FS613
EasyN F_M10R
EasyN H3-V10R
EasyN H6-M137h
EasyN M091
EasyN Other
EasyN est-007660-611b
EasyN est-007660333
EasyN f
EasyN f-Series
EasyN f138
EasyN f_series
EasyN fseries
EasyN kitch
EasyN s
EasySE F/B/N/I
EasySE H3
EasySE H3e
EasySE Other
Ebode IPV38W
Ebode IPV58
Ebode Other
Ego Other
Elro 901
Elro 903
Elro 903IP
Elro C7031P
Elro C703IP2
Elro C704-IP
Elro C704IP
Elro C704IP.2
Elro C704ip
Elro C803IP
Elro C903IP
Elro C903IP.2
Elro C904IP
Elro C904IP.2
Elro IP901
Elro Other
Eminent 6564
Eminent EM6220
Eminent EM6564
Eminent em6220
Esky C5900
Esky L
Esky Live
Esky c5900
Eura-Tech IC-03C3
EyeCam ICAM-608
EyeCam IP65IW
EyeCam Other
EyeCam STORAGEOPTIONS
EyeIPCam IP901W
EyeSight ES-IP607W
EyeSight ES-IP811W
EyeSight ES-IP909IW
EyeSight ES-IP935FW
EyeSight ES-IP935IW
EyeSight IP910IW
EyeSight IP915IW
EyeSight Other
EyeSight ip609IW
EyeSight ip909iw
EyeSight ip915iw
EyeSight mjpeg
EyeSpy247 Other
F-Series FSERIES
F-Series Ip
F-Series Other
F-Series ip
First+Concept Other
Focuscam F19821W
Foscam FI18904w
Foscam FI18905E
Foscam FI18905W
Foscam FI18906w
Foscam FI1890W
Foscam FI18910E
Foscam FI18910W
Foscam FI18910w
Foscam FI18916W
Foscam FI18918W
Foscam FI18919W
Foscam FI19810W
Foscam FI8094W
Foscam FI81904W
Foscam FI8601W
Foscam FI8602W
Foscam FI8606W
Foscam FI8610w
Foscam FI8903W
Foscam FI8903W_Elita
Foscam FI8904
Foscam FI8904W
Foscam FI8905E
Foscam FI8905W
Foscam FI8905w
Foscam FI8906w
Foscam FI8907W
Foscam FI8908W
Foscam FI8909W
Foscam FI890W
Foscam FI8910
Foscam FI8910E
Foscam FI8910W
Foscam FI8910W_DW
Foscam FI8910w
Foscam FI8916W
Foscam FI8918
Foscam FI89180w
Foscam FI8918E
Foscam FI8918W
Foscam FI8918w
Foscam FI8919W
Foscam FI9804W
Foscam FI9805E
Foscam FI9810
Foscam FI9810W
Foscam FI9818
Foscam FI9820w
Foscam FI9821W
Foscam FI9821w
Foscam FL8910
Foscam FS18908W
Foscam FS8910
Foscam Fi8910
Foscam Other
Foscam fI8989w
Foscam fi1890w
Foscam fl8910w
FoxCam PTZ2084-L
GIGA gb
GT+ROAD HS-006344-SPSLM
General Other
Generic All-in-one
Generic Billy
Generic DomeA-Outdoor
Generic IP
Generic Other
Gi-star+srl IP6031W
Gigaeye GB
GoAhead EC-101SD
GoAhead GoAheadWebs
GoAhead IPCAM1
GoAhead IPCAM2
GoAhead Other
GoAhead thedon
GoCam Other
Goclever EYE
Goclever EYE2
Gotake GTK-TH01B
H+264+network+DVR 720p
H+264+network+DVR Other
H.264 Other
H6837WI Other
HD+IPC Other
HD+IPC SV3C
HDIPCAM Other
Heden CAMH04IPWE
Heden CAMHED02IPW
Heden CAMHED04IP
Heden CAMHED04IPWN
Heden CAMHEDIPWP
Heden Other
Heden VisionCam
Heden visionCam
HiSilicon Other
Hikvision DS-2CD2132
Histream RTSP
HooToo F-SERIES
HooToo HOOTOO
HooToo HT-IP006
HooToo HT-IP006N
HooToo HT-IP009HDP
HooToo HT-IP206
HooToo HT-IP207F
HooToo HT-IP210HDP
HooToo HT-IP210P
HooToo HT-IP212
HooToo IP009HDP
HooToo Other
HooToo apm-h803-mpc
Hsmartlink Other
Hungtek WIFI
ICAMView Other
ICam I908W
ICam IP-1
ICam Other
ICam Other2
ICam dome
INISOFT-CAM Stan
INVID Other
IO+Data Other
IP66 Other
IPC IPC02
IPC Other
IPC S5030-TF
IPC S5030-m
IPC SRICAM
IPCC 3XPTZ
IPCC 7210W
IPCC IPCC-7210W
IPCC x01
IPTeles Other
IPUX ip-100
ISIT Other
IZOtech Other
IZTOUCH 0009
IZTOUCH A001
IZTOUCH IZ-009
IZTOUCH LTH-A8645-c15
IZTOUCH Other
IZTOUCH Other1
IZTOUCH ap001
IeGeek Other
IeGeek ukn
Inkovideo V-104
Iprobot3 Other
JRECam JM3866W
JWcam JWEV
JWcam Other
Jaycar 3834
Jaycar 720P
Jaycar Other
Jaycar QC-3831
Jaycar QC-3832
Jaycar QC-3834
Jaycar QC-3836
Jaycar QC-3839
Jaytech IP6021W
JhempCAM Back
JhempCAM Other
KaiKong 1601
KaiKong 1602w
KaiKong Other
KaiKong SIP
KaiKong SIP1602
KaiKong SIP1602W
KaiKong sip
KaiKong sip1602w
Kenton gjc02
Kinson C720PWIP
Klok Other
Knewmart KW01B
Knewmart KW02B
Kogan KAIPC01BLKA
Kogan KAIPCO1BLKA
Kogan Other
Kogan encoder
Kogan kaipc01blkb
Kompernass IUK
Koolertron Other
Koolertron PnP
Koolertron SP-SHEX21-SL
LC+security Other
LW lw-h264tf
LYD H1385H
Lager Other
Leadtek C351
LevelOne 1010/2010
Libor Other
LifeTech MyLifeTech
LifeTech Other
LifeTech dd
Lilly Other
Linq Other
Lloyds 1107
Loftek CXS
Loftek Nexus
Loftek Other
Loftek SPECTOR
Loftek Sendinel
Loftek Sentinel
LogiLink WC0030A
LogiLink wc0044
Logitech C920
MCL 610
MJPEG Other
Maginon 100
Maginon 10AC
Maginon 20C
Maginon IP-20c
Maginon IPC
Maginon IPC-1
Maginon IPC-10
Maginon IPC-100
Maginon IPC-100AC
Maginon IPC-10AC
Maginon IPC-2
Maginon IPC-20
Maginon IPC20C
Maginon IPC_1A
Maginon Other
Maginon SUPRA
Maginon Supra
Maginon ipc
Maginon ipc-1a
Maginon ipc100a
Maginon ipx
Maginon w2
Marmitek GM-8126
Maygion IP
Maygion OTHER2
Maygion Other
Maygion V3
Maygion black
Mediatech mt4050
Medisana SmartBabyMonitor
Merlin IP
Merlin Other
Merlin vstc
Messoa Other
Mingyoushi S6203Y-WR
Momentum 2002
Momentum MO-CAM
NEXCOM S-CAM
NIP NIP-004500-KMTLU
NIP NIP-075007-UPHTF
NIP NIP-11BGPW
NIP NIP-14
NTSE Other
Neewer Other
Neewer V-100
Neo+CoolCam NIP
Neo+CoolCam NIP-02(OAM)
Neo+CoolCam NIP-06
Neo+CoolCam NIP-066777-BWESL
Neo+CoolCam NIP-102428-DFBEF
Neo+CoolCam NIP-H20(OZX)
Neo+CoolCam OBJ-007260-LYLDU
Neo+CoolCam Other
Neo+CoolCam neo
Neo+CoolCam nip-11
Neo+CoolCam nip-20
Ness Other
NetView Other
Netcam Dual-HD
Netcam HSL-232245-CWXES
Netcam OUVIS
Netcam Other
Netware Other
Nexxt+Solution Xpy
Nixzen Other
NorthQ NQ-9006
Office+One CM-I11123BK
Office+One IP-900
Office+One IP-99
Office+One Other
Office+One SC-10IP
Office+One ip-900
Office+One ip900
Opexia OPCS
Optica+Video FI-8903W
Optica+Video FI-8918W
Optica+Video Other
Otto 4eye
Overmax CamSpot
Overmax Camspot
OwlCam CP-6M201W
P2p wificam
PCS Other
Panasonic BL-C131A
PeopleFu IPC-674
PeopleFu IPCAM1
PeopleFu IPCAM2
PeopleFu IPCAM3
PeopleFu IPCAM5
Pixpo 1Z074A2A0301627785
Pixpo PIX006428BFYZY
Pixpo PIX009491MLJYM
Pixpo PIX009495HURFE
Pixpo PIX010584DFACE
Plaisio IP
Planex Other
Planex PLANEX
Polariod P351S
Polaroid IP-100
Polaroid IP-101W
Polaroid IP-200B
Polaroid IP-201B
Polaroid IP-350
Polaroid IP-351S
Polaroid IP-360S
Polaroid IP-810W
Polaroid IP-810WZ
Polaroid Other
Polaroid POLIP101W
Polaroid POLIP201B
Polaroid POLIP201W
Polaroid POLIP351S
Polaroid POLIP35i5
PowerLead Caue
PowerLead PC012
ProveCam IP2521
Provision 717
Provision F-717
Provision F-737
Provision PT-737
Provision WP-711
Provision WP-717P
Pyle HD
Pyle HD22
Pyle HD46
Pyle Mine
Pyle PIPCAM15
Pyle Pipcam12
Pyle cam5
Pyle pipcam25
Pyle pipcam5
Q-nest QN-100S
Q-nest qn-100s
Queback 720p
ROCAM NC-400
ROCAM NC-500
ROCAM NC300
ROCAM NC300-1
ROHS IP
ROHS none
RTX 06R
RTX DVS
RTX IP-06R
RTX IP-26H
RTX Other
Rollei safetycam-10hd
SES Other
SKJM Other
SST SST-CNS-BUI18
SVB+International SIP-018262-RYERR
SafeHome 278042
SafeHome 616-W
SafeHome IP601W-hd
SafeHome Other
SafeHome VGA
SafeHome iprobot
Samsung Other
Santec-Video Other
Sarotech IPCAM-1000
Sarotech ip300
Scricam 004
Scricam 192.168.1.7
Scricam AP-004
Scricam AP-009
Scricam AP0006
Scricam AP006
Secam+CCTV IPCAM
Secam+CCTV Other
Seculink 10709
Seculink Other
Secur+Eye xxc5330
Seisa JK-H616WS
Senao PTZ-01H
Sequrecam Other
Sequrecam PNP-125
Sercomm Other
Shenwhen+Neo+Electronic+Co NC-541
Shenwhen+Neo+Electronic+Co Other
Shenwhen+Neo+Electronic+Co X-5000B
Shenzhen 720P
Shixin+China IP-129HW
Siepem IPC
Siepem S5001Y-BW
Siepem S6203y
Siepem S6211Y-WR
Simi+IP+Camera+Viewer Other
Sineoji Other
Sineoji PT-315V
Sineoji PT-3215P
Sineoji PT-325IP
Sinocam Other
Sky+Genious Genious
Skytronic IP
Skytronic IP99
Skytronic Other
Skytronic WiFi
Skytronic dome
SmartEye Other
SmartWares C723IP
SmartWares c724ip
SmartWares c923ip
SmartWares c924ip
Solwise SEC-1002W-IR
Spy+Cameras WF-100PCX
Spy+Cameras WF-110V
Sricam 0001
Sricam 004
Sricam A0009
Sricam A001
Sricam AP-001
Sricam AP-003
Sricam AP-004
Sricam AP-005
Sricam AP-006
Sricam AP-009
Sricam AP-012
Sricam AP-CAM
Sricam AP0009
Sricam AP002
Sricam AP995
Sricam Cam1
Sricam Front
Sricam Home
Sricam Other
Sricam SP005
Sricam SP012
Sricam SP013
Sricam SP015
Sricam SRICAM
Sricam SRICAM1
Sricam aj-c2wa-c118
Sricam ap
Sricam ap006
Sricam ap1
Sricam h.264
Sricam sp013
Sricctv A-0006
Sricctv A-009
Sricctv AJ-006
Sricctv AP-0001
Sricctv AP-0005
Sricctv AP-0009
Sricctv AP-001
Sricctv AP-002
Sricctv AP-003
Sricctv AP-004
Sricctv AP-004AF
Sricctv AP-005
Sricctv AP-006
Sricctv AP-007
Sricctv AP-008
Sricctv AP-009
Sricctv AP-011
Sricctv AP-014
Sricctv H-264
Sricctv Other
Sricctv P2P-BLACK
Sricctv P2P-Black
Sricctv SP-007
Sricctv SR-001
Sricctv SR-004
Star+Vedia 6836
Star+Vedia 7837-WIP
Star+Vedia C-7835WIP
Star+Vedia Other
Star+Vedia T-6836WTP
Star+Vedia T-7833WIP
Star+Vedia T-7837WIP
Star+Vedia T-7838WIP
StarCam C33-X4
StarCam EY4
StarCam F6836W
StarCam Other
StarCam c7837wip
Stipelectronics Other
Storage+Options HOMEGUARD
Storage+Options Other
Storage+Options SON-IPC1
Sumpple 610
Sumpple 610S
Sumpple 631
Sumpple 960P
Sumpple S601
Sumpple S610
Sumpple S631
Sumpple S651
Sumpple qd300
Sumpple s631
SunVision+US Other
Sunbio Other
Suneyes Other
Suneyes SP-T01EWP
Suneyes SP-T01WP
Suneyes SP-TM01EWP
Suneyes SP-TM01WP
Suneyes SP-tm05wp
Sunluxy H-264
Sunluxy HZCam
Sunluxy Other
Sunluxy PTZ
Sunluxy SL-701
Supra+Space IPC
Supra+Space IPC-1
Supra+Space IPC-100AC
Supra+Space IPC-10AC
Supra+Space Other11
Supra+Space ipc-20c
Sure-Eye Other
Surecom LN-400
Swann 005FTCD
Swann 440
Swann 440-IPC
Swann ADS-440
Swann ADS-440-PTZ
Swann ADS-CAMAX1
Swann Other
Swann SWADS-440-IPC
Swann SWADS-440IPC-AU
Sygonix 43176A
Sygonix 43558A
Szneo CAM0X
Szneo CoolCam
Szneo NIP
Szneo NIP-0
Szneo NIP-02
Szneo NIP-031
Szneo NIP-031H
Szneo NIP-06
Szneo NIP-12
Szneo NIP-2
Szneo NIP-20
Szneo NIP-210485-ABABC
Szneo NIP-26
Szneo NIP-X
Szneo NP-254095
Szneo Other
Szneo TFD
TAS-Tech Other
Technaxx tx-23
Techview GM8126
Techview QC-3638
Techview qc3839
Temvis Other
Tenda C50S
Tenda c30
Tenda c5+
Tenvis 0012
Tenvis 3815
Tenvis 3815-W
Tenvis 3815W
Tenvis 3815W.
Tenvis 3815W2013
Tenvis IP-319W
Tenvis IP-319w
Tenvis IP-391W
Tenvis IP-391WHD
Tenvis IP-602W
Tenvis IP602W
Tenvis IPROBOT
Tenvis JP-3815W
Tenvis JPT-3814WP2P
Tenvis JPT-3815
Tenvis JPT-3815-P2P
Tenvis JPT-3815W
Tenvis JPT-3815W+
Tenvis JPT-3815WP2P
Tenvis JPT-3815w
Tenvis JPT-3818
Tenvis MINI-319W
Tenvis Mini-319
Tenvis Other
Tenvis PT-7131W
Tenvis TH-661
Tenvis TR-3818
Tenvis TR-3828
Tenvis TR3815W
Tenvis TZ100
Tenvis TZ100/IPROBOT3
Tenvus JPG3815W
Threeboy IP-660
Topcam SL-30IPC01Z
Topcam SL-720IPC02Z
Topcam SL-910IW30
Topica+CCTV Other
Trivision NC-335PW-HD-10
Trust NW-7500
Turbo+X Endurance
Turbo+X IIPC-20
Uokoo 720P
VCatch Other
VCatch VC-MIC720HK
Valtronics IP
Valtronics Other
Vandesc IP900
Vantech Other
Vantech PTZ
Videosec+Security IPC-103
Videosec+Security IPP-105
Vimicro Other
Vitek+CCTV Other
Vstarcam 7823
Vstarcam C-7824WIP
Vstarcam C-7833WIP-X4
Vstarcam C-7833wip
Vstarcam C-7837WIP
Vstarcam C-7838WIP
Vstarcam C50S
Vstarcam C7816W
Vstarcam C7824WIP
Vstarcam C782WIP
Vstarcam C7842WIP
Vstarcam C93
Vstarcam C=7824WIP
Vstarcam Cam360
Vstarcam F-6836W
Vstarcam H-6837WI
Vstarcam H-6837WIP
Vstarcam H-6850
Vstarcam H-6850WIP
Vstarcam H-6850wip
Vstarcam ICAM-608
Vstarcam Other
Vstarcam T-6835WIP
Vstarcam T-6836WTP
Vstarcam T-6892wp
Vstarcam T-7815WIP
Vstarcam T-7833WIP
Vstarcam T-7833wip
Vstarcam T-7837WIP
Vstarcam T-7838WIP
Vstarcam T-7892WIP
Vstarcam T6836WTP
Vstarcam T7837WIP
Vstarcam c7815wip
Vstarcam c7833wip
Vstarcam c7850wip
Wanscam 00D6FB01980F
Wanscam 106B
Wanscam 118
Wanscam 541-W
Wanscam 543-W
Wanscam 790
Wanscam AJ-C0WA-198
Wanscam AJ-C0WA-B106
Wanscam AJ-C0WA-B116
Wanscam AJ-C0WA-B168
Wanscam AJ-C0WA-B1D8
Wanscam AJ-C0WA-C0D8
Wanscam AJ-C0WA-C116
Wanscam AJ-C0WA-C126
Wanscam AJ-C2WA-B118
Wanscam AJ-C2WA-C116
Wanscam AJ-C2WA-C118
Wanscam AJ-C2WA-C198
Wanscam AJ-COWA-B1D8
Wanscam AJ-COWA-C116
Wanscam AJ-COWA-C126
Wanscam AJ-COWA-C128
Wanscam AW00004J
Wanscam B1D8-1
Wanscam C-118
Wanscam C-126
Wanscam Colour
Wanscam FI-18904w
Wanscam FR-4020A2
Wanscam FR4020A2
Wanscam HD-100W
Wanscam HW-0021
Wanscam HW-0022
Wanscam HW-0022HD
Wanscam HW-0023
Wanscam HW-0024
Wanscam HW-0025
Wanscam HW-0026
Wanscam HW-0028
Wanscam HW-0033
Wanscam HW-0036
Wanscam HW-0038
Wanscam HW-0039
Wanscam HW-22
Wanscam HW0030
Wanscam IP
Wanscam JW-0001
Wanscam JW-0003
Wanscam JW-0004
Wanscam JW-0004m
Wanscam JW-0005
Wanscam JW-0006
Wanscam JW-0008
Wanscam JW-0009
Wanscam JW-0010
Wanscam JW-0011
Wanscam JW-0011l
Wanscam JW-0012
Wanscam JW-0018
Wanscam JW-004
Wanscam JW-009
Wanscam JW-CD
Wanscam JW000008
Wanscam JW0009
Wanscam JW001
Wanscam JW0012
Wanscam JW008
Wanscam JWEV
Wanscam JWEV-011777-NSRVV
Wanscam JWEV-011921-RXSXT
Wanscam JWEV-360171-BBEAC
Wanscam JWEV-380096-CECDB
Wanscam JWEV-PEPLOW
Wanscam NBC-543W
Wanscam NC-530
Wanscam NC-541
Wanscam NC-541/W
Wanscam NC-541W
Wanscam NC-541w
Wanscam NC-543W
Wanscam NCB-534W
Wanscam NCB-540W
Wanscam NCB-541W
Wanscam NCB-541WB
Wanscam NCB-543W
Wanscam NCBL-618W
Wanscam NCH-532MW
Wanscam NCL-610W
Wanscam NCL-612W
Wanscam NCL-616W
Wanscam NCL-S616W
Wanscam Other
Wanscam TG-002
Wanscam WJ-0004
Wanscam WX-617
Wanscam Works
Wanscam XHA-120903181
Wanscam XHA-4020a2
Wanscam __PTZ
Wanscam chiOthernese
Wanscam ip
Wanscam jw0005
Wanscam jw0010
Wansview 541
Wansview 625W
Wansview MCM-627
Wansview N540w
Wansview NCB-534W
Wansview NCB-541W
Wansview NCB-541w
Wansview NCB-543W
Wansview NCB541W
Wansview NCB545W
Wansview NCL-610W
Wansview NCL610D04
Wansview NCL614W
Wansview Other
Wansview dcs543w
Wansview nc543w
Wardmay+CCTV WDM-6702AL
Watch+bot+Camera resup
WebcamXP Other
WinBook Other
WinBook T-6835
WinBook T-6835WIP
WinBook T-7838
Winic NVT-530004
Wise+Group Other
X-Price Other
X10 39A
X10 AIRSIGHT
X10 AirSight
X10 Airsight
X10 Jake
X10 Other
X10 XC-38A
X10 XX-36A
X10 XX-39A
X10 XX-56A
X10 XX-59A
X10 XX-60
X10 XX-69A
X10 XX41Ahome
XVision Other
XXCamera 53100
XXCamera 5330-E
XXCamera Other
XXCamera XXC-000723-NJFJD
XXCamera XXC-092411-DCAFC
XXCamera XXC-50100-H
XXCamera XXC-50100-T
XXCamera XXC-5030-E
XXCamera XXC-53100-T
XXCamera XXC52130
Xin+Ling Other
Yawcam Other
Zilink Other
Zmodo CMI-11123BK
Zmodo IP-900
Zmodo Other
Zodiac+Security 909
Zodiac+Security Other
Zoneway NC638MW-P
ZyXEL Other
alexim Other
alexim cam22822
alias Other
all+in+one+ Other
all+in+one+ b1
all-in-one Other
allecto DVC-150IP
apc Other
asw-006 Other
boh l
bravo Other
bush+plus BU-300WF
ccam p2p
china 8904W
china HDIPCAM
china IPCAM
china Other
china PTZCAM
china np-02
ciana+exports antani
cina Other
coolead L
coolead L610WS
dax Other
denver IPC-320
denver IPO-320
e-landing 720p
eScam QF100
ebw Other
epexis PIPCAMHD82
epexis pipcam5
esecure nvp
geeya C602
geeya P2P
geeya c801
hdcam Other
homeguard 720P
homeguard Other
homeguard Wireless
homeguard wifi
iView ID002A
iView Other
insteon 75790
insteon 75790wh
insteon High
insteon Other
insteon Wireless
iuk 5A1
ivision hdwificam
iwitness bullet
jwt Other
jyacam JYA8010
kadymay KDM-6800
kadymay KDM6702
kadymay KMD-6800
kadymay Other
kang+xun xxc5030-t
kines Other
kiocong 1601
kiocong 1602
kiocong 1609
kiocong Other
kodak 201pl
koicong 1601
l+series CAM0758
l+series CAM0760
l+series Other
l+series V100
logan n8504hh
meyetech 095475-caeca
meyetech 188091-EFBAE
meyetech Other
meyetech WirelessCam
micasaverde VistaCamSD
pipcam HD17
pni 941w
pni IP451W
pni IP541W
pni IP941W
pni IP951W
pni Other
pnp IP
pnp Other
semac Other
skylink WC-300PS
storex D-10H

