Goodby Smartphones

Today iam going offline with any of my Smarthones for Testing.

Why?

  • all current Smartphones based on nonfree Hard and Software
  • less patched
  • Hackers can remote force install Trojans as Updates (especially Stores by gov order)
  • non rooted devices are black boxes
  • rooted Images or Tools as Workarounds are often not published in which way the System OS is broken down, Hackers don’t work nonprofit !
  • Linux Laptops usage is often easier and much safer, you have full control and can run security tools to monitor
  • Apps for free do always call home at background
  • can’t control active background jobs and what they calc
  • can’t disable the USB Port for attacks or memory access
  • don’t know possibility about scanning data from active chips thru magnetic fields like RFID
  • fingerprint or biometric sensors are really nonsense
  • Smartphones don’t allow to edit the MAC Addresses of your device it’s like a Chassis Number of your CAR!!
  • .. and much more

When you can’t power down or prevent usage of your Smartphone then:

  • don’t leave it alone at any places
  • don’t use public wifi networks, cause attackers can take over wifi requests „man in the middle“
  • don’t use GPS
  • don’t use Whatsa. and fb, twitt. and other social media tools
  • factory reset monthly, better weekly, restore from sdcard by backup tools from first day
  • disconnect Data Transfer Option after use, safes battery too
  • blind all camera lenses, can be activated remote
  • put it into a Metal box to carry it in your Pockets, iron cage against magnetic fields
  • use often the flight mode to go offline for longer times
  • stick on a privacy guard on screen
  • use prepaid cards, change them from time to time
  • use SFTP with key auth always to sync data to you private internet space
  • from a other blog destroy the microphone cables inside and phone by a bluetooth headset with microphone
  • prefer less apps and select apps which the mainstream don’t use cause Attackers prefer Mainstream Apps to hack
  • DON’T forget to disable/switch  Wifi to LTE if BOTH active Google can LOCATE you by LTE and known public WIFI Accesspoints WITHOUT GPS!!!

.. step back use a old mobile phone for seniors 20$.. or use Linux Smartphones..

Remark :

  • iam not paranoid but if you read some blogs you will recognize that everything is used to break your privacy daily
  • security company’s offer services to everybody who pay’s the highest prices against laws in every way too..

LEDE OPENWRT WIFI USB SETUP

Test Setup

  • Futro S500 with USB Wifi Dongle Realtek RTL8192CU
  • PCI Riser Card with Realtek Gigabit
  • LEDE 17.XX Trunk Kernel 4.14
  • Download latest Version from openwrt.org select x86/64
  • extract the compressed image (*ext4*img.gz) and dump it with „dd“ to CF-Card 1GB

Sample for Clean Setup like TP-Link Router Firmware:

You need to install this packages by „opkg update && opkg install package name && reboot“:


base-files - 184-r6198-ba5f700
busybox - 1.27.2-3
dnsmasq - 2.79rc1-1
dropbear - 2017.75-5
e2fsprogs - 1.43.7-1
firewall - 2017-11-07-c4309372-2
fstools - 2018-02-11-3d239815-1
fwtool - 1
hostapd - 2017-08-24-c2d4f2eb-6
hostapd-common - 2017-08-24-c2d4f2eb-6
hostapd-utils - 2017-08-24-c2d4f2eb-6
iftop - 2017-02-06-35af3cf6-1
ip6tables - 1.6.1-2
iptables - 1.6.1-2
iw - 4.9-1
iwinfo - 2018-02-15-223e09bf-1
jshn - 2018-02-08-bb0c830b-1
jsonfilter - 2016-07-02-dea067ad-1
kernel - 4.14.20-1-eb9f2f64337015eea1a75123f71f272a
kmod-button-hotplug - 4.14.20-3
kmod-cfg80211 - 4.14.20+2017-11-01-4
kmod-e1000 - 4.14.20-1
kmod-e1000e - 4.14.20-1
kmod-hwmon-core - 4.14.20-1
kmod-i2c-algo-bit - 4.14.20-1
kmod-i2c-core - 4.14.20-1
kmod-igb - 4.14.20-1
kmod-input-core - 4.14.20-1
kmod-ip6tables - 4.14.20-1
kmod-ipt-conntrack - 4.14.20-1
kmod-ipt-core - 4.14.20-1
kmod-ipt-nat - 4.14.20-1
kmod-lib-crc-ccitt - 4.14.20-1
kmod-mac80211 - 4.14.20+2017-11-01-4
kmod-mii - 4.14.20-1
kmod-nf-conntrack - 4.14.20-1
kmod-nf-conntrack6 - 4.14.20-1
kmod-nf-ipt - 4.14.20-1
kmod-nf-ipt6 - 4.14.20-1
kmod-nf-nat - 4.14.20-1
kmod-nf-reject - 4.14.20-1
kmod-nf-reject6 - 4.14.20-1
kmod-nls-base - 4.14.20-1
kmod-ppp - 4.14.20-1
kmod-pppoe - 4.14.20-1
kmod-pppox - 4.14.20-1
kmod-pps - 4.14.20-1
kmod-ptp - 4.14.20-1
kmod-r8169 - 4.14.20-1
kmod-rtl8192c-common - 4.14.20+2017-11-01-4
kmod-rtl8192cu - 4.14.20+2017-11-01-4
kmod-rtlwifi - 4.14.20+2017-11-01-4
kmod-rtlwifi-usb - 4.14.20+2017-11-01-4
kmod-slhc - 4.14.20-1
kmod-usb-core - 4.14.20-1
kmod-usb-ehci - 4.14.20-1
kmod-usb-uhci - 4.14.20-1
kmod-usb-wdm - 4.14.20-1
kmod-usb2 - 4.14.20-1
kmod-usb2-pci - 4.14.20-1
lede-keyring - 2017-01-20-a50b7529-1
libblkid - 2.30.2-2
libblobmsg-json - 2018-02-08-bb0c830b-1
libc - 1.1.18-1
libext2fs - 1.43.7-1
libf2fs - 1.9.0-1
libgcc - 5.5.0-1
libip4tc - 1.6.1-2
libip6tc - 1.6.1-2
libiwinfo - 2018-02-15-223e09bf-1
libiwinfo-lua - 2018-02-15-223e09bf-1
libjson-c - 0.12.1-1
libjson-script - 2018-02-08-bb0c830b-1
libkmod - 20-1
liblua - 5.1.5-1
libmbedtls - 2.7.0-1
libncurses - 6.0-1
libnl-tiny - 0.1-5
libpcap - 1.8.1-1
libpthread - 1.1.18-1
librt - 1.1.18-1
libsmartcols - 2.30.2-2
libubox - 2018-02-08-bb0c830b-1
libubus - 2018-01-16-5bae22eb-1
libubus-lua - 2018-01-16-5bae22eb-1
libuci - 2018-01-01-5beb95da-1
libuci-lua - 2018-01-01-5beb95da-1
libuclient - 2017-11-02-4b87d831-1
libusb-1.0 - 1.0.21-1
libustream-mbedtls - 2016-07-02-ec80adaa-2
libuuid - 2.30.2-2
libxtables - 1.6.1-2
logd - 2018-02-14-128bc35f-1
lua - 5.1.5-1
luci - git-18.047.57952-461df8b-1
luci-app-firewall - git-18.047.57952-461df8b-1
luci-base - git-18.047.57952-461df8b-1
luci-lib-ip - git-18.047.57952-461df8b-1
luci-lib-jsonc - git-18.047.57952-461df8b-1
luci-lib-nixio - git-18.047.57952-461df8b-1
luci-mod-admin-full - git-18.047.57952-461df8b-1
luci-proto-ipv6 - git-18.047.57952-461df8b-1
luci-proto-ppp - git-18.047.57952-461df8b-1
luci-ssl - git-18.047.57952-461df8b-1
luci-theme-bootstrap - git-18.047.57952-461df8b-1
mkf2fs - 1.9.0-1
mtd - 21
netifd - 2018-02-05-1be329c6-3
odhcp6c - 2017-09-05-1f93bd4c-8
odhcpd-ipv6only - 1.3-1
opkg - 2017-12-07-3b417b9f-2
partx-utils - 2.30.2-2
pciutils - 3.5.6-1
ppp - 2.4.7-12
ppp-mod-pppoe - 2.4.7-12
procd - 2018-01-23-653629f1-2
px5g-mbedtls - 4
r8169-firmware - 2017-09-06-a61ac5cf-1
rpcd - 2017-12-07-cfe1e75c-1
rpcd-mod-rrdns - 20170710
rtl8192cu-firmware - 2017-09-06-a61ac5cf-1
terminfo - 6.0-1
ubox - 2018-02-14-128bc35f-1
ubus - 2018-01-16-5bae22eb-1
ubusd - 2018-01-16-5bae22eb-1
uci - 2018-01-01-5beb95da-1
uclient-fetch - 2017-11-02-4b87d831-1
uhttpd - 2017-11-04-a235636a-1
uhttpd-mod-ubus - 2017-11-04-a235636a-1
usbutils - 007-7
usign - 2015-07-04-ef641914-1
wireless-regdb - 2017-10-20-4343d359
wpa-supplicant - 2017-08-24-c2d4f2eb-6
zlib - 1.2.11-2

