8/4/2020 Update: A major security hole was found in Secure Boot. A lot of software needs to be updated.

Windows 10 is installed in over 800 million devices but a fraction of those are running with increased security offered in this operating system.

In this tutorial we will show you how to enable Secure Boot and TPM to increase the security of Windows 10.

What is Secure Boot?

Secure boot is a security standard developed by members of the PC industry to help make sure that a device boots using only software that is trusted by the Original Equipment Manufacturer (OEM).  This prevents it from starting the computer from malware, ransomware, etc.

What is a Trusted Platform Module (TPM) ?

TPM is a hardware chip that is either part of the motherboard or added on later.

Trusted Platform Module (TPM) technology is designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper resistant, and malicious software is unable to tamper with the security functions of the TPM.

Enabling Secure Boot

Always backup your computer before making major modifications. Write down your current settings. Microsoft has some tips on enabling Secure Boot.  Each computer is different, so your screen options will vary.

1. Enter your PC’s BIOS setup by hitting the right key during bootup, such as F1, F2, F12, ESC or Delete.
2. Make sure your computer Boot Mode is set for UEFI, not Legacy
3. You may need to set Windows OS Configuration – Windows 10 WHQL Support to UEFI before you can see Secure Boot – It is called CSM for some BIOSes
   

4. Look for an option called Secure Boot – In MSI motherboards, it is located in Settings\Advanced\Windows OS Configuration Secure Boot

Set Secure Boot Mode – Custom

Select Key Management

Set Provision Factory Default Keys to Enabled

The Intel GOP driver was then installed.

After it is enabled, the Secure Boot Variable fields will get set and now you can go to the previous screen and actually Enable Secure Boot!

Compatibility Issues with Secure Boot

Some drivers will not install correctly when you are running with Secure Boot enabled.  Temporarily turn it off, install the driver, then re-enable.

MAKE SURE the driver is from a trustworthy source!

Make sure you have updated the TPM chip to the latest version to avoid TPM-FAIL. This primarily affects TPM modules with STMicroelectronics chips and Intel Platform Trust Technology (PTT). Infineon Chips are fine.

Enabling a TPM in Windows 10

Some PCs and motherboards come with TPM already installed.  In most cases, you need to figure out if your motherboard has a socket for a TPM. These are specific to hardware, you cannot put a MSI TPM board into a Asus motherboard.  If so buy one, turn off your PC, and install it.  Try to buy the TPM directly from the manufacturer, not from a random seller on Amazon or eBay.  Laughingly, our TPM board was made in China.  It could have been hacked during assembly! (So much for true security)

1. Enter your PC’s BIOS setup by hitting the right key during bootup, such as F1, F2, F12, ESC or Delete.

2. Look for an option called Trusted Computing- In MSI motherboards, it is located in Settings\Security\Trusted Computing

Set Security Device Support to Enabled – Set Device Select to Auto

Save the settings and restart your computer.  Re-Enter your PC’s BIOS select the same option

You should see additional options now that the TPM was found.

Restart the PC and enter Windows.  If the installation was successful, you should see these additional notes in the Windows Security – Device Security Screen.

Congratulations!

8/18/2024: iOS Devices can support DNS over HTTPS through this simple provision file addition.

8/1/2020: Netgear has major issues with many of its wireless routers.  Update now. Some will never be updated, if you have one of these obsolete routers, buy a new one.

7/23/2020: C-Data networking (Cdata, OptiLink, BLIY) equipment has multiple back doors. – The company says these are counterfeit versions.

1/22/2020: SIM Swap compromises using your smartphone to get text messages to authenticate with websites. Avoid using text messages to do rescue logins.  A new paper from Princeton researchers shows how easy it is to pull off a SIM Swap against AT&T, Verizon, T-Mobile and others.  Send text messages to a VoIP number such as Google Voice  instead. Do not allow Google Voice to forwards Texts/Calls to your main number.

1/20/2020: Virtually all Cablemodems have the Cable Haunt critical vulnerability. Call you cable operator an ask them to upate your cablemodem’s software now. You cannot do it on your own.

12/10/2019: Google Smart Lock is also a great way to generate second factor authentication but using your iPhone or Android phone and their app.

10/1/2019: iOS 13 has a handy feature to stop unwanted calls.  You can set the phone to send unknown callers straight to voicemail! (Those not in your contacts) – Settings – Phone – Silence Unknown Callers

5/12/2019: Thrangrycat Attacks Cisco Switches, Firewall and routers.  Update and patch now

3/19/2019: Windows 10 is loading more and more crap.  These scripts let you uninstall the junkware and reclaim privacy.

2/1/2019: Google has patch a major bug in Android where you can get hacked just by looking at a picture in a SMS, Email, or web page!  Update your Android software right away.  If your phone no longer gets updates, please consider buying a new one.

1/2019: Marvell’s Wi-Fi chip is used in millions of devices.  Unfortunately, it has a major security flaw. Look for updates soon.  Devices that have no way to get updated are worrisome.

12/2018: Marriott – Starwood Hotels got hacked, leaking a ton of data. Change your credit card if you booked there.

10/4/2018: Bloomberg reports that China has infiltrated major tech companies by compromising servers from their Chinese factories.  Never trust your hardware!

8/24/2018: HP Inkjet printers with Fax capability have a Faxploit exploit where someone could fax you a special page and take over your entire network. Patch now.

6/11/2018: The FBI has asked users to reboot your wireless router in an effort to prevent infection from the VPNFilter malware.   You should do more than this, write down its settings, reset it to default settings, and updated it to the latest software.

Always update the software for your router to the latest version.  If no update has occurred in the last 6 months, BUY a new one!  Affected devices include: (Expanded List)

Asus Devices:

RT-AC66U (new)
RT-N10 (new)
RT-N10E (new)
RT-N10U (new)
RT-N56U (new)
RT-N66U (new)

D-Link Devices:

DES-1210-08P (new)
DIR-300 (new)
DIR-300A (new)
DSR-250N (new)
DSR-500N (new)
DSR-1000 (new)
DSR-1000N (new)

Huawei Devices:

HG8245 (new)

Linksys Devices:

E1200
E2500
E3000 (new)
E3200 (new)
E4200 (new)
RV082 (new)
WRVS4400N

Mikrotik Devices:

CCR1009 (new)
CCR1016
CCR1036
CCR1072
CRS109 (new)
CRS112 (new)
CRS125 (new)
RB411 (new)
RB450 (new)
RB750 (new)
RB911 (new)
RB921 (new)
RB941 (new)
RB951 (new)
RB952 (new)
RB960 (new)
RB962 (new)
RB1100 (new)
RB1200 (new)
RB2011 (new)
RB3011 (new)
RB Groove (new)
RB Omnitik (new)
STX5 (new)

Netgear Devices:

DG834 (new)
DGN1000 (new)
DGN2200
DGN3500 (new)
FVS318N (new)
MBRN3000 (new)
R6400
R7000
R8000
WNR1000
WNR2000
WNR2200 (new)
WNR4000 (new)
WNDR3700 (new)
WNDR4000 (new)
WNDR4300 (new)
WNDR4300-TN (new)
UTM50 (new)

QNAP Devices:

TS251
TS439 Pro
Other QNAP NAS devices running QTS software

TP-Link Devices:

R600VPN
TL-WR741ND (new)
TL-WR841N (new)

Ubiquiti Devices:

NSM2 (new)
PBE M5 (new)

Upvel Devices:

Unknown Models* (new)

ZTE Devices:

ZXHN H108N (new)

4/24/2018: Windows Defender System Guard is now installed by the latest Windows 10 Updates. Make sure you are up to date.

3/21/2018: 1.1.1.1 is a free DNS Domain Name Service that helps hide the sites you goto. Cloudflare runs it and promises no logging.

3/15/2018: ID Thieves are using the IRS and filing fake tax returns. Remember that the IRS never calls or sends email to you.  They use old fashion US mail. Sign up for an IRS PIN if possible.

2/8/2018: Lenovo PCs with fingerprint readers need to be updated. Lenovo laptops with certain Broadcom Wi-Fi chips also need an update

1/12/2018: Laptops for Business use may have Intel AMT. You need to configure it or else your open to Intel AMT attacks.

1/5/2018: Meltdown and Spectre are 2 new processor chip bugs that affect most modern computers, smartphones, and tablets.  They will need software updates to mitigate this bad bug. More Details – Older system without updates are dangerous to continue to use. Time to buy new hardware.

11/21/2017: Quad9 is a free DNS Domain Name Service that helps prevent users from accessing malicious sites.  Run by IBM Security, Packet Clearing House (PCH) and The Global Cyber Alliance (GCA)

11/1/2017: Windows 10 controlled folder access anti-ransomeware is part of the Fall Creators Update.  It works well and should be used by all Windows 10 users.

10/16/2017: KRACK attack on Wi-Fi. Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.  Virtually ALL Wi-Fi equipped devices need to be updated.  The attack is particularly bad on Android 6.0 and Linux. If you have a device with no updates (eg Internet of Things), you will be open to attacks. Using a VPN helps.