Printers

Brother printers including DCP-9020CDW, MFC-9340CDW, MFC-L2700DW, or MFC-J2510 – Details

HP All in One Printers with Fax capability – Details

HP PageWide, HP OfficeJet Pro printers – Details

Panasonic Printer – Details

Storage

Medion LifeCloud Nas  – Details

Netgear ReadyNAS – Details

Netgear Stora  – Details

Seagate Home  – Details

Western Digital My Cloud NAS devices – Details

Western Digital My Book – Details

Wireless Routers

Misfortune Cookie Vulnerability, 12 million router – Long list of routers from Asus to ZTE – Details

Arris NVG589, NVG599 and possibly other modems, routers, gateways sold for AT&T’s U-verse service have a major security hole. If you have one, you need to update it as soon as possible to software newer than 9.2.2 or apply this fix.

CData networking equipment (Cdata, OptiLink, BLIY)- Major backdoors and other issues – Details – The company says these are counterfeit versions.

Cisco RV110W, RV130W, RV215W – Details

Davolink dv2 200 router – Details

D-Link DWR-116, DIR-140L, DIR-640L, DWR-512, DWR-712, DWR-912, DWR-921, DWR-111 and other using similar firmware – Details

D-Link DIR-600l -905l – Details

D-Link DIR-600, DIR-300 – Details

Dlink DWR-932B – Details

Dlink 850L – Details

D-Link DSL-2740R, DSL-2640B, DSL-2780B, DSL-2730B, and DSL-526B – Details

Huawei HG532e – Details

Linksys Wireless Routers Jan 2017 – Details

Linksys E1500/E2500 – Details

Linksys E Series Routers 2018 – Details

MikroTik Routers – Details

Netgear DGN Series- Details

Netgear Routers – 2018 Details – 2020 Details

OpenWRT Firmware – Details

Pulse Secure VPN – Details – Passwords Leaked

Ruckus – Details

Sierra LS300, GX400, GX/ES440, GX/ES450, and
RV50 – Must change default password – Details

Tomato Alternative firmware – Details

TP Link – TL-WR841N – Details

Trendnet TEW-731BR router – Details

Ubiquiti – Details – Details

Zyxel NAS542, NAS540, NAS520, NAS326, NSA325 v2, NSA325, NSA320S, NSA320, NSA310S, NSA310, NSA221, NSA220+, NSA220, and NSA210. – Details – Older models will not be patched, must keep NAS behind firewall.  Some Zyxel firewalls also have vulnerability. Stop using ones that are not patched. – Details

These routers have uPNP on by default and should not:

ADB Broadband S.p.A,    HomeStation ADSL Router  
ADB Broadband,    ADB ADSL Router  
ADBB,    ADB ADSL Router  
ALSiTEC,    Broadcom ADSL Router  
ASB,    ADSL Router  
ASB,    ChinaNet EPON Router  
ASB,    ChinaTelecom E8C(EPON) Gateway  
Actiontec,    Actiontec GT784WN  
Actiontec,    Verizon ADSL Router  
BEC Technologies Inc.,    Broadcom ADSL Router  
Best IT World India Pvt. Ltd.,    150M Wireless-N ADSL2+ Router  
Best IT World India Pvt. Ltd.,    iB-WRA300N  
Billion Electric Co., Ltd.,    ADSL2+ Firewall Router  
Billion Electric Co., Ltd.,    BiPAC 7800NXL  
Billion,    BiPAC 7700N  
Billion,    BiPAC 7700N R2  
Binatone Telecommunication,    Broadcom LAN Router  
Broadcom,    ADSL Router  
Broadcom,    ADSL2+ 11n WiFi CPE  
Broadcom,    Broadcom  Router  
Broadcom,    Broadcom ADSL Router  
Broadcom,    D-Link DSL-2640B  
Broadcom,    D-link ADSL Router  
Broadcom,    DLink ADSL Router  
ClearAccess,    Broadcom ADSL Router  
Comtrend,    AR-5383n  
Comtrend,    Broadcom ADSL Router  
Comtrend,    Comtrend single-chip ADSL router  
D-Link Corporation.,    D-Link DSL-2640B  
D-Link Corporation.,    D-Link DSL-2641B  
D-Link Corporation.,    D-Link DSL-2740B  
D-Link Corporation.,    D-Link DSL-2750B  
D-Link Corporation.,    D-LinkDSL-2640B  
D-Link Corporation.,    D-LinkDSL-2641B  
D-Link Corporation.,    D-LinkDSL-2741B  
D-Link Corporation.,    DSL-2640B  
D-Link,    ADSL 4*FE 11n Router  
D-Link,    D-Link ADSL Router  
D-Link,    D-Link DSL-2640U  
D-Link,    D-Link DSL-2730B  
D-Link,    D-Link DSL-2730U  
D-Link,    D-Link DSL-2750B  
D-Link,    D-Link DSL-2750U  
D-Link,    D-Link DSL-6751  
D-Link,    D-Link DSL2750U  
D-Link,    D-Link Router  
D-Link,    D-link ADSL Router  
D-Link,    DVA-G3672B-LTT Networks ADSL Router  
DARE,    Dare router  
DLink,    D-Link DSL-2730B  
DLink,    D-Link VDSL Router  
DLink,    DLink ADSL Router  
DQ Technology, Inc.,    ADSL2+ 11n WiFi CPE  
DQ Technology, Inc.,    Broadcom ADSL Router  
DSL,    ADSL Router  
DareGlobal,    D-Link ADSL Router  
Digicom S.p.A.,    ADSL Wireless Modem/Router  
Digicom S.p.A.,    RAW300C-T03  
Dlink,    D-Link DSL-225  
Eltex,    Broadcom ADSL Router  
FiberHome,    Broadcom ADSL Router  
GWD,    ChinaTelecom E8C(EPON) Gateway  
Genew,    Broadcom ADSL Router  
INTEX,    W150D  
INTEX,    W300D  
INTEX,    Wireless N 150 ADSL2+ Modem Router  
INTEX,    Wireless N 300 ADSL2+ Modem Router  
ITI Ltd.,    ITI Ltd.ADSL2Plus Modem/Router  
Inteno,    Broadcom ADSL Router  
Intercross,    Broadcom ADSL Router  
IskraTEL,    Broadcom ADSL Router  
Kasda,    Broadcom ADSL Router  
Link-One,    Modem Roteador Wireless N ADSL2+ 150 Mbps  
Linksys,    Cisco X1000  
Linksys,    Cisco X3500  
NB,    DSL-2740B  
NetComm Wireless Limited,    NetComm ADSL2+ Wireless Router  
NetComm,    NetComm ADSL2+ Wireless Router  
NetComm,    NetComm WiFi Data and VoIP Gateway  
OPTICOM,    DSLink 279  
Opticom,    DSLink 485  
Orcon,    Genius  
QTECH,    QTECH  
Raisecom,    Broadcom ADSL Router  
Ramptel,    300Mbps ADSL Wireless-N Router  
Router,    ADSL2+ Router  
SCTY,    TYKH PON Router  
Star-Net,    Broadcom ADSL Router  
Starbridge Networks,    Broadcom ADSL Router  
TP-LINK Technologies Co., Ltd,    300Mbps Wireless N ADSL2+ Modem Router  
TP-LINK Technologies Co., Ltd,    300Mbps Wireless N USB ADSL2+ Modem Router  
TP-LINK,    TP-LINK Wireless ADSL2+ Modem Router  
TP-LINK,    TP-LINK Wireless ADSL2+ Router  
Technicolor,    CenturyLink TR-064 v4.0  
Tenda,    Tenda ADSL2+ WIFI MODEM  
Tenda,    Tenda ADSL2+ WIFI Router  
Tenda,    Tenda Gateway  
Tenda/Imex,    ADSL2+ WIFI-MODEM WITH 3G/4G USB PORT  
Tenda/Imex,    ADSL2+ WIFI-MODEM WITH EVO SUPPORT  
UTStarcom Inc.,    UTStarcom ADSL2+ Modem Router  
UTStarcom Inc.,    UTStarcom ADSL2+ Modem/Wireless Router  
UniqueNet Solutions,    WLAN N300 ADSL2+ Modem Router  
ZTE,    Broadcom ADSL Router  
ZTE,    ONU Router  
ZYXEL,    ZyXEL VDSL Router  
Zhone,    Broadcom ADSL Router  
Zhone,    Zhone Wireless Gateway  
Zoom,    Zoom Adsl Modem/Router  
ZyXEL,    CenturyLink UPnP v1.0  
ZyXEL,    P-660HN-51  
ZyXEL,    ZyXEL xDSL Router  
huaqin,    HGU210 v3 Router  
iBall Baton,    iBall Baton 150M Wireless-N ADSL2+ Router  
iiNet Limited,    BudiiLite  
iiNet,    BoB2  
iiNet,    BoBLite  

Chips used in many products

Realtek rtl81xx SDK with the miniigd daemon – Details

Motherboards

SuperMicro BMC – Details

General Internet of Things Security Tips

Securing Wearable Technology Fitness Devices

Fitness trackers like the Fitbit, Vivosmart, Jawbone Up, Apple Watch, etc connect via Bluetooth.  Some devices use a fixed Bluetooth MAC address, allow criminals or law enforcement to identify you, wherever you go.

More secure fitness trackers like the Apple Watch protect users against tracking by switching the devices address every 10 minutes.

Look for updates from your fitness device’s website to address this issue. Garmin has issued updates to fix this issue.

Federal Trade Commission Makes Asus Improve Router Security

In February 2016, the Federal Trade Commission settled charges with Asus, over critical security flaws in its routers that put the home networks of hundreds of thousands of consumers at risk.

Finally!, the government is forcing these manufacturers to fix wireless routers that can be come huge security holes. This precedent should cause Internet of Things makers to also fix issues, or be subject to lawsuits.

Conclusion

IOT devices are great, but introduce a new level of complexity and security holes for hackers to break in.

Do you worry about getting hacked through your gadgets?

Security has become an ever more important part of using a personal computer. Increasingly, the daily headlines include news of companies and websites getting hacked. It is important to learn how to properly secure your wireless Internet as well as secure your personal computer.

This article focuses on how to secure your wireless network router so that you do not become part of the statistics. The wireless router typically includes a firewall that defines the perimeter of your network. Think of this as a fence, walling off your network from the Internet. Having a vulnerable wireless network allows criminals to ppossibly steal your data as well as Internet access. You could also become responsible for illegal downloading if your wireless Internet was compromised.

October 2017 Wi-Fi KRACK attack Warning

KRACK attack on Wi-Fi. Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.  Virtually ALL Wi-Fi equipped devices need to be updated.  The attack is particularly bad on Android 6.0 and Linux. If you have a device with no updates (eg Internet of Things), you will be open to attacks.

You should not be using any non-802.11ac devices any more, if at all possible; and you should make absolutely certain you’ve updated the firmware on all routers to the latest available version.

If that newest available firmware version is older than November 2017, it is without a doubt vulnerable to KRACK, and you’re going to need to discard and replace that device. If it’s older than, say, July 2018 it might or might not include KRACK mitigations, and you should go through all of that device’s firmware release notes since November 2017 to make certain.

Government Spying via Compromised Wi-Fi Routers

WikiLeaks has confirmed that insecure wireless routers were hacked and users spied probably by the CIA.  If you own a router on the list, update its software immediately or buy a new one.

Federal Trade Commission Makes Asus Improve Router Security

In February 2016, the Federal Trade Commission settled charges with Asus, over critical security flaws in its routers that put the home networks of hundreds of thousands of consumers at risk.

The proposed consent order will require ASUS to establish and maintain a comprehensive security program subject to independent audits for the next 20 years.

Finally!, the government is forcing these manufacturers to fix wireless routers that can be come huge security holes.

Wirless Routers are a big Security Hole

The Wall Street Journal commissioned a security researcher to test 20 popular internet Wireless Routers in late 2015. 10 had known security weaknesses. 4 had old firmware that when upgraded could contain undocumented security problems.  Keep your router’s software update and if it is older than 2 years, you should buy a new one. Few routers automatically update their software, like Windows does. Most networking companies’ stop updating them after a year or two (They have no financial incentive), resulting in a major security risk.

Hackers can take control of insecure wireless routers to snoop on all your Internet traffic, initial denial of services attacks on others, or steal your financial information.

Cable or DSL Modem Direct Connection

Some high speed Internet connections allow you to directly connect your computer to the modem.  We recommend installing a network router in this situation to help protect the computer from external traffic. Install a wireless router and turn off the wireless capability if you do not need it.

Hardwired Ethernet Network

Secure wireless is an oxymoron! Using a hardwired Ethernet connection is much more secure than wireless Internet, a must for those looking for the maximum protection. Unfortunately, this is type of access is not possible for some devices (iPad, iPhone, etc.) and is far from convenient. Most users who demand the utmost in security and performance lay Ethernet networking in their homes and businesses. They may still run a wireless network, but limit access on that network to just a couple devices.

What is the most secure Wireless Router?

Wireless router hardware is available from many major manufacturers, including Apple, Cisco – Linksys, D-Link, or Netgear. We suggest avoiding smaller companies because they may be slow to update the software (firmware) and patch security holes. Unfortunately, even the large comes stop upgrade software on their routers after a year or two, you then should buy a NEW router. Fewer notify users of new software availability.

Manufacturer’s models differ in wireless range, speed, wireless standard support (Wireless-AC), and special features. Always make sure to update to the latest firmware available; bug fixes, security fixes, and enhancements were possibly added.

More Advanced Routers

The best routers are more robust routers targeted towards small business. They have more advanced security and are updated more often. If you are not technical, forget about buying one.

• pfsense – Makes a solid security appliance. Their 2 port model is more affordable at $299, $374 with 802.11N. You need to be somewhat technical to setup Virtual LANs.
• Ubiquiti Networks – Makes a great low cost multi port router, EdgeRouter X, for under $50. Add their UniFi AP AC Lite access points ($90) and you have one of the best and cost effective Wireless setups. Again not for beginners. Great Setup Guide

Cheap 3 Router secure Wireless Setup for IOT

Here is a good setup if you are concerned about security, are not a network expert, and need to have a guest network or have Internet of Things devices. (IE Nest Cam, Nest Smoke Detector, etc)  This configuration prevents these devices from snooping or intercepting your normal traffic. Using a typical Wireless router’s Guest network will NOT accomplish the same thing.

Kudos to Steve Gibson of Security Now. Buy or re-use a cheap old router that does not have to have wireless capabilities. We will be connecting them in a Y configuration. Connect this Router 1 to your Cable / DSL Modem.

Wireless Router 2 and Wireless Router 3 are both plugged into Router 1.

• Use Wireless Router 2 for all your computer, tablet, smartphone needs.
• Connect Wireless Router 3 with all your IOT or Internet of Things devices, like security systems, cameras, thermostat, etc.
• IOT devices should use a different DNS Server than your standard one.

Optimizing Wireless Routers for Maximum Range

• Physical Location – Where you place the wireless router is very important.
  • Position the wireless router to most central or optimal location for best coverage of your wireless network, and least amount of leakage to unwanted places like your neighbors or passersby on the street. This may be high up on a wall and may not be in the room the Internet connection is located in. Keep the wireless router away from microwave ovens and cordless phones.
  • If you have sufficient wireless coverage and your wireless router supports it, you could also Reduce your wireless router’s transmitter power so it doesn’t send the signal beyond your home.
  • Run a utility such as inSSIDer that helps you adjust your wireless router’s channel configuration to prevent interfering with surrounding wireless wifi networks. Wifi Analyzer for Android, Wi-Fi Finder iOS also works. Most routers are preset to channel 6, causing more collisions.
  • Antennas – Low cost 3^rd party add on antennas extend range without the need to buy a new wireless router; free antennas can also extend range. Some antenna’s omnidirectional, while others are directional, allowing you to focus a wireless signal. Replace the cheap antenna that came with your wireless router, to significantly increase performance.
  • Add an electrical power timer to turn off the wireless router when not in use or at night. This saves money and offers added security.

Wireless Network Router Settings

Wireless routers need to be configured properly to ensure proper operation as well as maximum security. Although wireless routers from different vendors include differing configuration options, most include these configuration settings. We have included screenshots for a variety of popular wireless routers, but can never cover every single wireless router available. We recommend disconnecting your cable or DSL modem while your router is being configured as some routers take a while to boot up and present an unfiltered connection while loading up.

Before you make any changes to your wireless router, always note how it was configured before the changes were done, so you can undo changes.

Access the administrator configuration for your wireless router by either running the software that was included with it or by accessing it directly from a web browser. For instance, Linksys router web interface for their wireless routers can be accessed when entering the following URL into your browser: https://192.168.1.1/

Administrator Password

• Password entered to gain access to the wireless router hardware. The administrator password MUST be changed from factory default to something difficult and long. Many people never change the factory password and leave themselves wide open to getting hacked. See our article on generating secure passwords for tips.
• Router Default Passwords can show you passwords for routers left unchanged from default
• Disable remote router access or Remote management so no one can change your settings from outside your network. On Linksys routers, it is located on the Administration tab – Management.
• Enable Logs so that you can go back and see where problems arose.

Cisco Linksys Wireless Security Settings

Cisco Linksys Dual Band 2.4Ghz 5Ghz Wireless Security Settings

DLink Wireless Security Settings

Wireless Encryption

• It is best to use WPA2-Personal security mode, AES encryption (do not select TKIP), a long Pre-Shared Key. Recommendation: Long (40+ characters) and include symbols, and upper and lower case. You will have to enter this password on each wireless device.
• Do not use WEP or WPA encryption as they are easily hacked. WEP encryption can be broken in under a minute. If you have hardware that does not support WPA2 encryption, replace the hardware.
• Always use encryption and NEVER have an open Wi-Fi access point without a password.