  • To Test if the System see successful the Dongle enter on console „lsusb“ and „lsmod |grep 81“
  • Login on on LAN port via Cable open Admin Website (LUCI) to https://192.168.1.1
  • If Wifi doesnt work then a package is missed like hostapd or wpa-supplicant
  • Kernel will post NO ERRORS on Log if packages are missed !!

Nextcloud Owncloud Calling Home

I did a deeper firewall test on my fresh installed OpenWRT Router and activated a „Ads Blacklist“ after this my owncloud Share Login loops!

Result:

  • Seems that some IP’s of the „Update Check Tool“ Servers, which is installed inside the PHP-Kit is blacklisted.
  • So it seems the Code calls home!  With this option its possible to count and collect IPs of Setups! Perhaps checkout unpatched Versions!
  • I didn’t check deeper, but the behavior was clear without viewing the codes.

After publish this Info via Twitter:

 

nextcloud owncloud calling home

REMARKS:

  • No Company / Developer works for „free“
  • After Setup of PHP-Kits do a IP Firewall Traffic checkout
  • If you don’t need the PHP Kit reachable via Internet block the IP Device at your Router from Internet Access!
  • Prefer Standard Tools like SFTP/SCP with Key Auth to transfer Files, less unsecure cause only one application active!!
  • PHP Kits Logins can often be scanned by Search Indexes by „Search by Title“ of the Login Webinterface!!

For me i decided to purge the package and use System Standard Tool „SFTP with SSH Key Auth“ and on my Phone a Totalcommander with SFTP Plugin!

 

 

Meltdown Spectre VM Hosting

Thru current IT News you may have heard about the major Security Problem of x86 Technology.

If your Websites current hosted on VM at VM Providers, contact them to get current news about their bug handling of their VM Host Servers. If you get no details, then shutdown your sites temporarily, or look for a other solution which isn’t running on x86 Technology.

Otherwise you can try to switch from php-kits to static HTML Websites. On the Net there are very helpful tools to do this easy. For WordPress is a WP to HTML Plugin available. This dumps your blog to HTML static paket where you can use a raspberry Pi with ligttpd as litte Webserver instance up to the time the x86 Manufacter fixes the nasty problems. Remark Debian runs on other CPUs like Sparc64 Mips too..

Security: Protection Against Cryptware Wannacry

You heard perhaps last day’s about the major problems of Attacks to Systems with the „WannaCry“ Crypto Ware

Howto protect yourself?

  • Enable the Firewall on Windows Systems!! Always!
  • Update daily the Virus Scanners and Windows Patches!
  • Disable and CLOSE Ports you never need! SMB Protocol is a open unencrypted Transfer Protocol!
  • Use a second Router with Firewall behind your ISP Router or Modem! (openwrt, pfsense)
  • Check with nmap Portscanner Tool the taken Rules and check if the work!
  • For Network Access use ALWAYS SFTP with Authentification over KEYs Logins (Two Factor: Key and Password for unlock the Keyfiles id_rsa)
  • For fresh installed Systems do a Full Backup of the Disk.
  • To Save your work files use USB Drives or USB Sticks which can be unplugged, if you don’t need them.
  • Backup weekly the Windows Disk to a external USB Disk 1TB sold for less than 50$
  • ..last but not least use a Live CD of Linux like ubuntu to access the Internet..