10/6/2017: Kaspersky has been implicated in stealing data from the NSA.  Uninstall any of their antivirus software right away.  It is now banned in the US government. Best Buy has stopped selling it.

9/8/2017: In September 2017, Equifax got hacked affecting 143 Million customers. (Almost everyone!) Equifax is offering complimentary identity theft protection. – Do more! Setup a Credit Freeze.

9/1/2017: Arris NVG589, NVG599 and possibly other modems, routers, gateways sold for AT&T’s U-verse service have a major security hole. If you have one, you need to update it as soon as possible to software newer than 9.2.2 or apply this fix.

5/12/2017: Wanna Cry ransomware is spreading fast.  It exploits a Microsoft bug that was patched in March 2017.  It is more infectious because it can spread throughout a local network.

WannaKiwi – Decrypts files WannaCryp ransomware. Do not reboot after getting infected.

A basic lesson in patching right away and stop running old Operating systems.  Microsoft took the unusual step to put out a Windows XP, 8 , Windows Server 2003 patch to help stop this. If you use any of these OS’s, upgrade to Windows 10 now.

4/12/2017: 2 easy ways to increase your security and not have to constantly update are:

• Uninstall Adobe Flash
• Uninstall Adobe Reader

4/4/2017: Google Project Zero has found a major flaw in a WiFi chip that is used on many Android and iPhones. Hackers can run malware on devices. Apple iOS 10.3.1 and newer fixes the bug. Android patches are rolling out soon. Make sure you update your device. Any phone that does not get security updates any more, should be recycled and replaced.

3/16/2017: Matthew Green, a well respected cryptographer and professor at Johns Hopkins has a great article discussing Secure Computing – Desktops vs Smartphones, iOS vs Android and more..

2/16/2017: Apricorn makes a secure USB flash drives that require a pin code to be entered before they function.  No software or drivers required, so it works with any operating system. Dust and water resistant durable aluminium housing

2/2/2017: Laser Printers are vulnerable to security issues. Popular printer models manufactured by Dell, Brother, Konica, Samsung, HP, and Lexmark are all affected.

2/1/2017: Netgear has updated firmware for many routers that fixes a major security hole.

1/30/2017: Security minded people use VPNs to secure their communications. Many Android VPN clients have privacy and security risks.  Be careful which you use.

12/12/2016: 26 different low cost Android devices on the MTK platform have Trojan horses built in.

12/8/2016: Keyless Car Entry: Security minded folks would never buy a car that has this feature. The National Insurance Crime Bureau has a post on how a Mystery Device is used to relay your key fob’s signal to steal cars.  It is best to wrap your key fob in foil or some RF blocking shield when you are away from the vehicle.

11/30/2016: Gooligan Malware has infected over 1million Android phones, most of which downloaded apps outside the official Google Play store.

11/15/2016: Some Cheap cell phones made in China have spyware that sends all your texts to China. This includes the $50 BLU R1 HD sold by amazon! Update the firmware of this device NOW.

10/2/2016: D-Link DWR-932B  and Quanta 4G LTE QDH routers have major security holes- Upgrade it to the latest firmware. Details

9/22/2016: Do you run a website? If so make sure you test it for security vulnerabilities. Tinfoil Security has a nice free 90 day trial.

9/21/2016: Yahoo finally admits to a biggest breach ever. It happened back in 2014 of 500 million accounts. Change your passwords, never enter ‘real’ information into security questions. Use a Yahoo Account Key instead of a password.

9/18/2016: The Rowhammer memory vulnerability is getting important everyday. See if your hardware is vulnerable using Memtest86.

7/29/2016: No More Ransom.org (Kaspersky Lab in collaboration with Europol, the Dutch National Police and Intel Security) has a new site to help vicitims.  It has a page with Decryption Tools. Beware of this company though.

7/12/2016: Kanguru makes a fast USB 3.0 flash drive with physical write protect switch and a digitally signed secure firmware to protect against Badusb.  One of the first to do this. Get item to put a Linux Live CD like Ubuntu on and keep it from getting modified by malware.

5/20/2016: ID Ransomware helps you figure out which ransomware you are effected by, so you can look for remedies other than paying. Bleeping Computer has a Support forum for Ransomware

• ESET has a decryptor for TeslaCrypt infections

2/24/2016: MouseJack is a new security vulnerability that allows a malware to be remotely downloaded onto a computer via a hijacked wireless mouse or keyboard connection. A hacker could remotely type in commands or move your mouse. Update the firmware on your wireless mouse/keyboard if possible, otherwise use a wired mouse – keyboard.

Logitech Update – Worked for us, but required several tries.

2/5/2016: Netgear Wireless routers do not automatically add passwords to hard drives that are plugged into them, leaving them accessible to anyone on the Internet. Make sure you change the default password. Hackers can use Shodan to find you quickly.

1/19/2016: The Wall Street Journal commissioned a security researcher to test 20 popular internet Wireless Routers. 10 had known security weaknesses. 4 had old firmware that when upgraded could contain undocumented security problems.  Keep your router’s software update and if it is older than 2 years, you should buy a new one. Most networking companies’ stop updating them after a year or two. How to setup a Secure Wireless Router was updated.

11/17/2015: Several tutorials have updated lists of secure instant messaging apps. Forget about using popular ones like Whatsapp, Line, Viber, WeChat, they have all been monitored.

Try ones like:

• Silent Circle
• Redphone
• OSTel
• Chat Secure
• Signal (Formerly Textsecure)

7/24/2015: First of its kind. 1.4 Million 2013-2015 model year Chrysler, Dodge, Jeep Vehicles are vulnerable to remote hacking that can cause the vehicle to be controlled remotely. Get the special USB drive and update your car now.

4/28/2014: A new Internet Explorer Vulnerability that has no patch, is being actively exploited by malware. US Computer Emergency Readiness Team suggests people stop using Internet Explorer. Windows XP users need to use an alternative browser like Chrome or Firefox.

If you have to run Internet Explorer, you should install the Enhanced Mitigation Experience Toolkit or unregister the VGX.dll as mention in Microsoft’s Security Bulletin

4/10/2014: Heartbleed Security Hole. Servers that use certain versions of OpenSSL software to create secure connections are vulnerable to a major bug. Lastpass has a page that can help you test websites for this bug. Flippie.io has one too.

4/7/2014: Users should change their passwords for the following sites due to the Heartbleed Internet Security Bug: fitbit.com, github.com, rememberthemilk.com, yahoo.com. Cnet has a nice list.

2/1/2014: If you own an Asus or Linksys E-series wireless router, make sure it has been updated to prevent the Moon worm. How to setup a Secure Wireless Router was updated.

Check out our Facebook Settings How To Privacy Page

Why should I be concerned about Internet privacy?

• Do you like online ads following you around from site to site?
• Can you discuss your health problems online without fear of losing insurance?
• Do you worry about publishing private information that could lead to stalking, surveillance, or identity theft?
• Does your work place monitor your Facebook or Twitter? Could you be fired over a post?
• Do you live in a country where you could be arrested or tortured based on what you post online?
• Did you know that third-parties collect information the government is not allowed to collect? The government has purchased this information too.
• Companies such as FinFisher are selling hacking software to countries and corporations to break into people’s computers and monitor them.
• Visit the EFF’s Panopticlick site to see what you are telling the world right now, before using the tools below.
• Tactical Technology Collective has tips for journalists and activists on how to increase their privacy.

60% of people polled by the WSJ.com were tremendously worried about the loss of online privacy.

The Internet appears to facilitate privacy and anonymity, but in recent years has been a battleground that pits advertisers on one side and users on the other. It has become increasingly difficult to maintain privacy on the Internet because money has gotten into the game. As online advertising has grown, companies have sprouted up, attempting to optimize Internet advertising performance by combining advertising with profiling. While individual users may not be known by name, they have become ghost profiles that are increasingly matched up with appropriate advertising. If you have found Internet ads following you from site to site, you have been profiled and are seeing the results. In this article, we will examine many methods to enhance our Internet privacy and perform operations anonymously.

One of the main goals of Internet privacy is to make that people have the ability to make informed decisions about how they act online. Users should be told ahead of time how their personal information is used and shared.

The Real Cost of Free Content

While many users assume that most content sites are free, there is a hidden price being paid, the users private information. Most online advertising companies are tracking web browsing activity across many websites in order to build profiles of users. They cross-reference and trade information to generate revenue and better target online advertising and promotions.

Hide your phone number

Once a cybercriminal gets your phone number, they can wreak all sorts of havoc including SIM Swap your phone and take over many accounts.  Hide your number or at least used a VoIP number such as Google Voice. Do not allow Google Voice to forwards Texts/Calls to your main number.

• Google
  • Remove your phone number from myaccount.google.com – Personal information
• Microsoft
  • Remove your phone number from account.live.com
• Facebook
  • Select Settings under the drop-down arrow at the top right. First, click on Mobile in the right-side menu, and remove your phone number
• Twitter
  • Click your avatar, go to Settings and Privacy, and navigate to Mobile on the right hand menu. Remove your number and use an authenticator app

Android

Turn off your advertising ID.  This is attached to all you apps, search history, purchases, recent locations and much more.