Mac Address Filtering

• This should be Disabled. This ensures that only authorized Wireless devices’ Mac Address (the serial number of the networking devices) are allowed to access the wireless router. Enabling it does not make it anymore secure against hackers. They can spoof Mac Addresses.

SSID

• Name – Change the default name. Do not use your address or a personal name. It is important to have a unique name so that when you’re away from home, your devices do not automatically try to logon to other wireless networks with the same name. This will also make you less susceptible to attacks using precomputing tables based on default names. Make sure you do not use names like: linksys, netgear, attwifi, 2wire####.
• To make your WiFi Network name more secure you should also add “_nomap_optout” to the end of it.  This prevents early Windows 10 installs from sharing it and Google from indexing it.
• Broadcast – Should be enabled to present easy access and prevent devices beaconing for it when it is out of range. Hiding it does not make it anymore secure against hackers.

UPNP – Disable this feature.  Very Important! It makes your network much more vulnerable. Although adding devices will require manual action. You could also enable Universal plug and play only when adding a new device.

Wi-Fi Protected Setup (WPS) – Disable this feature (if possible) and enable manual setup, even though it makes setup much easier.  It makes your network much more vulnerable to external hacking. A flaw allows a remote attacker to recover the WPS PIN and, with it, the router’s WPA/WPA2 password in a few hours was uncovered in December 2011. Checkout our WPS article on this.

Some older Linksys routers have SecureEasySetup (SES), which can be disabled to increase security.

Bands – More advanced wireless routers operate on multiple frequencies at the same time.

• 2.4 GHz – This is the typical Wi-Fi frequency used by most wireless routers.
• 5 GHz – More advanced routers support this frequency. Your computer or Wi-Fi device needs to also support the 5 GHz frequency option, so an extra network adapter may be required. Utilizing only this frequency helps prevent your network from being probed by less sophisticated hackers. *Note* 5 GHz performance transfer rate decreases dramatically the farther the device is from the router. Buy a new router if this is the case.

DHCP

• DHCP is used to handout Internet IP Addresses to your local network devices. Be sure to set a limit to the number of DHCP addresses given out by your router. This number should correspond to the actual number of devices you own. Occasionally, login to your router and audit the number of DHCP addresses given out, to look for nearby Internet leeches. RogueScanner is a free tool that will help you find rogue wireless access points and devices.

DNS

Set the DNS (Domain Name Server) that the router uses to either your ISP’s DNS Server or better yet, to Google’s high performance DNS: 8.8.8.8

Leaving the field empty could lead to DNS spoofing.

Wireless Routers with Guest Network 

This is an IMPORTANT feature to look for in a new Wi-Fi router. If your wireless router is capable of setting up a separate network for your Guests and Internet of things (IOT – Cameras, Doorbells, etc) devices, you need to ensure that it is set up properly to prevent access to your main network. Keep in mind that some older guest networks (Linksys, Cisco) simply have a password but do not utilize wireless encryption such as WPA2. Buy a new router if this is the case.

Use a different password for this network and give this out to your guests.  Also place the following types of devices on this network, not your main network.

• Security Cameras
• Wireless Thermostats and Smoke detectors (IE Nest)
• Internet of things devices (Toys, Cars, Appliances, etc)
• Cars

Isolating Guest Network Access

If you have a D-Link wireless router, be sure that the Enable Routing Between Zones option is not checked. This will prevent access by a guest network client, onto your main network.

If you have an Asus wireless router, be sure that the Access Intranet option is set to Disable. This will prevent access by a guest network client onto your main network.

• Some Asus routers have Set AP Isolated in their Wireless-Professional Menu. Setting this to Yes for the 2.4Ghz Band will also increase security by preventing guest network clients from accessing each other.
• Advanced Asus Router users: If you are running 3rd party Asus Merlin firmware adding this rule to a firewall-start file will prevent guest network users from being able to access each others:
  • wl -i wl0.1 ap_isolate 1

Known Wireless Router Issues

If you own an AsusRT-N66U or Linksys E-series wireless router, make sure it has been updated to prevent the Moon worm.

Additional Security

• Options such as Radius Authentication may be supported by the wireless router. This is more for corporate or small business security. ZeroShell allows you to set up a RADIUS server inside a virtual machine.

Third Party Wireless Router Firmware

• 3^rdParty Firmware or software for the wireless router is often available with additional features not available from the manufacturer’s firmware. This many also be more secure than your original firmware.
  • Why? – Need a particular special feature. Often only for power users.
  • What features would be available? – Stability, security, configurability
  • Wireless Router Compatibility – Check website to see if your wireless router is supported by 3^rd party firmware

• Tomato – Popular 3^rd party replacement firmware for many wireless routers.

• DD-WRT – Popular open-source 3^rd party replacement firmware for many wireless routers. This firmware enables you to adjust the transmit power of the router to help boost range.
• Asuswrt-Merlin – This 3rd party alternative firmware is focused on Asus routers.

Buffalo  makes wireless routers with DD-WRT pre-installed. This allows them to reduce the amount of software (firmware) they have to write, and concentrate their efforts more on hardware. If you are afraid of accidentally damaging your wireless router by installing 3^rd party firmware consider purchasing a Buffalo High Performance wireless router.

• Do It Yourself (DIY) Wireless Router – allows for advance features , good if you have extra computers, higher performance needs, QoS, IP filtering, traffic stats, special network configurations that are not mainstream.
  • Smoothwall – Popular 3^rd party Linux based router software. Runs on any Pentium-class PC with at least 128 MB of RAM. Snort Intrusion Detection System support is also available, so you do not have to run Snort in a separate installation.

Testing Wireless Router Security

Testing wireless router security is important to see how secure your wireless router really is. Here are some sites that help test your wireless router’s security. You can adjust your configuration to close any vulnerabilities they find.

• Rapid7 – Has penetration testing software
• Shields Up – Tests your network with tools from Steve Gibson of GRC.
• HackerWatch – Tests your network with tools from McAfee.
• HackerTarget – Multiple tests on your network
• Arachni – Security scanning framework

By applying special settings to your wireless router, you can significantly increase the security of your wireless network to prevent theft and secure our privacy.

Also keep you wireless router’s software up to date and buy a new one every couple years, if there has not been an software update recently.

This concludes our How to setup a Secure Wireless Network Router  article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure wireless network Router, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.

Google’s Android operating system powers many popular cellphones including the popular Samsung Galaxy S10. Most Android Smartphone users as well as most of the pubic at large do not think very much about security.

If your phone is not running the latest Android Monthly security patches or is Android 6 or older, you are open to attack. A recent Wall Street Journal article showed that only 2.8% of Android devices have the latest security patches. Compare that to 79% of iPhones, due to Apple’s more uniform eco-system.

As of February 2019 only Android 7 to 9 receive security updates now)

Most Up to Date Android Smartphones

• Google Pixel 3

This flagship phone runs the latest Android version and is patched regularly. Sold directly from Google or from a couple wireless carriers.

You can check this Google Support page that shows when updates will be available for Google devices and when devices stop getting updates.

Keep in mind that some companies claim to have all the latest security patches but may not.

We will cover some techniques to enhance your Android phone security.

Obsolete Hardware

Most hardware vendors like Samsung stop issuing updates after 3 years of release.  Need a good reason to upgrade to a new phone?  This is it. Incapacitate then recycle your old phone to prevent reuse.

Samsung has a page that lists which devices are still getting updates, as does Google.

Samsung SmartSwitch helps you update phones on Windows or Mac.

If you have an Phone or Tablet that no longer gets updates, we would recycle it and buy a new one RIGHT away. Keep in mind that Android Patch in July 2017 is the first version that fixed a Huge Broadcom Wi-Fi bug. Without that fix, you can get hacked by just having a Wi-Fi signal nearby.

Google Play Protect

• Be sure your device is running Google Play Protect.  It scans for Malware and bad apps. This was release in July 2017 and runs on Google Play Services 11 or higher. This is a unification of Android security systems like Verify Apps, browser protection, and anti-theft measures.

You need to test your Android Device for Vulnerabilities

Here are the major security holes that you need to test your phone against.  If your phone fails any of these, get it updated or buy a new phone.

2/1/2019: Google has patch a major bug in Android where you can get hacked just by looking at a picture in a SMS, Email, or web page!  Update your Android software to Patch Level February 2019 or later, right away.  If your phone no longer gets updates, please consider buying a new one.

QuadRooter – Learn more about this issue. August 2016

DroidJack Remote spying – Learn more about this issue. August 2015

Stagefright MMS Flaw- Learn more about this issue. August 2015

Shellshock – Learn more about this issue. September 2014

Why is Android more susceptible to attack?

• Older Smartphones with unpatched old versions of Android
• Many phones never being given latest updates
• Bigger audience to attack due to market share
• Chipset vendors fixes slow to reach public
• Multiple App stores
• Apps are not thoroughly vetted
• Bloatware, trialware from handset makers
• Malware introduced in production chain

The Android Smartphone is part of Android’s open ecosystem, making viruses and malware more possible than closed platforms like the iPhone. As the Android Smartphone has grown in popularity, the smartphone has become more of a target by hackers and criminals. The DroidDream and Plankton Android malware infected over 250,000 phones before anyone discovered their malware. Google removed over 58 malicious apps from this single malware. A recent survey has shown that only 30% of Android Smartphone users installed security software on their phones. Malware can grab private data or use the phone to communicate externally.
Carrier IQ is a controversial piece of software that can show you what certain Android phones and spyware can do if the carriers allow it.

It is important that Android Smartphone users immediately become more vigilant about smartphone security. Our tutorial covers the Android Smartphones running most versions of the Android operating system.

Android Vulnerabilities.org gives a snapshot of how many devices are insecure.

The NSA and Android

Did you know that the NSA has been programming for Android and has inserted its code into the operating system? This has been happening since 2011 and has been focused on adding code to prevent hackers and marketers from accessing personal data on your Android device. Devices including the Samsung Galaxy S4 and HTC One have NSA code embedded, but not enabled by default. Apple does not accept code from government agencies. Android is open source, so programmers can more easily scrutinize every line of code that is in it. Hopefully the NSA will not add monitoring code in the future.

1. Android Smartphone Software Updates

Google upgrades the Android software for the Android Smartphone all the time. Montly Updates include additional functionality as well as security bug fixes. It is important that users apply updates immediately. Yes, updates take a while to install, but you do need to do it right away. Contact your smartphone vendor for the latest Android software update to your handset.

Some handset makers take their time to release Android updates.  Beware. This is the MAIN reason why millions of Android phones go unpatched.  Buy a phone that use plain Android and can take updates directly from Google, like the Google Nexus or Pixel line.

90 percent of Android devices two years or older have an operating system that’s vulnerable.

Replacing an Android Phone due to Lack of Updates

If you have an Android Smartphone that does not get the latest Android updates, we highly recommend you REPLACE the smartphone with a new one that does. Unfortunately you will need to switch phones every 2-3 years to keep up to date. Recycle the phone, do not give it away.

This Google support page  shows you the status of Google Nexus Software updates and security updates.

These Nexus phones, tablets are have no guaranteed security updates after October 2017!

• Nexus 10
• Nexus 9
• Nexus 7
• Nexus 6
• Nexus 5
• Nexus 4

If you Root your Android Smartphone, you need to be extra careful with regards to security as updates are much more difficult for you. Be careful where you obtain your Android Apps as malware is much more prevalent. Rooting also exposes your device’s internal hardware to software much more so than normal. This is the equivalent of running your PC as Administrator.

2. Android Smartphone App Security

Apple’s App Store reviews all submissions before adding them, but Google does not thoroughly review Apps added to their store. Google does run a security scanner on apps to ensure that they do not include known malware. There have been several occasions where Apps containing malware have entered the Google play formerly known as Android Market.

Neither App Store technique is full proof, users need to be careful when installing apps.

Apps are prone to security vulnerabilities that are fixed by updates. Keep apps updated regularly and remove apps that you do not use. To update applications do the following:

• Tap the Notification menu at the top and drag it downwards. If there are App updates available, they will be shown
• Tap on App updates to bring you to Google play formerly known as Android Market
• Tap the App to be updated
• Repeat the process for all Apps

Google has the ability to remotely remove malicious apps from your Android Smartphone. This is NOT true if you buy from 3rd party App store.

When installing new Apps, we suggest you install well known Apps from Google play formerly known as Android Market or Amazon App Store with positive reviews, and avoid brand new Apps from unfamiliar companies, and unofficial 3rd party App stores like mmoovv.com or samsunggalaxy-s.ru.This becomes a problem when the official App Market is blocked, such is the case in China.

It is fairly easy to repackage free Apps into a clone of the App. Repackaged Apps that also include Malware or Spyware have been encountered on 3rd party Android Markets. Free pirated versions of paid Apps are also found on 3rd party sites. Download only from the official App Market and give new Apps time to build trust and to allow others to help test the App for malware and security risks.

Users also need to be aware that scareware where apps are displaying advertisements for battery saving apps have been tied to malware. If the user taps on the ad, your phone’s browser launches and proceeds to download the apps file. These apps could endanger your privacy by stealing your address book, or cause money to be withdrawn from your accounts via costly phone calls or SMS messages.

3. Suggested Android Smartphone Settings for Security

Below are several suggestions for Android Smartphone settings to increase security on the smartphone. If you use swipe patterns to unlock the phone, make sure you clean your Android devices’ screen regularly otherwise people can see how your pattern looks.  Doing repeated circular or square patterns helps foil thieves.