Update:

  • The Linux Windows Share Service called Samba is also under attack CVE-2017-7494
  • to fix enter smb.conf with a Editor:

nt pipe support = no

  • restart the Service with:

$service samba stop && service samba start

  • Don’t use reload, to be secure that the config is really reloaded!! A „systemd“ Problem!
  • Check the Samba Share for write and read access!

Android: Get back Privacy and Security

If you use a Android Smartphone (other Mobile-OS same) you should take a minute to get back your privacy and security!

This points helps to prevent, but there is no warranty for 100% protection!

  • First every Smartphone offers a Factory Reset, search it on Settings and DO it! This prevent you from Firmware Spam by the Reseller! (Samsung, HTC..)
  • Boot the Phone without inserting a SIM card, create a fake account to get Updates and Software over a PUBLIC WIFI Network (Coffee Shop, Freifunk)
  • Install wanted Apps, then go to Settings now to accounts, PURGE the fake account.
  • Disable / Purge Apps on the Settings, of Apps that you never will use.
  • Check on Settings which App is running by timer, if not needed disable it.
  • Check Webbackup Apps and disable or prevent them from calling home, (Default builtin Android Firewall)
  • DON’T setup your REAL Email Account which is used for Home Banking or Online Shopping, CAUSE the OS is open like a Swiss Cheese with holes! (Less Updates by Manufacterer) or to PROTECT your phone from being hijacked by a E-Mail Virus
  • Encrypt the Phone, and SET Screenlock with Password longer than 8 Digits, same on SIM Unlock Code!
  • Backup the Smartphone by USB Cable Monthly to a full encrypted PC!
  • If you are not a newbie, look for Browsers like icecat-apk on the Open Source F-Droid Shop which are more secure
  • Try Tor Browser later! For more Security!
  • DON’T Enter words, names, numbers who are CONFIDENTIAL! Cause Smartphones are like papers on a public table without real protection!
  • Try to use the „Quick Switches“ of the „Screen Pull Down Menu“ of the Home Screen where Data, Autosync and Flightmode can be used.
  • If you use Messenger Apps check their Settings to disable Download of „Video, Images, Files“ this can be a Backdoor too!
  • Disable „Video Autoplay“ on Apps like G+ or Facebook.
  • Use every App with a own fake Account.
  • NEVER leave your Phone on a public table, cause the USB Port is always open and AUTO Connect every plugged in Cable!
  • Put a black Strip on the Camera lens if you don’t need them! especially the Front Camera!
  • Call your Phone Provider, to disable the transmission of MMS/SMS! This prevent Messages with bad links.
android account removal
android account removal

Security: Harden DSL Routers and Networks against attacks

Last days there was a high count of news about the Bot Attacks against T-Com Telekom Router devices. To understand the behavior about this up comming security problems you should know following points :

  • Every network supported device can be a goal for a attack ( Routers, Modems, PC, Fridges,IP-TV, IP Switches, IP-Cams…)
  • You have to update the OS for each device monthly, if not supported by the manufacter, then dont buy!
  • Try to get Opensource Hardware with Opensource Software for full access (ssh / console) to have full control
  • Reduce the count of devices who are connected direct to the web!
  • If you must use a ISP Modem / DSL Router of your ISP Provider, then install a second Opensource Router with Firewall behind for more security
  • Use small Firewalls to seperate WIFI and LAN Networks!
  • DISABLE if possible „auto update“ and „ISP Remote Control“ at the DSL Router / Modem cause more and more comfort functions are hacked to break the systems.
  • Updates must be tested on non productive Routers!
  • Keep clean backups of fresh installed Routers / Modems and restore the backup every 3 month to overwrite bad possible changes!!
  • Connect the Routers to a clocktimer to unplug and hard reboot the Router every night! (againts RAM Hacks)
  • Control every month the Router logs and ISP-Settings ( IP-Phones) cause hackers want to route calls to asia!
  • Dont trust blind every commercial hardware! much bugs like open doors, default passwords are set!
  • Test your System with free tools like „nmap“ Portscan and „iftop“
  • Change Passwords, WIFI Passwords, Wifi-IDs! min. 12 signs