• Settings > Privacy > Ads > Delete Advertising ID

Older Android versions may have Opt Out of Ads Personalization

Chrome

Turn off 3rd party cookie tracking on both Chrome for computers and Chrome App

Settings > Security & Privacy > Block third-party cookies

Privacy Oriented Browser

brave is a browser from a mozilla co-founder, which is focused on privacy.

Internet Browser Cookies

In the past, users have been able to delete their Internet browsers’ cookies and thereby foiling efforts to track the user. Here are instructions for clearing the browser cache in Google Chrome, Microsoft Internet Explorer 9, and Mozilla Firefox.

Below is how to set browsers to not accept third-party cookies. These cookies are typically generated by tracking and advertising companies when you visit a website. Occasionally this technique will cause a website to malfunction, particularly if it uses a third-party to handle tasks like commenting.

To optimize third-party cookie privacy settings in Firefox do the following:

• Select Options… from the Tools menu
• Select Privacy tab
• Select Use custom settings for history
• Uncheck Accept third-party cookies
• Optionally select Keep until: I close Firefox – This will delete cookies after every browser session, which you may not want to happen.

To optimize third-party cookie privacy settings in Internet Explorer 9 do the following:

• Select Internet Options from the Tools menu
• Select Privacy tab
• Check Never allow websites to request your physical location under Location
• Select Advanced
• Check Override automatic cookie handling
  
• Check Block under Third-party Cookies
• Press OK

CCleaner is useful Windows utility to clear out unnecessary files including temporary files, and cookie files.

Identity Finder helps you remove personally identifiable information from your computer’s files. They have a free Windows and Mac version.

While this technique is still somewhat helpful, the advertisers have gotten smarter and utilize other tracking techniques. Consult our guides to Google Chrome, Microsoft Internet Explorer 9, and Mozilla Firefox for information.

IRS Tax Filing IP PIN

An IRS IP PIN is a six-digit number assigned to eligible taxpayers that helps prevent the misuse of their Social Security number on fraudulent federal income tax returns.

In 2019, they expanded the states that support this protection.

HTML5 and Privacy

HTML5 represents the latest standard for web design that significantly increases the flexibility and interactiveness of websites. Along with these impressive new features, comes a major privacy issue. HTML5 local storage allows data to be stored in your browser. It can potentially be used to track your movements and regenerate any cookies that you delete. New methods of blocking need to be created to block this intrusive technology.

Google Chrome and Firefox clear HTML5 local storage whenever you clear your cookies. Safari clears this when you select: Preferences -> Privacy tab -> Cookies and other website data -> Remove All Website Data

You can set Firefox to warn you whenever a website is attempting to use HTML5 local storage by selecting: Options -> Advanced -> Network -> Tell me when a website attempts to store data for offline use.

Flash Cookies

Adobe Flash also generates cookies that have been used for tracking and are difficult to remove. Adobe has a special page that requires Flash, in which you can delete your Flash cookies. Also visit this Flash configuration page to prevent 3rd parties from storing Flash content on your PC. You can install a Flash blocker to prevent these cookies from being installed on your system. Flush for the Mac, removes Flash cookies.

Adjusting Google Privacy Settings

In 2018 Google Created this Activity Tracking page to enhance privacy.

To clear Google’s “web history” which includes a log of all your searches, follow the instructions on this page.

To see and revoke access to your Google account by third-party sites, follow the instructions on this page. Also turn on Do Not Track.

To get a copy of everything Google has stored about you, visit Google Takeout. Additional Google services not covered by Takeout are located at Data Liberation.org. To delete the information, you must visit each Google service and delete your data manually.

Privacy App

Jumbo Privacy iOS App helps set Google, Facebook, Ad settings that we have mentioned

Adjusting Facebook Privacy Settings

Our article on Facebook security covers how to adjust Facebook’s privacy settings. Keep in mind that privacy settings only prevent others from seeing your profile. Advertisers and Facebook still have access to your private profile.

AVG Privacyfix.com helps you manage your Facebook privacy settings by showing you which ones need to be fixed.

Logging Off for Privacy

Intentionally logging off a site helps preserve your online privacy. If you were on Amazon, Facebook, or Google, we recommend you log off the site and not click away to a different site. This will help prevent ads from following you.

Fact: When a someone has more information about us, we are more likely to trust them. If your personal details leaked in a company’s data breach, criminals could use that information to craft emails that look more credible.

Minimize your personal information on Facebook, Twitter, Instagram, etc. Also cleanse or set to Private your Amazon wishlists and eBay bidding history.

 Anonymous Browsing

Most modern Internet browsers have options to perform anonymous browsing. You can utilize this function to help hide your identity. Here are instructions for anonymous browsing in Google Chrome, Microsoft Internet Explorer 9, and Mozilla Firefox.

Optional third party browser plug-ins are also available to help enhance Internet privacy.

• Adblock Plus is a plug in to block ads. Firefox – Chrome
• ChromeBlock is a plugin to help increase privacy. Chrome
• Cookie Master is a Firefox plug-in to manage cookies
• Disconnect.me is a plugin to help increase privacy. Firefox – Chrome – Safari
• Do Not Track Plus is a Firefox plugin to help increase privacy.
• Ghostery is a free plug-in to view and block what trackers and advertisers a website uses. Available for most web browsers
• NoScript is an extension for both Firefox and Chrome which prevents scripting from automatically running
• PrivacySuite is a plugin to help increase privacy. Firefox – Internet Explorer (Soon)
• Trackmenot is a Firefox plug in to prevent tracking. Chrome version

Opting Out of Online Ad Personalization – Do Not Track

Advertising companies that are members of the Network Advertising Initiative (NAI) and other self-regulatory efforts allow users to opt out of personalizing ads that are shown. Here are instructions for opting out of online ad personalization in Google Chrome, Microsoft Internet Explorer, and Mozilla Firefox.

The Network Advertising Initiative also has a page that allows you to opt out of online ad personalization from a variety of member advertising companies.

Other Opt-out pages:

• AOL
• Apple iAds
• Mastercard
• SelectOut – Optout of almost 200 trackers
• Self-Regulatory Program for Online Behavioral Advertising
• Yahoo

Using Linux for Internet Privacy

Linux can be utilized to enhance our Internet privacy. We can set up a bootable Linux USB key or CD, which allows us to start up our computer into a totally clean operating system, devoid of cookies and the like. Use one that has a write lock physical switch. Consult our article Creating a Bootable Linux USB Key or CD for more information.

Using a VPN for Internet Privacy

A VPN or Virtual Private Network allows you to tunnel your Internet traffic through a third party provider, making your traffic appear to come from a different location. While this option is more complex to implement, when combined with the suggestions listed above, a VPN connection forms a very powerful tool to protect your privacy. Consult our article How to Use Wireless Networks or WiFi Safely in Public for more information. Make sure you select one that is located outside the USA and which does not logging.

Email Snooping

Yahoo was exposed in 2016 to having scan all its customer’s emails looking at incoming email streams for a digital signature associated with a known terror organization.

The ultimate way to prevent email snopping is by running your own email server.  This has a cost and can result in your emails not going through.

Credit Card Privacy

Privacy.com creates secure virtual credit card numbers, hiding your real card.

Secure Instant Messaging

Privacy relates to how easy it is to ease drop into a messaging client.  Can the government listen in?  Is it encrypted?

The EFF has a great Secure Messaging Scorecard page.
Forget about using popular ones like Whatsapp, Line, Viber, WeChat, they have all been monitored.

Try ones like:

Silent Circle
Redphone
OSTel
Chat Secure
Signal (Formerly Textsecure)

Anonymous Registration

It is annoying registering for forums and many content sites where your real information is not necessary. When asked for personal information, we suggest you enter bogus information if you wish to remain anonymous. Create an email address that is tied to this information and save this information as a profile within password management utilities.

MySudo helps you create temporary emails address and phone numbers. Free Trial.  You can also this by create multiple gmail and google voice accounts.

Removing Yourself from Online Databases

There are several large databases that contain personal information that is culled from telephone books, court records, and other third parties. You can opt out of their data by visiting the following links.

• BeenVerified
• Family Tree Now
• Intelius
• PeekYou
• PeopleSmart
• Pipl
• Spokeo
• Whitepages
• ZabaSearch

A paid service DeleteMe helps automate this for $129/year

Identity Theft Protection

If you are a Comcast subscriber, you are eligible for free Identity Guard (discontinued). Consult your ISP to see if they have any free identity theft programs.

Social Security Account Setup

While we are on the subject of protecting you from identity theft.  If you have not already setup your Social Security Account, you should set one up before a thieve makes one before you.

Or better yet, block Electronic access to your Social Security Record.

TV Privacy

If you have a Smart TV, it may be watching or listening to you.  In March 2017 a Wikileaks CIA leak indicated that they are listening in on those with Samsung TVs.