Enable Passcode

• Open Settings
  
• Select Security
• Select Screen Lock
• Select Password
• Enter a Passcode – Do not select an obvious passcode like 1234a or 1111a

Google automatically encrypts its Nexus smartphones, but other companies are not required to do this. As of 2016, less than 10% of Android phones had encryption enabled. 80% of iPhones had encryption turned on. Android 6 Marshmallow requires encryption to be enabled by default.

Encrypt your Android Smartphone and require a PIN or password to decrypt it every time you power it on. It takes an hour or longer to initially encrypt your Smartphone. Older Android phones many operate slower when encryption is enabled. Launching apps might take a second or two longer. Turning on encyption requires a full battery or the phone connected to a charger.

• Open Settings
  
• Select Security
• Select Encrypt phone
• Click Encrypt phone

Lock SIM card makes your phone require a PIN before becoming enabled.

• Open Settings
  
• Select Security
• Select Set up SIM card lock
  
• Select Lock SIM card

If you are not using any Bluetooth devices, disable Bluetooth to increase battery life and prevent security risks.

• Open Settings
  
• Select Wireless and Networks
• Uncheck Bluetooth

Backing up your Android Smartphone regularly is an important task. If you have a rooted Android Smartphone use the ROM Manager and Titanium Backup root.  Regular Android Smartphones need to pay for backup Apps like MyBackup Pro. There are free Apps to backup individual areas like SMS, images, or Applications.

4. Android Smartphone Email Security

It is important that email accounts accessed from a smartphone are setup utilizing encryption when available. Many email providers including Google’s Gmail, Microsoft Exchange, AOL Mail and Yahoo Mail support SSL (secure sockets layer) when accessing their mail servers. If SSL is not used, your emails as well as your password can be read by hackers. Most major email providers automatically activate SSL if you let Android setup your email account.

If you are setting up a new email account, make sure that you have enabled SSL or TLS in the Security type field for both the incoming and the outgoing mail server.

To check an existing Mail Account for secure SSL access, do the following:

• Open Email application
  
• If Combined Inbox is shown, Select a mail account by tapping Accounts then Select the email account. Otherwise, hit Menu then Account Settings
• Check Incoming settings and Outgoing settings
• Examine the Security Type field
• Verify that it is not set to None

If it is set to None, check with your email provider to verify their SSL support and enable it if possible.

Also, make sure your email account has been cleansed with a good spam filter. This is a basic requirement of any solid email provider. If your email vendor needs spam filtering assistance, consider accessing the email account via POP inside a Gmail account.

OpenKeychain – public key encryption for emails and files, to make sure your emails are only read by who you sent them to and others can send you messages only you can read.

5. Find a Lost Android Smartphone, Erase a Lost Android Smartphone

Andrdoid 5.1 and higher includes a Device Protection feature. This is required on all phones manufactured after June 30, 2015 and sold in California. You can set it up in the Lock screen settings. It requires you be signed into your Google account.

Find My Device is a helpful feature made by Google, so you can locate, ring, or wipe your device remotely.

If you are running an older version of Android, you need a 3rd party app to handle finding a lost phone. Here are some options:

• Android Lost – Locate, wipe, lock, take pictures, and much more
• Prey – Open source, cross-platform, lost phone or tablet protection
• Wheres My Droid – Find your lost phone, password protection, notification of changed SIM card. Paid Pro version includes remote phone erasing

When you lose your device utilize the lost device App you installed. If you cannot access the device, make sure you contact your Wireless carrier so they can disable the device. If you recover your Smartphone, make sure you change all passwords.

Also consider creating a special graphics file with your emergency contact information that can be used as your lock screen. If you are having a life threatening emergency, people could still access this information. If your Android Smartphone is lost and password protected, people could still contact you.

6. Using WiFi securely

When accessing a wireless network outside the home, exercise caution. Any information sent over an external wireless may be subject to eavesdropping. Unless you know the Wi-Fi network is secure, we would recommend against connecting to it.

If you really want to use an unfamiliar wireless connection, limit usage to non-critical apps, email, and web. Do not e-mail, online shop, online bank, or online trade from public wifi hot spots or cyber cafes. Many of these locations provide little to no security and are prone to snooping or malware.

The Android Smartphone can remember wireless networks by name and automatically log into them. This convenience function turns into a security problem because the Android Smartphone will automatically send the same password to a wireless network of the same name. So if you name your wireless router, Linksys, if you encounter another wireless router with the same name, the Android Smartphone will automatically use the password. A hacker could exploit this to obtain your wireless router’s password. We suggest you do not enable any automatic joining to wireless networks. The Android Smartphone is very good at transparently switching from a cellular data network to a Wi-Fi wireless network. You can turn off Wi-Fi auto connect by the following:

• Open Settings app
• Choose Wireless & Networks
• Select Wi-Fi Settings
• Uncheck auto connect

When accessing the Internet on a smartphone or tablet, using the built in 3G/4G connection is a lot safer than connecting via a local wireless internet hotspot. This warning applies to both apps and mobile internet browsers.

The safest way to use a public wireless network is by employing a VPN (virtual private network) which securely tunnels all of your Android Smartphone’s traffic through a secure server. There are many paid services that sell VPN access.

Disable WiFi when you are not accessing wireless networks. This will extend your battery life and increase security.

7. Secure Browsing with Android “Browser”

Force websites to use secure connections – It is important to utilize secure connections or HTTPS whenever possible. Several large websites have configuration options to force these secure connections. Here is more information on configuring HTTPS with: Gmail, Facebook, Twitter, Google. Google.com defaults to HTTPS if you are signed into your Google Account, if you are not, just manually add the s after http to force a secure connection i.e – https://www.google.com

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

8. Careful Link Clicking and Attachment Opening

As we have learned on computers, clicking on links in email can lead to viruses or malware being installed. We need to take the same precautions and more, on an Android Smartphone. Avoid clicking links in email, text messages, and websites that are unfamiliar to you.

Email attachments require the same amount of caution. Only open attachments when they are expected. Avoid opening your email provider’s spam folder and do not open any attachments in your spam folder.

Opening Attachments Safely with Gmail

Forward the email with attachment to a Gmail account.  From there, you can use Google Docs to open Word Processing, Spreadsheets, etc.  No need to endanger your own computer.

9. Android Smartphone Free Antivirus and Internet Security Software

Android Smartphone anti virus software is available and highly recommended because of the open Android Market for Apps. Be aware that fake anti-malware Apps have appeared, so stick to brand name antivirus Apps.

Antivirus Free – free antivirus App for Android

AVG Antivirus – free mobile security and antivirus App for Android

DR. Web Anti-virus Light – free antivirus App for Android

Lookout – free mobile security and antivirus App for Android

Norton Mobile Security – free mobile security and antivirus App for Android

Webroot Secure Anywhere Mobile – Free Mobile Phone and Tablet security antivirus protection.

Android Smartphone security Apps

Orbot: Tor on Android – Enhance your privacy, break through firewalls and communicate more safely.

10. Android Market Password and Payment Option

You can delete the payment information in your Google account after making a purchase. You must have a payment method in order to make purchases or make refunds. If you are very cautious, remove payment information when you do not anticipate App purchases.

11. Malicious QR Codes

QR codes are appearing in print and all over the place. Be aware that malicious QR codes that lead the user to download malware have been found. Be sure you check the link the QR code points to before using it.

12. NFC – Near Field Communication

NFC has been touted as using your phone as a contact-less credit card.  It is being hyped up by smartphone manufacturers as well as credit card firms.  This technology opens up a new way of hacking your credit card info.  TURN IT OFF and avoid it.  This recent Defcon presentation shows how a security researching skimmed a NFC credit card and used it.

To disable NFC on the Samsung Galaxy S III and other phones:

1. Tap Apps
2. Choose Settings
3. Scroll down the screen and tap More Settings
4. Uncheck the NFC box
5. Close the Settings app

13. Avoid Huawei and ZTE Android Smartphones

These Chinese companies are drawing a lot of attention. Congress suggests people avoid their products due to possible suspicious equipment behavior.

We have covered many ways to improve your Android Smartphone security. Utilizing our tips will help significantly improve the already good security of the Android Smartphone.

14. Stagefright MMS Messaging Bug

August 2015. A specially crafted MMS message can cause your phone to be taken over. Many old phone may never get updated to fix this.

If you’re using Google Hangouts as your default SMS client, disable automatic downloading of media files sent via MMS:

Settings – SMS – Auto Retrieve MMS uncheck

Here’s how to protect your phone from the if you are using Google Messenger (the default SMS client for Android Version 5.0+):

Messenger – Settings – Advanced – Auto Retrieve OFF

Here’s how to protect your phone from the if you are using Messages (the default SMS client for Samsung Galaxy S6):

Messages – More – Settings – More Settings – Multimedia messages – Auto Retrieve OFF

15. Secure Messaging

Law enforcement and probably the NSA use cell phone tower simulators called Stingrays, IMSI catchers, or dirtbox made by Harris. These fake cell phone towers slurp handset identification information and can snoop on data. They deploy these in small planes to net a ton of intercepts, without getting a warrant. Cell phone users have no right to privacy in public areas.

You can fight back by using secure messaging clients like Signal or Chat Secure. Older Stingrays only support 2G, not 3G/4G included with the Hailstorm upgrade, so turning off 2G will help here.

Disable 2G On Android prior to 5.0 – Stops Stingray
1) Pull up the phone dialer and dial *#*#4636#*#* (that spells INFO)
2) This brings you to the Testing screen where can select “Device information”.
3) Scroll down a little and it should say “WCDMA Preferred” or similiar.
4) Change it to WCDMA Only.

It will now stay on 3G/4G/4GLTE and avoid the old school GSM 2G Data towers, keeping you safe from older Stingrays.

Note: Google removed this option on Lollipop 5.0.

You can detect a Stingray by running the apps SnoopSnith or Android IMSI-Catcher Detector.

16. Public Charging – Video Jacking

Do not use a public phone charging cable, it could be capturing video video HDMI recording while you charge aka Video Jacking. Always use your own charging cable.

17. Secure your mobile phone’s account from hijacking or Port-Out Scams

Hackers have been calling wireless carriers like: AT&T, Sprint, T-Mobile, and Verizon asking them to switch control of mobile phone numbers to themselves.

They will repeatedly call, hundreds of times, and make up all kinds of sob stories to get control. Once they hijack control, they will reset passwords of any device that uses that phone number as a security backup via SMS Text or two factor authentication. IE Google, Facebook, Twitter, Bitcoin accounts, etc.

How do you protect against phone hijacking?

• FTC has details
• Do not use your cell phone number in the first place!
• Use two factor authentication that uses a physical key or Google Authenticator App, not Text
• AT&T – Enable an account passcode
• Sprint – Customers setup a PIN when first signing up
• T-Mobile – Enable a customer care password
• Verizon – Setup an account PIN

T-Mobile customers can also call in to the company’s customer support line and place a separate “SIM lock” on their account, which can only be removed if the customer shows up at a retail store with ID.

Be sure to use Google Authenticator instead of Text messages for second factor authentication when possible.

If your phone stops receiving a signal and says “emergency calls only” or “no network,” even after you restart your phone, contact your mobile carrier to see whether your account has been hijacked.

Conclusion

Android is a sophisticated operating system. Because of the nature of its diverse eco-system, users unfortunately need to be proactive to keep their device secure and up to date.

Do you have any Android Security Tips?

While SafeGadget has several tutorials geared towards using Wi-Fi securely, we still realize that this is a major problem area. On our recent trip, we encountered insecure Wi-Fi at several airports, hotels, and restaurants. This tutorial is designed to help all users utilize Wi-Fi safely and securely.

Free Wi-Fi is available in many locations, from airports, hotels, local café, Starbucks to McDonald’s and many other restaurants. Using these mostly unsecured, public wireless networks puts your information at risk. It is important to employ several safeguards when surfing at a public hotspot. If you are using a cybercafe’s shared computer, we would only use it to view information, not to even get your e-mail. Chance are high that it is compromised.

Many public wireless networks are completely unencrypted so that users can log on to them easily. Anytime you login to a free Wi-Fi hotspot that does not require a password, assume that a hacker can ease drop and see all information that is being sent and received.

Some Wi-Fi hotspots from vendors like AT&T and Comcast require you to log in with your username and password before you can get access. You need to understand that this is just access restriction and will not create a secure wireless connection.

This opens up a huge security hole as any hacker or sophisticated computer user could easily see all the sensitive data being transmitted. Passwords to online stores or email accounts can be easily captured by increasingly easy to use tools. In this article, we will help you access public wireless networks safely. Settings within your operating system may need to be optimized, additional software installed, and third party services may need to be subscribed to.

Finding Free Wi-Fi

• Boingo has a Wi-Fi locator. The Starbucks and McDonald’s entries are free.
• Xfinity has a Wi-Fi hot spot locator
• There are several free apps that help you find Wi-Fi (Free Wi-Fi Finder on iPhones and WiFi Finder for Android)

Secure web browsing using HTTPS

Normal website access using HTTP:// causes information to be sent and received in plain text. This type of connection is not secure; a hacker could capture all the information being transferred and steal your data. While this is not important when you are casually surfing, you do not want your email or online trading information to be captured by others.

Force websites to use secure connections – It is important to utilize secure connections or HTTPS whenever possible. Several large websites have configuration options to force these secure connections. Here is more information on configuring HTTPS with: Gmail, Facebook, Twitter, Google. Google.com defaults to HTTPS if you are signed into your Google Account, if you are not, just manually add the s after http to force a secure connection ie –  https://www.google.com

HTTPS causes a secure connection to be made using SSL security. Certificates are digital documents that verify a site’s identity. They are sold by certificate authorities. If a certificate is not signed correctly, your browser will pop up a warning. Recently, a Dutch certificate authority got breached, causing forged certificates to be created. To workaround issues like this, Internet browsers are updated to remove the forged SSL certificates. It is crucial that you keep your browser up-to-date.

If you have applications other than your web browser accessing the Internet (FTP client, desktop mail client, etc.), make sure you enable SSL secure connections within each application.

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

Disable File Sharing

Prevent sharing of any files or folders that are unnecessary. This should be obvious, but becomes a large problem if you are connected outside the home, to a public network. When you are on a public network, you do not want to share files, printers, or any computer resources. To turn off file sharing under Windows 7 do the following:

• Click Start Button
• Type Network and Sharing Center into Start menu’s Search Box
• Select Network and Sharing Center from the results
• Select Choose homegroup and sharing options then select Files and Printers to be unshared, if necessary.

If you are using a Macintosh, consult this article on how to turn off sharing.

Enable your firewall

A firewall prevents unauthorized users from accessing your computer. Windows 7 and Windows Vista have a built-in firewall that is enabled by default. If you are running on the Mac, consult this article on how to turn on your firewall.

Connecting to a Public Wi-Fi Network

When you are setting up a new network connection, Windows will prompt you to choose what type of network this is. The choices are Home Network, Office Network, or Public Network. A Home Network is the most open network because all computers on the network will be treated as friendly, allowing for easy sharing of folders and files, and also allowing the creation of a Home Group for all computers on the network.

Office Network is slightly more strict, but the Public Network is the most strict. Selecting Public Network will hide your computer on the network and disable file and print sharing. This is recommended if you are running a notebook and connect to external networks often. If the computer is only used at home and file or printer sharing is used, do not change the setting.

If you need more control when connecting to different networks, try the Window’s Utility NetSetMan. Macintosh users can try AirPort Location.

Setup a VPN or virtual private network

A virtual private network (VPN) is a secure, encrypted tunnel for your computer to communicate with the Internet. All traffic travels over this secure connection, preventing hackers from eavesdropping. VPNs help secure Internet traffic that is not sent using SSL secure connections. The tunnel starts on your computer, travels over the public wireless network, and connects you with either a VPN server in your home or one that you subscribe to. Your data travels over a secure, private network even though you may be accessing a public insecure network. There are several free VPN options as well as many companies selling VPN access.

Be aware that using a VPN to order products online may cause some problems. The VPN will make your IP address appear to be located wherever the VPN server is located, which could be in another state or even country. If you order an item and have it shipped to a location different from where your VPN server was located, some fraud detection systems might flag the order as being fraudulent.

Here are some free VPN options:

• CyberGhost VPN free – Installs software on your machine to access their free service. This service is usually overloaded during daytime hours and requires users to wait in a queue for free access. They also have paid accounts that do not require the wait. One downside of this service is that we found several sites which are not accessible through this VPN. PC only; no Mac version.
• Ultrasurf – This free VPN service was mainly designed to circumvent the firewall in China. This VPN only supports web traffic and not other internet traffic like FTP or VOIP. We found that this VPN service does not support certain websites, including WordPress administration pages. PC only; no Mac version.
• Proxify – This web-based service helps you surf the web anonymously and securely. Proxify is limited to web access only. The free service has ads and does not support all file formats.
• Hotspot Shield – A free service for Windows that is slow and filled with ads, spys on you, but works. Paid version eliminates ads. Warnings
• Hide My Ass – A free service that includes a free Web Proxy, Facebook Proxy and more. Read the disclaimers.
• proXPN – Free version is bandwidth throttled and does not allow you to select a country.

All the free VPN services have limitations. If you can work within their limits, we suggest you utilize one. Most users require more robust VPN access and will have to either set up a VPN server on their home computer or sign up for a paid VPN service. Note that most VPNs and Proxy services will not tolerate illegal activities and will cooperate with authorities.

Some proxy servers intentionally strip HTTPS secure connections. Test your proxy at proxycheck.

Signing Up for a Paid VPN Server

Users who travel or are not satisfied by the options we listed above, should sign up for a paid VPN account. This type of VPN access gives the use maximum flexibility and compatibility with various applications.

PPTP protocol is built into Windows and is the VPN protocol of choice, but is easy to block. Open VPN requires a software download for installation. Open VPN will work in places where PPTP VPN is blocked, typically countries in the Middle East or China.

PPTP VPN typically offers less secure 128-bit encryption compared to OpenVPN based VPN servers who can offer up to 2048-bit encryption.

• Overcome geographic locks on website access. Hulu.com and Pandora.com are only accessible from within the United States. Users can purchase a VPN account from a service that makes you appear to be located in the U.S. even though you are abroad.
• Access the internet anonymously. Your IP address will be anonymous and cannot be tracked.
• Security. Use public wireless hotspots securely and prevent others from stealing your identity.
• Bypass firewalls. Access sites that are banned in your country. Log in to Facebook when you are in China.
• Skype discount. You can appear to be located in another country and make “local” calls within that country.

What to Look for in a VPN Provider

• Price – Obviously, the cheaper, the better, but the cheapest providers have a limited feature set and slow performance. Open VPN support cost more.
• Length of Contract – The longer period you commit to, the lower the price.
• Countries – Different VPN providers have servers in different countries.
• Encryption Strength – The stronger the encryption, the higher the price.
• VPN Software Compatibility – Some VPN servers require special client software for higher security access like OpenVPN.
• Logging – Make sure your VPN provider is not logging your Internet activities.
• Speed – Some lower cost providers overload their servers and Internet connections, slowing access.

Users should examine their needs and budget, and select a VPN provider that fulfills their requirements. It is wise to Google search the provider, looking for problems or disgruntled users before signing up. Google search for VPN providers.

When You are Finished Using a Public Wi-Fi Hotspot

When you have finished your online activities, it is important that you turn off your Wi-Fi connection to the public wireless network. Intentionally logging off will prevent any accidental data leakage. In Windows, you can simply right-click on the wireless signal bar icon in the task bar to disconnect from a wireless network.

With some attention to security, free public Wi-Fi can be a useful tool and a safe one.

This concludes our How to use Wi-Fi securely in Hotels, Airports, and Beyond article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure wireless Internet Router, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.

Matthew Green, a well respected cryptographer and professor at Johns Hopkins has a great article discussing Secure Computing – Desktops vs Smartphones, iOS vs Android and more..

Most iPhone users do not think very much about security. The iPhone is part of Apple’s closed ecosystem, helping to prevent viruses and malware from wreaking havoc. As the iPhone has grown in popularity, the smartphone has become more of a target by hackers and criminals. It is important that iPhone users immediately become more vigilant about smartphone security.  Our tutorial covers the iPhone through iPhone 7 Plus and iOS through iOS 11.

0. Obsolete Hardware

If you have an iPhone or iPad that no longer gets updates, we would recycle it and buy a new one RIGHT away. Keep in mind that iOS 10.3.3 is the first version that fixed a Huge Broadcom Wi-Fi bug. Without that fix, you can get hacked by just having a Wi-Fi signal nearby.

1. iPhone Software Updates

Apple upgrades the iOS software for the iPhone from time to time. Updates include additional functionality as well as security bug fixes. It is important that users apply updates immediately. Before iOS 5 users needed to connect their iPhones to a computer in order to update the smartphone’s software. Needless to say, this was inconvenient and led to many iPhones with obsolete software.

Always update to the latest iOS software available as soon as possible.

If you Jailbreak your iPhone, you need to be extra careful with regards to security as iOS updates are much more difficult for you. Be careful where you obtain your Jailbroken Apps as malware is much more prevalent.

2. iPhone App Security

Apple’s App Store reviews all submissions before adding them. All iPhone apps must be authenticated and signed which helps to ensure they haven’t been tampered with or altered. This helps prevent malicious apps from infecting the App Store. (This is not 100% foolproof)

Apps are prone to security vulnerabilities, that are fixed by updates. Keep apps updated regularly and remove apps that you do not use. Regularly use the App Store app and select Updates. iOS 7 added the capability to auto update your apps. Be sure to use this function. Apple has the ability to remotely remove malicious apps from your iPhone.

When installing new Apps, we suggest you install well known Apps with positive reviews, and avoid brand new Apps from unfamiliar companies.  Give new Apps time to build trust and to allow others to help test the App for malware and security risks.

3. Suggested iPhone Settings for Security

Below are several suggestions for iPhone settings to increase security on the smartphone. One in three robberies nationwide involve cell phones, with a ratio estimated as high as one in two within the San Francisco area. Users need to protect their smartphones to prevent a complete disaster.

Passcode

A passcode is required before you perform these tasks:

• Turn on or restart your device
• Slide to unlock your screen (you can change this)
• Update your software
• Erase your device

Enable Passcode, erase iPhone data after ten failed attempts. Starting with iOS 9 the default passcode length is 6 digits instead of 4.

• Open Settings
• Select Touch ID & Passcode Lock
• Select Turn Passcode On
• Enter a Passcode – Do not select an obvious passcode like 1234 or 1111
• Use the Touch ID Fingerprint sensor
• For older version of iOS:
• Turn Simple Passcode off
• Enter a passcode – Do not select an obvious passcode
• Turn Erase Data on – Erases all data after ten failed passcode attempts
• Turn Siri off – Prevents Siri access when locked
• Turn Passbook or Wallet off – Prevents Passbook or Wallet access when locked
• Turn Reply with Message off –  Prevents Reply with Message access when locked (iOS 6)

Data Encryption

Encryption prevents the data stored on your iPhone from being read, if you do not have the passcode. The passcode provides entropy for certain encryption keys. A 256-bit AES key is used to encrypt every new file created.

Starting with iOS 8, thankfully encryption is turned on by default. If you have an older version do the following:

Ensure Encryption is Turned On. After you enable a passcode in iOS version 4 or newer and you have an iPhone 3GS or newer, the phone can use hardware encryption to encrypt the data stored on the phone. Text messages, photos, emails, contacts, and call history were all encrypted.

• Open Settings
  
• Select General
• Select Passcode Lock

After the Setting up a Passcode, scroll down to the bottom of the Passcode Lock Screen and verify that the text “Data protection is enabled” is shown.

If this is the phrase is not shown, do the following:

• Connect your iPhone to your Computer
• Backup your iPhone in iTunes
• Restore your iPhone in iTunes
• Check the Passcode screen again for the phrase “Data protection is enabled“

iCloud Security

As of March 2016, iCloud, the Internet cloud syncing and storage service, current gives Apple the capability to unlock key data like backups, documents, contacts, and calendar information.  Someday this will change.

Apple encrypts your iCloud data in storage, but they encrypt it with their own key, not with your passcode key, which means that they are able to decrypt it to comply with government requests.

Turn iCloud OFF if you value security.

Safari Cookies

Prevent cookies from being accepted in Safari. Clear old cookies.

• Open Settings
• Select Privacy
• Select Safari
• Click Accept Cookies
• Check Never
• Click Clear cookies and data

If you are not using any Bluetooth devices, disable Bluetooth to increase battery life and prevent security risks.

• Open Settings
• Select Bluetooth
• Set Bluetooth to Off

Backing up your iPhone regularly is an important task. With iOS 4, you need to connect your iPhone to your computer in order to perform back ups. With iOS 5, you can easily back up using iCloud. Enable iCloud by doing the following:

• Open Settings
  
• Select iCloud
  
• Select the items that you would like iCloud to back up

4. iPhone Email Security

It is important that email accounts accessed from a smartphone are setup utilizing encryption when available. Many email providers including Google’s Gmail, Microsoft Exchange, MobilMe, AOL Mail and Yahoo Mail support SSL (secure sockets layer) when accessing their mail servers. If SSL is not used, your emails as well as your password can be read by hackers.

To check a Mail Account for secure SSL access, do the following:

• Open Settings
  
• Select Mail, Contacts, Calendars
• Select a Mail Account
• Click on an Email Account
• Click on Account
• Verify Use SSL is set to On

If Use SSL is set to off, check with your email provider to verify their SSL support and enable it if possible.

Also, make sure your email account has been cleansed with a good spam filter. This is a basic requirement of any solid email provider. If your email vendor needs spam filtering assistance, consider accessing the email account via POP inside a Gmail account.

5. Find a Lost iPhone, Erase a Lost iPhone

Apple has an app that helps you find a lost iPhone by showing it on a map and optionally erase it or make the iPhone play a sound. This free service is a life saver and should be one of the first items installed. To enable Find My iPhone, follow these iOS 5 & 6 instructions.

Also consider creating a special graphics file with your emergency contact information that can be used as your lock screen. If you are having a life threatening emergency, people could still access this information. If your iPhone is lost and password protected, people could still contact you.

Make a Contact entry for yourself with a phone number other than your iPhone.You might also put in the Notes field – Reward for returning lost iPhone.

Set it as the default contact entry.  Settings – Mail, Contacts, Calendars – My Info – Choose your contact entry

This way, anyone can bring Siri and ask “Who owns this phone?” and see your contact info.

If you do lose your iPhone, watch out for phishing messages trying to get your iCloud Username and password.

6. Using WiFi securely

When accessing a wireless network outside the home, exercise caution. Any information sent over an external wireless may be subject to eavesdropping. Unless you know the WiFi network is secure, we would recommend against  connecting to it.

If you really want to use an unfamiliar wireless connection, limit usage to non-critical apps, email, and web. Do not e-mail, online shop, online bank, or online trade from public wifi hot spots or cyber cafes. Many of these locations provide little to no security and are prone to snooping or malware.

The iPhone can remember wireless networks by name and automatically log into them. This convenience function turns into a security problem because the iPhone will automatically send the same password to a wireless network of the same name. So if you name your wireless router, Linksys, if you encounter another wireless router with the same name, the iPhone will automatically use the password. A hacker could exploit this to obtain your wireless router’s password. We suggest you do not enable any automatic joining to wireless networks. The iPhone is very good at transparently switching from a cellular data network to a WiFi wireless network.

When accessing the Internet on a smartphone or tablet, using the built in 3G/4G connection is a lot safer than connecting via a local wireless internet hotspot. This warning applies to both apps and mobile internet browsers.