• Turn off any Smart TV Functions on your TV
• Use an external Roku or AppleTV box instead
• Use a power strip and turn off the TV’s power that way

Opting out of TV data

Many TV content suppliers log your viewing habits and sell them to other companies.  Opt-Out of this madness! Cable and satellite television networks have their own opt-out for anonymous-viewer information.

• DirectTV – Contact the company by phone, email, or mail to opt-out.
• TiVo
• Optimum.net – They removed their opt-out page.
• Comcast
• AT&T
• Vizio – Vizio TVs spied on what people were viewing, causing the FTC to sue them.  The company provided consumers’ IP addresses to data aggregators, who then matched the address with an individual consumer or household. Vizio’s contracts with third parties prohibited the re-identification of consumers and households by name, but allowed a host of other personal details – for example, sex, age, income, marital status, household size, education, and home ownership.

Turn off iPhone Diagnostic Log Sending

To turn off sending of diagnostics data to Apple do the following:

• Open Settings
  
• Select General
• Select About
• Select Diagnostics & Usage
• Click on Don’t Send

Color Laser Printer & Color Copier Privacy Issues

The Electronic Frontier Foundation (EFF) discovered that most color copiers and color laser printers have been adding invisible tracking codes to every single printed page they produce. The government asked printer makers to do this in an effort to prevent counterfeiting. The dots help track what type of printer and its serial number as well as when the document was printed.

This relativity little known tactic can undermine anonymity for political, religious, or any other reason. Users need to understand this and tell printer manufacturers that they do not like this hidden invasion of privacy. For more information, take a look at this webpage and support their efforts.

If you are purchasing a new color laser printer, try to purchase one that does not print these invisible codes.

Kindle eBook Privacy issues

Reading in the new age via eReaders such as the Kindle expose users to additional privacy issues. Previously, with physical books, it was difficult for bookstores and publishers to know whether you had really finished a book, highlighted specific passages in the book, or what book you purchased next.

With eReaders such as the Kindle your privacy has gone out the door. Kindle users have to agree to allow Amazon to store information on the device and Amazon’s servers including where you left off in the book, notes, highlights, bookmarks, and more. With all of this information, the Electronic Frontier Foundation (EFF) is pushing for legislation to prevent eBook sellers from reveling people’s reading habits without a court’s approval.

If you are concerned about your privacy, you may want to steer clear of eReaders or utilize an eReader that does not any have Internet connectivity. Find one that allows eBooks to be downloaded to a computer and manually added to your eReader.

More Resources

privacy tools.io – Lists many resources that can help you reclaim your privacy

With some leg work, we can significantly improve the privacy of our online activities.

Internet of Things Scanner

Run this online scanner to see if any of your IOT devices are visible and need to be secured.

October 2017 Wi-Fi KRACK attack Warning

KRACK attack on Wi-Fi. Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.  Virtually ALL Wi-Fi equipped devices need to be updated.  The attack is particularly bad on Android 6.0 and Linux. If you have a device with no updates (eg Internet of Things), you will be open to attacks.

You should not be using any non-802.11ac devices any more, if at all possible; and you should make absolutely certain you’ve updated the firmware on all routers to the latest available version.

If that newest available firmware version is older than November 2017, it is without a doubt vulnerable to KRACK, and you’re going to need to discard and replace that device. If it’s older than, say, July 2018 it might or might not include KRACK mitigations, and you should go through all of that device’s firmware release notes since November 2017 to make certain.

Securing Internet of Things, Smart Home Devices

More and more gadgets for the home are connected to the Internet for additional functionality. Refrigerators to Thermostats to Door Locks, the list is never ending. Do not forget about security. You may have created an open door for hackers, become part of an evil Botnet, or illegal activity without your knoawledge.

A vulnerable webcam can give ANYONE on the Internet a view of your home. Secure these home gadgets as strongly as possible. Many can NEVER be updated, which means that you should discontinue their usage.

Wi-Fi Network Connection

Here are some general tips to secure your new IOT or smart home devices:

1. Change the default password or credentials of the Device
2. Update the device to the latest firmware available. If the company does not have a firmware update page on their website, we would return it. Do this again every couple months.
3. Connect your IOT device such as a Dropcam or Nest Smoke Detector to your Guest Wi-Fi network whenever possible.  This network should be walled off from the normal network, preventing access to all your Computers.  Malicious devices could snoop on your network and quietly send information without your knowledge.
4. If the Wireless routers guest network is not secure, it is even better to have 3 routers in a Y configuration. You can purchase an inexpensive router that hooks up to your Cable/DSL modem, then have 2 separate wireless routers connected to this device. Put all Internet of Things devices on one of the Y routers. Connect your computers, smartphones, tablets to the other router.
5. Have the Guest network that IOT devices are on, use a different dns server
6. Turn off uPNP on your router to prevent ports from being opened up to access IOT devices.
7. Never poke a hole through your firewall for a device. It could then be accessed by anyone on the Internet! Use Shields Up! to look for open ports.
8. Peer to Peer capabilities are hard to secure. Avoid devices with this.
9. Cheaper IOT devices especially no name ones sold on Amazon or eBay should be avoided. Most of these are rarely built with security in mind and are never updated.  Stick to brand name, IE Netgear, Google, Ring, etc..

Even the NSA is loving the rise of all these IOT devices to let them hack more easily. CCTV cameras were involved in a DDoS attacks, taking down small businesses who did not pay ransom.

Hacked Internet of Things Insecure Device List

Baby Monitors

Gynoii – Details

iBaby M3S, iBaby M6 – Details

Lens Peek-a-View – Details

Philips In.Sight B120/37 – Details

Summer Baby Zoom Wifi Monitor & Internet Viewing System – Details

TRENDnet WiFi Baby Cam TV-IP743SIC – Details

Home

AuYou Wi-Fi Smart Outlet Switch – Details

Ceomate Bluetooth Smart Doorlock – Details

Elecycle EL797 & EL797G Smart Padlock – Details

iBluock Padlock – Details

Garage doors with no rolling codes – Details

Kwikset – Smartkey locks – Details

Lagute Sciener Smart Doorlock v3.3.0 – Details

LIFX Smart LED Light Bulb – Details

Mesh Motion Bitlock Padlock v1.4.9 – Details

Okidokey Smart Doorlock v2.4 – Details

Plantraco Phantomlock v1.6 – Details

Poly Control Danalock Doorlock – Details

Quicklock Doorlock & Padlock – Details

Samsung Smart TVs 2015 – Details

TRANE Comfortlink XL850 – Details

Vians Bluetooth Smart Doorlock – Details

Kitchen Appliances

Smarter Wi-Fi iKettle – Details

Pacemakers

St. Jude Medical Cardiac Pacemakers – Details

Pets

Dog Training System – Details

Security

Yale Zigbee Doorlock – Details

Toys

Boosted, Revo, Yuneec Electric Skateboards – Details

Cayla Doll – Details – Banned in Germany ($26,000 fine!)

Cloud Pets – Details

Fredi Baby Monitor – Details

Hello Barbie – Details

iSPY Camera Tank – Details

Vtech Learning Lodge – Details

Webcams – IP Cameras – DVR

This category is a minefield.  Look how many people have their cameras made public on Insecam.com – Stick to a Dropcam or Ring Doorbell camera.

In September 2016 a massive number of IP Cameras and DVRs were hacked and used to DDOS or take off the Internet due to high traffic, websites. Each has a hard coded telnet username and password of root – xc3511 – XiongMai Technologies of Hangzhou, China, created many of these devices that are rebranded by others and sold. If you have one, updated it and change its password immediately.

We would never buy a no-name IP camera from amazon, you are just asking for it.