The safest way to use a public wireless network is by employing a VPN (virtual private network) which securely tunnels all of your iPhone’s traffic through a secure server. There are many paid services that sell VPN access.

iOS 8 includes an “Always-on VPN” feature, which eliminates the need for users to turn on VPN to enable protection when connecting to Wi-Fi networks. The iPhone’s MAC address now changes when it’s not connected to a Wi-Fi network, so it can’t be used to persistently track a device by passive observers of Wi-Fi traffic.

Disable WiFi when you are not accessing wireless networks. This will extend your battery life and increase security.

7. Secure Browsing with Safari

Force websites to use secure connections – It is important to utilize secure connections or HTTPS whenever possible. Several large websites have configuration options to force these secure connections. Here is more information on configuring HTTPS with: Gmail, Facebook, Twitter, Google. Google.com defaults to HTTPS if you are signed into your Google Account, if you are not, just manually add the s after http to force a secure connection ie –  https://www.google.com

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

8. Careful Link Clicking and Attachment Opening

As we have learned on computers, clicking on links in email can lead to viruses or malware being installed. We need to take the same precautions and more, on an Apple iPhone. Avoid clicking links in email, text messages, and websites that are unfamiliar to you.

Email attachments require the same amount of caution. Only open attachments when they are expected. Avoid opening your email provider’s spam folder and do not open any attachments in your spam folder.

Opening Attachments Safely with Gmail

Forward the email with attachment to a Gmail account.  From there, you can use Google Docs to open Word Processing, Spreadsheets, etc.  No need to endanger your own computer.

9. iPhone Anti Virus and Internet Security Software

iPhone anti virus software exists but due to the secure iOS design, cannot scan files automatically or run scheduled scans. Users have to manually tell an anti virus or Internet security App to scan files. Intego makes anti virus software VirusBarrier iOS App ($2.99) for the iPhone, iPad, and iPod Touch.

Kapersky Lab makes a free App called Threatpost that quickly displays articles from their security news website.

10. iTunes Password and Payment Option

It is important to select a strong password for iTunes. Read our article How to Create, Store, and Use Secure Passwords.

If a hacker obtained your iTunes password, they could drain your credit card with purchases. We recommend you remove all payment options after having created your iTunes account. iTunes only requires a payment option when creating a new account. We prefer to add iTunes money by purchasing a pre-paid iTunes gift cards.

11. Turn off Diagnostic Log Sending

Apple used to use Carrier IQ before iOS 5, so make sure you turn off this feature. To turn off sending of diagnostics data to Apple do the following:

• Open Settings
  
• Select General
• Select About
• Select Diagnostics & Usage
• Click on Don’t Send

12. Malicious QR Codes

QR codes are appearing in print and all over the place. Be aware that malicious QR codes that lead the user to download malware have been found. Be sure you check the link the QR code points to before using it.

13. Enable Two-Step Verification for Apple ID

Apple introduced two-step verification for Apple IDs.  You need 2 forms of proof to access your account.

We have covered many ways to improve your iPhone security. Utilizing our tips will help significantly improve the already good security of the Apple iPhone smartphone.

Do you have more iPhone security tips?

14. Secure Messaging

Law enforcement and probably the NSA use cell phone tower simulators called Stingrays, IMSI catchers, or dirtbox made by Harris. These fake cell phone towers slurp handset identification information and can snoop on data. They deploy these in small planes to net a ton of intercepts, without getting a warrant. Cell phone users have no right to privacy in public areas.

You can fight back by using secure messaging clients like Signal or Text Secure. Older Stingrays only support 2G, not 3G/4G, so turning off 2G will help here.

15. Public Charging – Video Jacking

Do not use a public phone charging cable, it could be capturing video video HDMI recording while you charge aka Video Jacking. Always use your own charging cable.

16. Setup Emergency Contact in Health App

The Health App was added way back in iOS 8, but few people have setup the Medical ID that emergency responders can use to contact your emergency contact. They can click Emergency from your lock screen and bring up your emergency Medical ID information.

In the Health App, setup a Medical ID.

Make sure it is set to be seen when your phone is locked.

Showing Text messages on your lock screen should not be allowed.

17. Enable Two Factor and Two Step authentication

Apple offers two-factor as well as two-step authentication. Enable it! If you enable it, make sure you keep the recovery code in a safe place.

18. Lock your SIM Card with a PIN code

This keeps your phone even more secure from theft.  It is a pain because you need to enter it every time you startup your phone.

19. Secure your mobile phone’s account from hijacking or Port-Out Scams

Hackers have been calling wireless carriers like: AT&T, Sprint, T-Mobile, and Verizon asking them to switch control of mobile phone numbers to themselves.

They will repeatedly call, hundreds of times, and make up all kinds of sob stories to get control. Once they hijack control, they will reset passwords of any device that uses that phone number as a security backup via SMS Text or two factor authentication. IE Google, Facebook, Twitter, Bitcoin accounts, etc.

How do you protect against phone hijacking?

• FTC has details
• Do not use your cell phone number in the first place!
• Use two factor authentication that uses a physical key or Google Authenticator App, not Text
• AT&T – Enable an account passcode
• Sprint – Customers setup a PIN when first signing up
• T-Mobile – Enable a customer care password
• Verizon – Setup an account PIN

T-Mobile customers can also call in to the company’s customer support line and place a separate “SIM lock” on their account, which can only be removed if the customer shows up at a retail store with ID.

Be sure to use Google Authenticator instead of Text messages for second factor authentication when possible.

If your phone stops receiving a signal and says “emergency calls only” or “no network,” even after you restart your phone, contact your mobile carrier to see whether your account has been hijacked.

Do you have any iPhone Security tips?

Updated January 2014 to cover a new TCP 32764 Wireless router Vulnerability.

A major security hole known as WiFi Protected Setup (WPS Bug) PIN brute force vulnerability (US-CERT VU#723755) has been recently found in virtually all modern Wireless Routers used in the home, resulting in a vulnerability that allows hackers to extract your WPA wireless security password in a matter of hours. Wi-Fi Protected Setup (WPS) is a protocol that allows users to press a button on their Wireless Router and connect to their computers without typing in a long cryptic password. A hole in this protocol has been recently found and exploited, allowing hackers easy access to cracking most wireless networks.

Why is this a major security problem?

• Virtually all wireless routers have this problem
• Many wireless routers (Qwest Actiontec, etc) use the same unchangeable PIN 12345670, hackable in seconds
• WPS is turn on by default to get certified by Wi-Fi Alliance
• Wireless routers do not automatically update their software to get a fix
• The number of PIN codes to test is only 11,000 instead of 100 million
• Attack software is available

The biggest issue is that virtually all wireless routers sold in the last 4 of years are hackable. The manufacturers need to update their firmware for these devices in order to fix the security breach. Virtually all wireless routers do not automatically update their firmware. As of January 16th, 2012, no manufacturers have issued updates, leaving millions of wireless networks vulnerable. Adding insult to injury, options to disable Wi-Fi Protected Setup (WPS) have been found to not do anything.

Why is getting your wireless password bad?

There are many reasons why you do not want your wireless password hacked.

• Others could use your Internet Connection Freely
• Spam or other illegal activities could be sent
• Everything you do on your network could be captured and read
• Your online banking and trading would no longer be secure

Secure your computer, web browser, Internet connection

It is important that you not only secure your wireless router but also secure all the devices connected to it. Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

How to hack a wireless network

Reaver is a Linux based attack program that can quickly exploit the Wi-Fi Protected Setup (WPS) bug and recover a wireless network’s password. This page has links to several articles on how to install and run Reaver.

How to tell if your wireless router is vulnerable

People have been running Reaver and testing to find Reaver vulnerable routers due to the WPS Bug.  This Google Docs Spreadsheet is being updated as new results come in. If you test a configuration, be sure to add it to the spreadsheet.

• Wireless routers produced starting in 2007 have Wi-Fi Protected Setup (WPS), so older ones will not be vulnerable.
• Below are the major wireless router manufacturers and status reports on updates to their firmware to fix the Wi-Fi Protected Setup (WPS) PIN Brute Force Vulnerability or how to disable WPS.

Actiontec Q1000 (Qwest) – Vulnerable

Apple – Not Vulnerable

ASUS – Vulnerable – Unverified: Disable WPS by Clicking Disabled in the WPS tab after clicking “Wireless” in the left hand column

Belkin – Vulnerable – Instructions to Disable WPS

Buffalo – Not Vulnerable – Uses DD-WRT with custom PIN code

Cisco (Linksys) – Some Vulnerable – Product List – E4200V1 & WRT320N WPS Disable Hack – Turning off WPS does not really turn it off. E1200 v2, E1500, E3200, E4200 V1 firmware fix released March 2012.

D-Link – Vulnerable – Disable WPS by Unchecking Enabled in the ADVANCED tab > WI-FI PROTECTED SETUP

Dynex – Vulnerable

Huawei – Vulnerable

Netgear – Vulnerable – Instructions to Disable WPS

Technicolor – Vulnerable – Instructions to Disable WPS

Tomson – Vulnerable

TP-Link – Vulnerable – Disable WPS by Clicking Disabled WPS after clicking “WPS” in the left hand column.

TRENDnet – Vulnerable – Disable WPS by Selecting Disabled in the WPS Config after clicking “WPS” in the left hand column under Wireless.

ZyXEL – Vulnerable

If your wireless router does not have a solution to the WPS security hole, consider using alternative 3rd party firmware (if available), which is covered below.

How to protect your wireless network from the WPS PIN Brute Force Vulnerability

If you have a vulnerable wireless router and a fix is not available, consider purchasing a new wireless router that is not affected. This Belkin Wireless N router is cheap and can be configured correctly.

Here are some methods to prevent the WPS pin vulnerability from being exploited on your wireless router.

• Wi-Fi Protected Setup (WPS) – Disable this feature (if possible) and enable manual setup, even though it makes setup much easier. Use a test tool to verify that WPS really got turned off.
• Broadcast SSID – Disable this feature. This is needed for WPS to function, so this can help mitigate the problem.
• Some Older Linksys router security incorporated SecureEasySetup (SES), which can be disabled to increase security.
• Implement the security tips in our How to Setup a Secure Wireless Router article including utilizing timers to shut off your router when it is not needed, and repositioning the wireless router to limit coverage. Also watch for unknown wireless devices utilizing your network, by examining DHCP leases.
• Use WPA2 Enterprise security.  This requires a RADIUS server, so it is for companies or sophisticated individuals.

Third Party Wireless Router Firmware to prevent WPS attack

Open Source alternatives to the software running on your wireless routers is available for some units.

• 3^rdParty Firmware or software for the wireless router is often available with additional features not available from the manufacturer’s firmware
  • Why? – Need a particular special feature. Often only for power users.
  • What features would be available? – Stability, security, configurability
  • Wireless Router Compatibility – Check website to see if your wireless router is supported by 3^rd party firmware

• DD-WRT – Popular 3^rd party replacement firmware for many wireless routers.

• OpenWRT – Another Open Source firmware for wireless routers.

• Tomato – Popular 3^rd party replacement firmware for many wireless routers.
• TomatoUSB – Supports different routers than Tomato

The Wi-Fi Protected Setup (WPS) PIN Brute Force Vulnerability is a major wireless security bug that affects millions of people, potentially allowing hackers to steal a lot of information. We have covered many ways to address the problem and will continue to update this article as manufacturers produce solutions.

 TCP Port 32764 Back Door

In 2014, it was discovered that some wireless routers had a backdoor that could be accessed anywhere on the Internet. Hackers could take over your router remotely without the need to enter a password!

This page has a list of wireless routers with the problem.  The most popular ones include:

• Linksys WAG120N
• Linksys WAG200N
• Netgear DG834B V5.01.14
• Netgear DGN2000 1.1.1, 1.1.11.0, 1.3.10.0, 1.3.11.0, 1.3.12.0
• Netgear WPNT834
• OpenWAG200

If you have any of these routers, you need to fix it right away or REPLACE it with a safe wireless router. Technical details of a patch.

The International Travel Security Problem

Many of us travel internationally but few realize how important computer security can be when we visit other countries. People doing business in countries like China and Russia (or any other country for that matter) need to pay strict attention to their technology security protocols to prevent the real and growing threat of high tech espionage. There have been instances of people returning from abroad and having their laptops or smartphones compromised. A mobile device used internationally and later hooked up to the Company’s network provides an excellent infection vector. The folks intent on stealing information could be government or corporate based.

Learn how to use your iPhone or Android Smartphone in China

How to Protect Yourself When Traveling

Some people might find the following list a bit paranoid, but you never can be too safe. People that work for major corporations, government, or security firms need maximum protection from attackers. There are tools that can detect the location of a mobile device to within 100 feet and can target phones by the phone number, IMEI (International Mobile Equipment Identity) number and intercept all communications from the mobile device.

• Leave your cell phone and laptop at home
• Buy a phone and SIM card in the other country
• Beware of any SMS message especially if they have links
• Do not bring any sensitive data or passwords
• Use temporary or loaner cell phones and laptops which will be erased when you get home
• Make sure all gadgets are fully up to date and have security software enabled. The best encryption should be utilized
• Never let your electronics out of your site
• If your device gets inspected at the border, it should never be connected to the Company’s network again
• Turn off Bluetooth and Wi-Fi
• Avoid public Wi-Fi altogether
• Do not use a public phone charging cable, it could be capturing video while you charge
• Disable microphones and cameras
• During meetings, turn off your devices and remove their batteries. (Prevents possible recording)
• Use a VPN with heavy encryption to connect to the Internet
• Use Google Voice to create a “throw away” voice accounts
• Do not connect to your Company’s or government’s network while abroad
• Use coded language when discussing sensitive matters
• Cut and paste passwords to prevent keylogging
• Change any and all passwords you used on the trip, immediately
• Enable two factor authentication for services that support this; Facebook, Gmail, eBay, etc.
• Two factor authentication system using SMS text messages is not secure, due to the weak SS7 routing system. We suggest only using two factor when you can use a token or a time based authenticator like Googles.

Following the safeguards listed above will help prevent hack attacks against yourself and your Company. The measures may sound extreme, but the danger is real.

Security has become an important part of using a personal computer. Gone are the days of just installing anti-virus and not worrying any further. Increasingly, the headlines include news of companies and websites getting hacked and personal data stolen. It is important to learn how to secure Windows and apply Internet Security, whether it is a notebook or desktop. Microsoft Windows remains the most popular personal computer operating system around. Because of its ubiquity, Windows has become a prime target for cyber criminals intent on stealing your information. This article focuses on how to secure your Windows-based PC so that you do not become part of the statistics. Our other tutorials help you secure your Firefox or Chrome Browser, e-mail, secure your wireless network, online shopping, iPad, smartphone and more.

Before you make any changes to your system, always back it up.

We recommend booting from a Linux CD or USB key when performing mission critical applications such as online banking, online trading, or online shopping.

Physical Hardware Security

If the computer is located in a location accessible by others, it needs to be physically secured.  Prevent others from stealing the machine, installing key loggers into the machine’s ports, or other foreign, unapproved devices into your personal computer’s USB interface ports. Consider disabling your USB ports for safety sake. Obviously, if the computer is located in a home, physical hardware security is not as important. Never, plug in a USB flash drive or device that you find on the ground or that unexpectedly arrives.

Consider buying a secure flash drive such as Lok-it that requires a PIN to be entered before it allows access.

Securing the Windows Vista and Windows 7 Operating System.

We are focusing on securing Windows Vista and Windows 7 operating systems only. Older Windows XP does not possess the security models built into newer versions of Windows; XP will soon be unsupported. We have seen estimates showing that Vista has 60% less malware infections versus Windows XP. Windows 7 has an advanced two-way firewall, anti-spyware software built in, User Access control, an Action Center pointing out security problems, and much more. Windows 7 included Internet Explorer 8 (Which has been superseded by newer versions), which features In Private browsing, Smart screen filters, and domain name highlighting, among other security oriented features. A recent vulnerability in SSL, TLS 1.0 affects Windows XP because it does not support newer versions of SSL TLS like Windows 7. If you are still running Windows XP, we recommend upgrading to Windows 7. 64-bit versions of Windows 7 and Vista offer slightly more security.

Corporate Windows 7 Security Guidelines

The NSA has a document on securing Windows 7 and performing Internet Security, as does the CCE. These documents are pretty detailed, but overkill for many users unless you are super paranoid like us.

Microsoft Security Compliance Manager (SCM) is a business oriented program that has continually updated settings for Windows, Microsoft Office, and Internet Explorer. You can view the settings they recommend and import them into group policy. This tool might be overkill for most end users, but it provides Microsoft’s security recommendations that should be implemented by those who are security conscious.

If you are using Microsoft office, you need to make sure you are using a version that is still being support by updates.  Office 2003 stopped being updated on 4/8/2014. Harden Microsoft Office to prevent malicious activities.

You should disable ActiveX content in the Microsoft Office Suite of applications.

You should disable Macros in the Microsoft Office Suite of applications.

Securing Windows Internal settings

Configuring Windows so that it is more secure is extremely important. Out of the box, Windows could use some additional strength. Unfortunately the higher security level will result in more pop-up dialogs, something that cannot be avoided.

1. Getting the latest updated installed in your system is critical. Install all updates before you use your machine. Reboot if needed, as soon as possible, to ensure the update is installed.

1. Ensure that Windows Update is set to Install Updates Automatically – Every day
   
   1. Open Control Panel from Start menu
   2. Select System and Security
   3. Select Windows Update
   4. Select Change settings (adjust if necessary)
   5. Click OK

2. Set User Account Control to its highest Security level: Always Notify (Highest Level)

1. Click Start Button
2. Type vac into Start menu’s Search Box
3. Select Change User Account Control Settings
4. Move slider to Top Always Notify

3. Ensure that you are using a strong Windows login password – See our How to generate secure passwords article. To change your password follow these steps:

1. Click Start Button
2. Type Windows Password into Start menu’s Search Box
3. Select Change your Windows Password from the results
   
4. Select Change your password from the dialog

*Tip*- The Windows login allows spaces and symbols like !@#$% in the password, so use them.

4. Setup a Standard user or non-administrative user account and use that instead. This is EXTREMELY important to do.

A non-administrative account or Standard user account can use most software and change system settings that do not affect other users on the same computer, nor can this user affect the security of the computer.

Note: Some malware, has from time to time, found the ability to grant itself administrator privileges bypassing Internet Security. Running as a standard user still minimizes risk. There will be times when using the Standard user account is annoying, due to lack of sufficient privileges to complete certain tasks. In the end the security increase is worthwhile. To create a Standard user account follow these steps:

1. Click Start Button
2. Type Create Standard user account into Start menu’s Search Box
3. Select Create Standard user account from the results
   
4. Click on Standard user
5. Enter a new account name in the dialog
6. Click Create Account

Also consider creating a standard user account for children or guests that share the same computer.

Note: If you are using Windows 7 Home, you cannot directly manipulate the administrator account. You need to use the command line to change the administrator’s account password and name. Note that the following is a complicated task, not for beginners.

Open elevated privileged command prompt and enter the following command line to enable the Administrator account and set a password on it:

Where “strongpassword!!!!” is a password you want to assign to the administrator account.

5. Turn off Autoplay. Autoplay allows automatic actions to occur when you insert a piece of media. For instance, inserting an audio CD would cause it to begin playing. This has been a security problem because malware could infect media or USB devices and automatically run. To disable Autoplay, do the following:

1. Select Control panel 
2. Select Hardware and sound
3. Select Autoplay
4. Uncheck Use Autoplay for all media and devices

Panda USB Vaccine performs the same task. Note, in February 2011, Microsoft disabled most Autorun features on Windows PCs, significantly reducing Autorun abusing malware.

6. If you are using Windows 7 Ultimate or Enterprise, use its built-in BitLocker encryption to encrypt your hard disk drive. This encryption prevents users from booting up with a different disk and viewing your data. BitLocker normally requires a motherboard with a Trusted Platform Module (TPM) chip. Very few motherboards have this chip, so many users apply this setting to enable a USB drive to become the start-up encryption key. You need this USB drive to be plugged in during computer boot-up. Microsoft describes this technique in the following article.

There is also a version of BitLocker for removable drives, known as BitLocker To Go. To access BitLocker do the following:

1. Click Start Button
2. Type Manage BitLocker into Start menu’s Search Box
3. Select Manage BitLocker from the results
   
4. Click Turn on BitLocker for each drive you would like to encrypt
   

Using Windows syskey to Protect Your Boot Drive

Windows has a built in program called syskey that allows you to encrypt the SAM database and require a boot floppy or USB key to login to your computer. This protection prevents hackers from booting up from a USB flash drive or CD and accessing your system. The downside is that if you lose this key, you cannot access your data anymore. Syskey helps protect against Kon-boot.

7. Prevent sharing of any files or folders that are unnecessary. This should be obvious, but becomes a large problem if you are connected outside the home, to a public network. To turn off file sharing do the following:

1. Click Start Button
2. Type Network and Sharing Center into Start menu’s Search Box
3. Select Network and Sharing Center from the results
   
4. Select Choose homegroup and sharing options then select Files and Printers to be unshared, if necessary.
   

8. Setting up backups prevents accidental data loss. We all hate to back up, but losing data is far more devastating. Automating backups is a must because most users forget to backup. Your documents should be backed up at a bare minimum. We will setup automatic backups for your data.

1. Click Start Button
2. Type Backup into Start menu’s Search Box
3. Select Backup and Restore from the results
   
4. Select Set up Backup from the dialog. You can tell it when and what to backup, and where to place the backup. We suggest you back up everything, daily to an external hard disk at a predefined time.

Consider an online backup service like mozy.com, so that you are protected if you lose your computer due to theft or a fire. For services like this, you may just want to backup your data files and not applications, to shorten the duration of backups. Online backups occur over the Internet, so they are especially slow if you have a lot of large files.

9. Create a System Image so you can rapidly restore from a virus or problem

1. Click Start Button
2. Type Backup into Start menu’s Search Box
3. Select Backup and Restore from the results
   
4. Select Create a system image from the dialog. The system image is an exact of your hard disk and is best created after you have set up your system with all your applications and data. You can quickly restore to this image if necessary. This should not be performed regularly, unlike normal backups.

• Implement the 3-2-1 backup rule. Have at least three copies of the most valuable data, keep two of them on different external media, and store one copy offsite.

10. Uninstall any unnecessary programs as they may become security risks, even though you may not use the program. Any application that you run, needs to be continually updated to the latest bug-free version. If you are not prepared to do this, you may think about removing the program. This will also reduce the amount of disk space in use and may even speed up your computer.

1. Select Control panel 
2. Select Programs
3. Select Programs and Features
4. Select programs on the list to uninstall

11. Windows 7’s Disk Cleanup tool helps remove temporary Internet files, Windows components, and other unneeded files. Use it to free up disk space and increase the performance of Windows PC.

1. Click Start Button
2. Type Cleanup into Start menu’s Search Box
3. Select Disk Cleanup from the results

12. Structured Exception Handling Overwrite Protection (SEHOP) – Can be enabled to block exploits that use the Structured Exception Handler (SEH) overwrite technique. WARNING: After you enable SEHOP, existing versions of Cygwin, Skype, and Armadillo-protected applications may not work correctly.

 13. Enhanced Mitigation Experience Toolkit from Microsoft (EMET) – Configures Internet security settings on specific security hole prone applications, to reduce the chance hackers can gain access from an exploit. We suggest you try this with Adobe reader, Adobe acrobat, media players like Windows Media Player, Internet browsers like Internet Explorer, Chrome and Firefox, e-mail clients like Windows live mail and Outlook.  Slowly turn on features as some will cause compatibility problems. Mandatory ASLR mitigation should be enabled for Internet Explorer and other applications.

Beware that it may cause the application to malfunction,  forcing you to disable it.  Also this tool is updated from time to time, so keep your copy refreshed. Those running Windows XP will not have the level of protection newer operating systems have.  Tips for using EMET.

14. Data Execution Prevention (DEP) – Can be enabled for all programs and services. This security feature helps prevent damage from malware by ensuring your programs use system memory safely. By default it is turned on only for essential Windows programs and services. We can enable it for all programs. If you encounter a game or other program that behaves erratically, you can add it to the exceptions list.

1. Click Start Button
2. Type Advanced system settings into Start menu’s Search Box
3. Select Advanced tab
4. Click the Settings button under Performance
5. Click Turn on DEP for all programs and services except those I select

15. Change your network type to Public

When you are setting up a new network connection, Windows will prompt you to choose what type of network this is. The choices are Home Network, Office Network, or Public Network. A Home Network is the most open network because all computers on the network will be treated as friendly, allowing for easy sharing of folders and files, and also allowing the creation of a Home Group for all computers on the network.

Office Network is slightly more strict, but the Public Network is the most strict. Selecting Public Network will hide your computer on the network and disable file and print sharing. This is recommended if you are running a notebook and connect to external networks often. If the computer is only used at home and file or printer sharing is used, do not change the setting.

If you already have a network set up and wish to increase its security by changing it to a Public Network by doing the following:

1. Click Start Button
2. Type Network and Sharing Center into Start menu’s Search Box
3. Under “View your active networks” Click the current network type under the Network name
4. Choose Public Network

16. Disable Remote Assistance and Remote Desktop

If you do not want people controlling your system remotely, you should ensure that Remote Assistance and Remote Desktop are turned off.

1. Click Start Button
2. Type Allow Remote Access to your Computer into Start menu’s Search Box
3. Under Remote Assistance – Uncheck “Allow Remote Assistance connections to this computer“
4. Under Remote Desktop – Click “Don’t allow connections to this computer”

17. Require CTRL+ALT+DEL to Login

To guarantee the windows login screen is authentic, we can require users to hit Ctrl+Alt+Delete before they login. This guarantees the login prompt is not faked.

1. Hit Windows key and the letter R
2. Type “control userpasswords2” into the Box, Hit Ok
3. If User Account Control is enabled, Hit Yes
4. Go to the “Advanced” tab
5. Under Secure logon Check the box that says, “Require users to press Ctrl+Alt+Delete“

18. Require CTRL+ALT+DEL to become Administrator temporarily

Some operations require Administrator Privileges temporarily, we can require a Ctrl+Alt+Delete to be hit before we allow the action to take place. This prevents fake screens from popping up and asking for Administrator Privileges.

If you are running Windows Vista Home or Windows 7 Home do the following:

1. Hit Windows key and the letter R
2. Type “regedit” into the Box, Hit OK
3. If User Account Control is enabled, Hit Yes
4. Navigate to “HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\CredUI\EnableSecureCredentialPrompting“
5. Set this REG_DWORD to “1” then Click OK
6. Then exit REGEDIT

If you are running Windows Vista Pro or Ultimate or Windows 7 Pro or Ultimate do the following:

1. Hit Windows key and the letter R
2. Type “gpedit.msc” into the Box, Hit OK
3. If User Account Control is enabled, Hit Yes
4. Navigate to “Computer Configuration\Administrative Templates\Windows Components\Credential User Interface“
5. Open “Require trusted path for credential entry”
6. Check Enabled and Press OK
7. Close the Group Policy Editor

19. Show Hidden files, folders, drives

Executable files have masqueraded as innocent pictures.  This helps to unmask hidden files. A file you think is a jpeg picture, could be a hidden executable with a picture icon.

1. Click Start Button
2. Type Hidden into Start menu’s Search Box
3. Select Show hidden files and folders from the results
4. Select under Hidden files and folders – Show hidden files, folders, and drives

20. Use AppLocker

White listing only known good applications and preventing all others from running is a great way to secure Windows. Windows 7 Ultimate and Enterprise includes AppLocker which works great but is designed for corporate environments that have Active Directory servers.

By applying special Windows settings, we can significantly increase the Internet Security of our Windows notebook and desktop PCs.

This concludes our How to Secure a Windows based personal computer article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure wireless Internet Router, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.