ACTi IP Camera – default login

ANKO Products DVR – default login

AVTECH IP Ccameras, NVR, DVR – Details

Axis IP Camera – default login – Watch video with no Passwords! – Update your camera

CCTV-DVR – Over 70 different Vendors – Details

D-Link DCS930L, DCS932L – Details

Dahua Security Cameras – default login– Must change default password and update firmware right away – Some have hardcoded backdoor ONVIF password of admin/admin. – Details – Includes:

DH-IPC-HDW23A0RN-ZS
DH-IPC-HDBW23A0RN-ZS
DH-IPC-HDBW13A0SN
DH-IPC-HDW13A0SN
DH-IPC-HFW13A0SN-W
DH-IPC-HDBW13A0SN
DH-IPC-HDW13A0SN
DH-IPC-HFW13A0SN-W
DHI-HCVR51A04HE-S3
DHI-HCVR51A08HE-S3
DHI-HCVR58A32S-S2

Dahua IP Camera – default login

Dahua IP Camera HDW4300C – default login

Dahua DVR – default login

Defeway – Watch video with no Passwords

Dreambox TV receiver- default login

Eminent EM6220 – Details

EV ZLX Two-way Speaker

Foscam – different brand names in Europe – Authenticate you with ‘admin’ without requiring password – Foscam C1 IP – Details

Guangzhou Juan Optical – default login

Netgear Arlo – Details

RaySharp DVRs – Details

Samsung IP Camera – Details

Shenzhen Anran Security Cameras – Details

Shenzhen Neo iDoorbell or NIP-22 – Details

Sony – IPELA Engine IP Cameras – Details

SNC-CX600, SNC-CX600W, SNC-EB600, SNC-EB600B, SNC EB602R, SNC-EB630, SNC-EB630B, SNC-EB632R, SNC-EM600, SNC-EM601, SNC-EM602R, SNC-EM602RC, SNC-EM630, SNC-EM631, SNC-EM632R, SNC-EM632RC, SNC-VB600, SNC-VB600B, SNC-VB600B5, SNC-VB630, SNC-VB6305, SNC-VB6307, SNC-VB632D, SNC-VB635, SNC-VM600, SNC-VM600B, SNC-VM600B5, SNC-VM601, SNC-VM601B, SNC-VM602R, SNC-VM630, SNC-VM6305, SNC-VM6307, SNC-VM631, SNC-VM632R, SNC-WR600, SNC-WR602, SNC-WR602C, SNC-WR630, SNC-WR632, SNC-WR632C, SNC-XM631, SNC-XM632, SNC-XM636, SNC-XM637, SNC-VB600L, SNC-VM600L, SNC-XM631L, SNC-WR602CL, SNC-CH115, SNC-CH120, SNC-CH160, SNC-CH220, SNC-CH260, SNC-DH120, SNC-DH120T, SNC-DH160, SNC-DH220, SNC-DH220T, SNC-DH260, SNC-EB520, SNC-EM520, SNC-EM521, SNC-ZB550, SNC-ZM550, SNC-ZM551, SNC-EP550, SNC-EP580, SNC-ER550, SNC-ER550C, SNC-ER580, SNC-ER585, SNC-ER585H, SNC-ZP550, SNC-ZR550, SNC-EP520, SNC-EP521, SNC-ER520, SNC-ER521, and SNC-ER521C.

Toshiba Network Camera – Details

VideoIQ – Details

Vivotek IP Camera – Details

Security Researchers have found Security Holes

SmartThings – Details

Sony – Watch video with no Passwords!

TPLink- Watch video with no Passwords!

Universal Plug and Play UPnP – Always turn it off in your router! – Details

Vacron – Details

Wireless IP Camera (P2) Wificam – Details also known as:

Foscam C2 also known as: Chacon, Thomson, 7links, Netis, Turbox, Novodio, Ambientcam, Nexxt, Technaxx, Qcam, Ivue, Ebode, Sab, and Opticam.

3G+IPCam Other
3SVISION Other
3com CASA
3com Other
3xLogic Other
3xLogic Radio
4UCAM Other
4XEM Other
555 Other
7Links 3677
7Links 3677-675
7Links 3720-675
7Links 3720-919
7Links IP-Cam-in
7Links IP-Wi-Fi
7Links IPC-760HD
7Links IPC-770HD
7Links Incam
7Links Other
7Links PX-3615-675
7Links PX-3671-675
7Links PX-3720-675
7Links PX3309
7Links PX3615
7Links ipc-720
7Links px-3675
7Links px-3719-675
7Links px-3720-675
A4Tech Other
ABS Other
ADT RC8021W
AGUILERA AQUILERA
AJT AJT-019129-BBCEF
ALinking ALC
ALinking Other
ALinking dax
AMC Other
ANRAN ip180
APKLINK Other
AQUILA AV-IPE03
AQUILA AV-IPE04
AVACOM 5060
AVACOM 5980
AVACOM H5060W
AVACOM NEW
AVACOM Other
AVACOM h5060w
AVACOM h5080w
Acromedia IN-010
Acromedia Other
Advance Other
Advanced+home lc-1140
Aeoss J6358
Aetos 400w
Agasio A500W
Agasio A502W
Agasio A512
Agasio A533W
Agasio A602W
Agasio A603W
Agasio Other
AirLink Other
Airmobi HSC321
Airsight Other
Airsight X10
Airsight X34A
Airsight X36A
Airsight XC39A
Airsight XX34A
Airsight XX36A
Airsight XX40A
Airsight XX60A
Airsight x10
Airsight x10Airsight
Airsight xc36a
Airsight xc49a
Airsight xx39A
Airsight xx40a
Airsight xx49a
Airsight xx51A
Airsight xx51a
Airsight xx52a
Airsight xx59a
Airsight xx60a
Akai AK7400
Akai SP-T03WP
Alecto 150
Alecto Atheros
Alecto DVC-125IP
Alecto DVC-150-IP
Alecto DVC-1601
Alecto DVC-215IP
Alecto DVC-255-IP
Alecto dv150
Alecto dvc-150ip
Alfa 0002HD
Alfa Other
Allnet 2213
Allnet ALL2212
Allnet ALL2213
Amovision Other
Android+IP+cam IPwebcam
Anjiel ip-sd-sh13d
Apexis AH9063CW
Apexis APM-H803-WS
Apexis APM-H804-WS
Apexis APM-J011
Apexis APM-J011-Richard
Apexis APM-J011-WS
Apexis APM-J012
Apexis APM-J012-WS
Apexis APM-J0233
Apexis APM-J8015-WS
Apexis GENERIC
Apexis H
Apexis HD
Apexis J
Apexis Other
Apexis PIPCAM8
Apexis Pyle
Apexis XF-IP49
Apexis apexis
Apexis apm-
Apexis dealextreme
Aquila+Vizion Other
Area51 Other
ArmorView Other
Asagio A622W
Asagio Other
Asgari 720U
Asgari Other
Asgari PTG2
Asgari UIR-G2
Atheros ar9285
AvantGarde SUMPPLE
B-Qtech Other
B-Series B-1
BRAUN HD-560
BRAUN HD505
Beaulieu Other
Bionics Other
Bionics ROBOCAM
Bionics Robocam
Bionics T6892WP
Bionics t6892wp
Black+Label B2601
Bravolink Other
Breno Other
CDR+king APM-J011-WS
CDR+king Other
CDR+king SEC-015-C
CDR+king SEC-016-NE
CDR+king SEC-028-NE
CDR+king SEC-029-NE
CDR+king SEC-039-NE
CDR+king sec-016-ne
CDXX Other
CDXXcamera Any
CP+PLUS CP-EPK-HC10L1
CPTCAM Other
Camscam JWEV-372869-BCBAB
Casa Other
Cengiz Other
Chinavasion Gunnie
Chinavasion H30
Chinavasion IP611W
Chinavasion Other
Chinavasion ip609aw
Chinavasion ip611w
Cloud MV1
Cloud Other
CnM IP103
CnM Other
CnM sec-ip-cam
Compro NC150/420/500
Comtac CS2
Comtac CS9267
Conceptronic CIPCAM720PTIWL
Conceptronic cipcamptiwl
Cybernova Other
Cybernova WIP604
Cybernova WIP604MW
D-Link DCS-910
D-Link DCS-930L
D-Link L-series
D-Link Other
DB+Power 003arfu
DB+Power DBPOWER
DB+Power ERIK
DB+Power HC-WV06
DB+Power HD011P
DB+Power HD012P
DB+Power HD015P
DB+Power L-615W
DB+Power LA040
DB+Power Other
DB+Power Other2
DB+Power VA-033K
DB+Power VA0038K
DB+Power VA003K+
DB+Power VA0044_M
DB+Power VA033K
DB+Power VA033K+
DB+Power VA035K
DB+Power VA036K
DB+Power VA038
DB+Power VA038k
DB+Power VA039K
DB+Power VA039K-Test
DB+Power VA040
DB+Power VA390k
DB+Power b
DB+Power b-series
DB+Power extcams
DB+Power eye
DB+Power kiskFirstCam
DB+Power va033k
DB+Power va039k
DB+Power wifi
DBB IP607W
DEVICECLIENTQ CNB
DKSEG Other
DNT CamDoo
DVR DVR
DVS-IP-CAM Other
DVS-IP-CAM Outdoor/IR
Dagro DAGRO-003368-JLWYX
Dagro Other
Dericam H216W
Dericam H502W
Dericam M01W
Dericam M2/6/8
Dericam M502W
Dericam M601W
Dericam M801W
Dericam Other
Digix Other
Digoo BB-M2
Digoo MM==BB-M2
Digoo bb-m2
Dinon 8673
Dinon 8675
Dinon SEGEV-105
Dinon segev-103
Dome Other
Drilling+machines Other
E-Lock 1000
ENSIDIO IP102W
EOpen Open730
EST ES-IP602IW
EST IP743W
EST Other
EZCam EPK-EP10L1
EZCam EZCam
EZCam Other
EZCam PAN/TILT
EZCam Pan/Tilt
EasyCam EC-101HD
EasyCam EC-101HDSD
EasyCam EC-101SD
EasyCam EC-102
EasyCam Other
EasyN 187
EasyN 1BF
EasyN 720P
EasyN F
EasyN F-136
EasyN F-M136
EasyN F-M166
EasyN F-M181
EasyN F-M1b1
EasyN F-SERIES
EasyN F133
EasyN F2-611B
EasyN F3
EasyN F3-166
EasyN F3-176M
EasyN F3-M166
EasyN F3-SERIES
EasyN F3-Series
EasyN F3-m187
EasyN F3M187
EasyN FS-613A-M136
EasyN FS-613B
EasyN FS-613B-M166
EasyN FS-613B-MJPEG
EasyN FS613
EasyN F_M10R
EasyN H3-V10R
EasyN H6-M137h
EasyN M091
EasyN Other
EasyN est-007660-611b
EasyN est-007660333
EasyN f
EasyN f-Series
EasyN f138
EasyN f_series
EasyN fseries
EasyN kitch
EasyN s
EasySE F/B/N/I
EasySE H3
EasySE H3e
EasySE Other
Ebode IPV38W
Ebode IPV58
Ebode Other
Ego Other
Elro 901
Elro 903
Elro 903IP
Elro C7031P
Elro C703IP2
Elro C704-IP
Elro C704IP
Elro C704IP.2
Elro C704ip
Elro C803IP
Elro C903IP
Elro C903IP.2
Elro C904IP
Elro C904IP.2
Elro IP901
Elro Other
Eminent 6564
Eminent EM6220
Eminent EM6564
Eminent em6220
Esky C5900
Esky L
Esky Live
Esky c5900
Eura-Tech IC-03C3
EyeCam ICAM-608
EyeCam IP65IW
EyeCam Other
EyeCam STORAGEOPTIONS
EyeIPCam IP901W
EyeSight ES-IP607W
EyeSight ES-IP811W
EyeSight ES-IP909IW
EyeSight ES-IP935FW
EyeSight ES-IP935IW
EyeSight IP910IW
EyeSight IP915IW
EyeSight Other
EyeSight ip609IW
EyeSight ip909iw
EyeSight ip915iw
EyeSight mjpeg
EyeSpy247 Other
F-Series FSERIES
F-Series Ip
F-Series Other
F-Series ip
First+Concept Other
Focuscam F19821W
Foscam FI18904w
Foscam FI18905E
Foscam FI18905W
Foscam FI18906w
Foscam FI1890W
Foscam FI18910E
Foscam FI18910W
Foscam FI18910w
Foscam FI18916W
Foscam FI18918W
Foscam FI18919W
Foscam FI19810W
Foscam FI8094W
Foscam FI81904W
Foscam FI8601W
Foscam FI8602W
Foscam FI8606W
Foscam FI8610w
Foscam FI8903W
Foscam FI8903W_Elita
Foscam FI8904
Foscam FI8904W
Foscam FI8905E
Foscam FI8905W
Foscam FI8905w
Foscam FI8906w
Foscam FI8907W
Foscam FI8908W
Foscam FI8909W
Foscam FI890W
Foscam FI8910
Foscam FI8910E
Foscam FI8910W
Foscam FI8910W_DW
Foscam FI8910w
Foscam FI8916W
Foscam FI8918
Foscam FI89180w
Foscam FI8918E
Foscam FI8918W
Foscam FI8918w
Foscam FI8919W
Foscam FI9804W
Foscam FI9805E
Foscam FI9810
Foscam FI9810W
Foscam FI9818
Foscam FI9820w
Foscam FI9821W
Foscam FI9821w
Foscam FL8910
Foscam FS18908W
Foscam FS8910
Foscam Fi8910
Foscam Other
Foscam fI8989w
Foscam fi1890w
Foscam fl8910w
FoxCam PTZ2084-L
GIGA gb
GT+ROAD HS-006344-SPSLM
General Other
Generic All-in-one
Generic Billy
Generic DomeA-Outdoor
Generic IP
Generic Other
Gi-star+srl IP6031W
Gigaeye GB
GoAhead EC-101SD
GoAhead GoAheadWebs
GoAhead IPCAM1
GoAhead IPCAM2
GoAhead Other
GoAhead thedon
GoCam Other
Goclever EYE
Goclever EYE2
Gotake GTK-TH01B
H+264+network+DVR 720p
H+264+network+DVR Other
H.264 Other
H6837WI Other
HD+IPC Other
HD+IPC SV3C
HDIPCAM Other
Heden CAMH04IPWE
Heden CAMHED02IPW
Heden CAMHED04IP
Heden CAMHED04IPWN
Heden CAMHEDIPWP
Heden Other
Heden VisionCam
Heden visionCam
HiSilicon Other
Hikvision DS-2CD2132
Histream RTSP
HooToo F-SERIES
HooToo HOOTOO
HooToo HT-IP006
HooToo HT-IP006N
HooToo HT-IP009HDP
HooToo HT-IP206
HooToo HT-IP207F
HooToo HT-IP210HDP
HooToo HT-IP210P
HooToo HT-IP212
HooToo IP009HDP
HooToo Other
HooToo apm-h803-mpc
Hsmartlink Other
Hungtek WIFI
ICAMView Other
ICam I908W
ICam IP-1
ICam Other
ICam Other2
ICam dome
INISOFT-CAM Stan
INVID Other
IO+Data Other
IP66 Other
IPC IPC02
IPC Other
IPC S5030-TF
IPC S5030-m
IPC SRICAM
IPCC 3XPTZ
IPCC 7210W
IPCC IPCC-7210W
IPCC x01
IPTeles Other
IPUX ip-100
ISIT Other
IZOtech Other
IZTOUCH 0009
IZTOUCH A001
IZTOUCH IZ-009
IZTOUCH LTH-A8645-c15
IZTOUCH Other
IZTOUCH Other1
IZTOUCH ap001
IeGeek Other
IeGeek ukn
Inkovideo V-104
Iprobot3 Other
JRECam JM3866W
JWcam JWEV
JWcam Other
Jaycar 3834
Jaycar 720P
Jaycar Other
Jaycar QC-3831
Jaycar QC-3832
Jaycar QC-3834
Jaycar QC-3836
Jaycar QC-3839
Jaytech IP6021W
JhempCAM Back
JhempCAM Other
KaiKong 1601
KaiKong 1602w
KaiKong Other
KaiKong SIP
KaiKong SIP1602
KaiKong SIP1602W
KaiKong sip
KaiKong sip1602w
Kenton gjc02
Kinson C720PWIP
Klok Other
Knewmart KW01B
Knewmart KW02B
Kogan KAIPC01BLKA
Kogan KAIPCO1BLKA
Kogan Other
Kogan encoder
Kogan kaipc01blkb
Kompernass IUK
Koolertron Other
Koolertron PnP
Koolertron SP-SHEX21-SL
LC+security Other
LW lw-h264tf
LYD H1385H
Lager Other
Leadtek C351
LevelOne 1010/2010
Libor Other
LifeTech MyLifeTech
LifeTech Other
LifeTech dd
Lilly Other
Linq Other
Lloyds 1107
Loftek CXS
Loftek Nexus
Loftek Other
Loftek SPECTOR
Loftek Sendinel
Loftek Sentinel
LogiLink WC0030A
LogiLink wc0044
Logitech C920
MCL 610
MJPEG Other
Maginon 100
Maginon 10AC
Maginon 20C
Maginon IP-20c
Maginon IPC
Maginon IPC-1
Maginon IPC-10
Maginon IPC-100
Maginon IPC-100AC
Maginon IPC-10AC
Maginon IPC-2
Maginon IPC-20
Maginon IPC20C
Maginon IPC_1A
Maginon Other
Maginon SUPRA
Maginon Supra
Maginon ipc
Maginon ipc-1a
Maginon ipc100a
Maginon ipx
Maginon w2
Marmitek GM-8126
Maygion IP
Maygion OTHER2
Maygion Other
Maygion V3
Maygion black
Mediatech mt4050
Medisana SmartBabyMonitor
Merlin IP
Merlin Other
Merlin vstc
Messoa Other
Mingyoushi S6203Y-WR
Momentum 2002
Momentum MO-CAM
NEXCOM S-CAM
NIP NIP-004500-KMTLU
NIP NIP-075007-UPHTF
NIP NIP-11BGPW
NIP NIP-14
NTSE Other
Neewer Other
Neewer V-100
Neo+CoolCam NIP
Neo+CoolCam NIP-02(OAM)
Neo+CoolCam NIP-06
Neo+CoolCam NIP-066777-BWESL
Neo+CoolCam NIP-102428-DFBEF
Neo+CoolCam NIP-H20(OZX)
Neo+CoolCam OBJ-007260-LYLDU
Neo+CoolCam Other
Neo+CoolCam neo
Neo+CoolCam nip-11
Neo+CoolCam nip-20
Ness Other
NetView Other
Netcam Dual-HD
Netcam HSL-232245-CWXES
Netcam OUVIS
Netcam Other
Netware Other
Nexxt+Solution Xpy
Nixzen Other
NorthQ NQ-9006
Office+One CM-I11123BK
Office+One IP-900
Office+One IP-99
Office+One Other
Office+One SC-10IP
Office+One ip-900
Office+One ip900
Opexia OPCS
Optica+Video FI-8903W
Optica+Video FI-8918W
Optica+Video Other
Otto 4eye
Overmax CamSpot
Overmax Camspot
OwlCam CP-6M201W
P2p wificam
PCS Other
Panasonic BL-C131A
PeopleFu IPC-674
PeopleFu IPCAM1
PeopleFu IPCAM2
PeopleFu IPCAM3
PeopleFu IPCAM5
Pixpo 1Z074A2A0301627785
Pixpo PIX006428BFYZY
Pixpo PIX009491MLJYM
Pixpo PIX009495HURFE
Pixpo PIX010584DFACE
Plaisio IP
Planex Other
Planex PLANEX
Polariod P351S
Polaroid IP-100
Polaroid IP-101W
Polaroid IP-200B
Polaroid IP-201B
Polaroid IP-350
Polaroid IP-351S
Polaroid IP-360S
Polaroid IP-810W
Polaroid IP-810WZ
Polaroid Other
Polaroid POLIP101W
Polaroid POLIP201B
Polaroid POLIP201W
Polaroid POLIP351S
Polaroid POLIP35i5
PowerLead Caue
PowerLead PC012
ProveCam IP2521
Provision 717
Provision F-717
Provision F-737
Provision PT-737
Provision WP-711
Provision WP-717P
Pyle HD
Pyle HD22
Pyle HD46
Pyle Mine
Pyle PIPCAM15
Pyle Pipcam12
Pyle cam5
Pyle pipcam25
Pyle pipcam5
Q-nest QN-100S
Q-nest qn-100s
Queback 720p
ROCAM NC-400
ROCAM NC-500
ROCAM NC300
ROCAM NC300-1
ROHS IP
ROHS none
RTX 06R
RTX DVS
RTX IP-06R
RTX IP-26H
RTX Other
Rollei safetycam-10hd
SES Other
SKJM Other
SST SST-CNS-BUI18
SVB+International SIP-018262-RYERR
SafeHome 278042
SafeHome 616-W
SafeHome IP601W-hd
SafeHome Other
SafeHome VGA
SafeHome iprobot
Samsung Other
Santec-Video Other
Sarotech IPCAM-1000
Sarotech ip300
Scricam 004
Scricam 192.168.1.7
Scricam AP-004
Scricam AP-009
Scricam AP0006
Scricam AP006
Secam+CCTV IPCAM
Secam+CCTV Other
Seculink 10709
Seculink Other
Secur+Eye xxc5330
Seisa JK-H616WS
Senao PTZ-01H
Sequrecam Other
Sequrecam PNP-125
Sercomm Other
Shenwhen+Neo+Electronic+Co NC-541
Shenwhen+Neo+Electronic+Co Other
Shenwhen+Neo+Electronic+Co X-5000B
Shenzhen 720P
Shixin+China IP-129HW
Siepem IPC
Siepem S5001Y-BW
Siepem S6203y
Siepem S6211Y-WR
Simi+IP+Camera+Viewer Other
Sineoji Other
Sineoji PT-315V
Sineoji PT-3215P
Sineoji PT-325IP
Sinocam Other
Sky+Genious Genious
Skytronic IP
Skytronic IP99
Skytronic Other
Skytronic WiFi
Skytronic dome
SmartEye Other
SmartWares C723IP
SmartWares c724ip
SmartWares c923ip
SmartWares c924ip
Solwise SEC-1002W-IR
Spy+Cameras WF-100PCX
Spy+Cameras WF-110V
Sricam 0001
Sricam 004
Sricam A0009
Sricam A001
Sricam AP-001
Sricam AP-003
Sricam AP-004
Sricam AP-005
Sricam AP-006
Sricam AP-009
Sricam AP-012
Sricam AP-CAM
Sricam AP0009
Sricam AP002
Sricam AP995
Sricam Cam1
Sricam Front
Sricam Home
Sricam Other
Sricam SP005
Sricam SP012
Sricam SP013
Sricam SP015
Sricam SRICAM
Sricam SRICAM1
Sricam aj-c2wa-c118
Sricam ap
Sricam ap006
Sricam ap1
Sricam h.264
Sricam sp013
Sricctv A-0006
Sricctv A-009
Sricctv AJ-006
Sricctv AP-0001
Sricctv AP-0005
Sricctv AP-0009
Sricctv AP-001
Sricctv AP-002
Sricctv AP-003
Sricctv AP-004
Sricctv AP-004AF
Sricctv AP-005
Sricctv AP-006
Sricctv AP-007
Sricctv AP-008
Sricctv AP-009
Sricctv AP-011
Sricctv AP-014
Sricctv H-264
Sricctv Other
Sricctv P2P-BLACK
Sricctv P2P-Black
Sricctv SP-007
Sricctv SR-001
Sricctv SR-004
Star+Vedia 6836
Star+Vedia 7837-WIP
Star+Vedia C-7835WIP
Star+Vedia Other
Star+Vedia T-6836WTP
Star+Vedia T-7833WIP
Star+Vedia T-7837WIP
Star+Vedia T-7838WIP
StarCam C33-X4
StarCam EY4
StarCam F6836W
StarCam Other
StarCam c7837wip
Stipelectronics Other
Storage+Options HOMEGUARD
Storage+Options Other
Storage+Options SON-IPC1
Sumpple 610
Sumpple 610S
Sumpple 631
Sumpple 960P
Sumpple S601
Sumpple S610
Sumpple S631
Sumpple S651
Sumpple qd300
Sumpple s631
SunVision+US Other
Sunbio Other
Suneyes Other
Suneyes SP-T01EWP
Suneyes SP-T01WP
Suneyes SP-TM01EWP
Suneyes SP-TM01WP
Suneyes SP-tm05wp
Sunluxy H-264
Sunluxy HZCam
Sunluxy Other
Sunluxy PTZ
Sunluxy SL-701
Supra+Space IPC
Supra+Space IPC-1
Supra+Space IPC-100AC
Supra+Space IPC-10AC
Supra+Space Other11
Supra+Space ipc-20c
Sure-Eye Other
Surecom LN-400
Swann 005FTCD
Swann 440
Swann 440-IPC
Swann ADS-440
Swann ADS-440-PTZ
Swann ADS-CAMAX1
Swann Other
Swann SWADS-440-IPC
Swann SWADS-440IPC-AU
Sygonix 43176A
Sygonix 43558A
Szneo CAM0X
Szneo CoolCam
Szneo NIP
Szneo NIP-0
Szneo NIP-02
Szneo NIP-031
Szneo NIP-031H
Szneo NIP-06
Szneo NIP-12
Szneo NIP-2
Szneo NIP-20
Szneo NIP-210485-ABABC
Szneo NIP-26
Szneo NIP-X
Szneo NP-254095
Szneo Other
Szneo TFD
TAS-Tech Other
Technaxx tx-23
Techview GM8126
Techview QC-3638
Techview qc3839
Temvis Other
Tenda C50S
Tenda c30
Tenda c5+
Tenvis 0012
Tenvis 3815
Tenvis 3815-W
Tenvis 3815W
Tenvis 3815W.
Tenvis 3815W2013
Tenvis IP-319W
Tenvis IP-319w
Tenvis IP-391W
Tenvis IP-391WHD
Tenvis IP-602W
Tenvis IP602W
Tenvis IPROBOT
Tenvis JP-3815W
Tenvis JPT-3814WP2P
Tenvis JPT-3815
Tenvis JPT-3815-P2P
Tenvis JPT-3815W
Tenvis JPT-3815W+
Tenvis JPT-3815WP2P
Tenvis JPT-3815w
Tenvis JPT-3818
Tenvis MINI-319W
Tenvis Mini-319
Tenvis Other
Tenvis PT-7131W
Tenvis TH-661
Tenvis TR-3818
Tenvis TR-3828
Tenvis TR3815W
Tenvis TZ100
Tenvis TZ100/IPROBOT3
Tenvus JPG3815W
Threeboy IP-660
Topcam SL-30IPC01Z
Topcam SL-720IPC02Z
Topcam SL-910IW30
Topica+CCTV Other
Trivision NC-335PW-HD-10
Trust NW-7500
Turbo+X Endurance
Turbo+X IIPC-20
Uokoo 720P
VCatch Other
VCatch VC-MIC720HK
Valtronics IP
Valtronics Other
Vandesc IP900
Vantech Other
Vantech PTZ
Videosec+Security IPC-103
Videosec+Security IPP-105
Vimicro Other
Vitek+CCTV Other
Vstarcam 7823
Vstarcam C-7824WIP
Vstarcam C-7833WIP-X4
Vstarcam C-7833wip
Vstarcam C-7837WIP
Vstarcam C-7838WIP
Vstarcam C50S
Vstarcam C7816W
Vstarcam C7824WIP
Vstarcam C782WIP
Vstarcam C7842WIP
Vstarcam C93
Vstarcam C=7824WIP
Vstarcam Cam360
Vstarcam F-6836W
Vstarcam H-6837WI
Vstarcam H-6837WIP
Vstarcam H-6850
Vstarcam H-6850WIP
Vstarcam H-6850wip
Vstarcam ICAM-608
Vstarcam Other
Vstarcam T-6835WIP
Vstarcam T-6836WTP
Vstarcam T-6892wp
Vstarcam T-7815WIP
Vstarcam T-7833WIP
Vstarcam T-7833wip
Vstarcam T-7837WIP
Vstarcam T-7838WIP
Vstarcam T-7892WIP
Vstarcam T6836WTP
Vstarcam T7837WIP
Vstarcam c7815wip
Vstarcam c7833wip
Vstarcam c7850wip
Wanscam 00D6FB01980F
Wanscam 106B
Wanscam 118
Wanscam 541-W
Wanscam 543-W
Wanscam 790
Wanscam AJ-C0WA-198
Wanscam AJ-C0WA-B106
Wanscam AJ-C0WA-B116
Wanscam AJ-C0WA-B168
Wanscam AJ-C0WA-B1D8
Wanscam AJ-C0WA-C0D8
Wanscam AJ-C0WA-C116
Wanscam AJ-C0WA-C126
Wanscam AJ-C2WA-B118
Wanscam AJ-C2WA-C116
Wanscam AJ-C2WA-C118
Wanscam AJ-C2WA-C198
Wanscam AJ-COWA-B1D8
Wanscam AJ-COWA-C116
Wanscam AJ-COWA-C126
Wanscam AJ-COWA-C128
Wanscam AW00004J
Wanscam B1D8-1
Wanscam C-118
Wanscam C-126
Wanscam Colour
Wanscam FI-18904w
Wanscam FR-4020A2
Wanscam FR4020A2
Wanscam HD-100W
Wanscam HW-0021
Wanscam HW-0022
Wanscam HW-0022HD
Wanscam HW-0023
Wanscam HW-0024
Wanscam HW-0025
Wanscam HW-0026
Wanscam HW-0028
Wanscam HW-0033
Wanscam HW-0036
Wanscam HW-0038
Wanscam HW-0039
Wanscam HW-22
Wanscam HW0030
Wanscam IP
Wanscam JW-0001
Wanscam JW-0003
Wanscam JW-0004
Wanscam JW-0004m
Wanscam JW-0005
Wanscam JW-0006
Wanscam JW-0008
Wanscam JW-0009
Wanscam JW-0010
Wanscam JW-0011
Wanscam JW-0011l
Wanscam JW-0012
Wanscam JW-0018
Wanscam JW-004
Wanscam JW-009
Wanscam JW-CD
Wanscam JW000008
Wanscam JW0009
Wanscam JW001
Wanscam JW0012
Wanscam JW008
Wanscam JWEV
Wanscam JWEV-011777-NSRVV
Wanscam JWEV-011921-RXSXT
Wanscam JWEV-360171-BBEAC
Wanscam JWEV-380096-CECDB
Wanscam JWEV-PEPLOW
Wanscam NBC-543W
Wanscam NC-530
Wanscam NC-541
Wanscam NC-541/W
Wanscam NC-541W
Wanscam NC-541w
Wanscam NC-543W
Wanscam NCB-534W
Wanscam NCB-540W
Wanscam NCB-541W
Wanscam NCB-541WB
Wanscam NCB-543W
Wanscam NCBL-618W
Wanscam NCH-532MW
Wanscam NCL-610W
Wanscam NCL-612W
Wanscam NCL-616W
Wanscam NCL-S616W
Wanscam Other
Wanscam TG-002
Wanscam WJ-0004
Wanscam WX-617
Wanscam Works
Wanscam XHA-120903181
Wanscam XHA-4020a2
Wanscam __PTZ
Wanscam chiOthernese
Wanscam ip
Wanscam jw0005
Wanscam jw0010
Wansview 541
Wansview 625W
Wansview MCM-627
Wansview N540w
Wansview NCB-534W
Wansview NCB-541W
Wansview NCB-541w
Wansview NCB-543W
Wansview NCB541W
Wansview NCB545W
Wansview NCL-610W
Wansview NCL610D04
Wansview NCL614W
Wansview Other
Wansview dcs543w
Wansview nc543w
Wardmay+CCTV WDM-6702AL
Watch+bot+Camera resup
WebcamXP Other
WinBook Other
WinBook T-6835
WinBook T-6835WIP
WinBook T-7838
Winic NVT-530004
Wise+Group Other
X-Price Other
X10 39A
X10 AIRSIGHT
X10 AirSight
X10 Airsight
X10 Jake
X10 Other
X10 XC-38A
X10 XX-36A
X10 XX-39A
X10 XX-56A
X10 XX-59A
X10 XX-60
X10 XX-69A
X10 XX41Ahome
XVision Other
XXCamera 53100
XXCamera 5330-E
XXCamera Other
XXCamera XXC-000723-NJFJD
XXCamera XXC-092411-DCAFC
XXCamera XXC-50100-H
XXCamera XXC-50100-T
XXCamera XXC-5030-E
XXCamera XXC-53100-T
XXCamera XXC52130
Xin+Ling Other
Yawcam Other
Zilink Other
Zmodo CMI-11123BK
Zmodo IP-900
Zmodo Other
Zodiac+Security 909
Zodiac+Security Other
Zoneway NC638MW-P
ZyXEL Other
alexim Other
alexim cam22822
alias Other
all+in+one+ Other
all+in+one+ b1
all-in-one Other
allecto DVC-150IP
apc Other
asw-006 Other
boh l
bravo Other
bush+plus BU-300WF
ccam p2p
china 8904W
china HDIPCAM
china IPCAM
china Other
china PTZCAM
china np-02
ciana+exports antani
cina Other
coolead L
coolead L610WS
dax Other
denver IPC-320
denver IPO-320
e-landing 720p
eScam QF100
ebw Other
epexis PIPCAMHD82
epexis pipcam5
esecure nvp
geeya C602
geeya P2P
geeya c801
hdcam Other
homeguard 720P
homeguard Other
homeguard Wireless
homeguard wifi
iView ID002A
iView Other
insteon 75790
insteon 75790wh
insteon High
insteon Other
insteon Wireless
iuk 5A1
ivision hdwificam
iwitness bullet
jwt Other
jyacam JYA8010
kadymay KDM-6800
kadymay KDM6702
kadymay KMD-6800
kadymay Other
kang+xun xxc5030-t
kines Other
kiocong 1601
kiocong 1602
kiocong 1609
kiocong Other
kodak 201pl
koicong 1601
l+series CAM0758
l+series CAM0760
l+series Other
l+series V100
logan n8504hh
meyetech 095475-caeca
meyetech 188091-EFBAE
meyetech Other
meyetech WirelessCam
micasaverde VistaCamSD
pipcam HD17
pni 941w
pni IP451W
pni IP541W
pni IP941W
pni IP951W
pni Other
pnp IP
pnp Other
semac Other
skylink WC-300PS
storex D-10H

Printers

Brother printers including DCP-9020CDW, MFC-9340CDW, MFC-L2700DW, or MFC-J2510 – Details

HP All in One Printers with Fax capability – Details

HP PageWide, HP OfficeJet Pro printers – Details

Panasonic Printer – Details

Storage

Medion LifeCloud Nas  – Details

Netgear ReadyNAS – Details

Netgear Stora  – Details

Seagate Home  – Details

Western Digital My Cloud NAS devices – Details

Western Digital My Book – Details

Wireless Routers

Misfortune Cookie Vulnerability, 12 million router – Long list of routers from Asus to ZTE – Details

Arris NVG589, NVG599 and possibly other modems, routers, gateways sold for AT&T’s U-verse service have a major security hole. If you have one, you need to update it as soon as possible to software newer than 9.2.2 or apply this fix.

CData networking equipment (Cdata, OptiLink, BLIY)- Major backdoors and other issues – Details – The company says these are counterfeit versions.

Cisco RV110W, RV130W, RV215W – Details

Davolink dv2 200 router – Details

D-Link DWR-116, DIR-140L, DIR-640L, DWR-512, DWR-712, DWR-912, DWR-921, DWR-111 and other using similar firmware – Details

D-Link DIR-600l -905l – Details

D-Link DIR-600, DIR-300 – Details

Dlink DWR-932B – Details

Dlink 850L – Details

D-Link DSL-2740R, DSL-2640B, DSL-2780B, DSL-2730B, and DSL-526B – Details

Huawei HG532e – Details

Linksys Wireless Routers Jan 2017 – Details

Linksys E1500/E2500 – Details

Linksys E Series Routers 2018 – Details

MikroTik Routers – Details

Netgear DGN Series- Details

Netgear Routers – 2018 Details – 2020 Details

OpenWRT Firmware – Details

Pulse Secure VPN – Details – Passwords Leaked

Ruckus – Details

Sierra LS300, GX400, GX/ES440, GX/ES450, and
RV50 – Must change default password – Details

Tomato Alternative firmware – Details

TP Link – TL-WR841N – Details

Trendnet TEW-731BR router – Details

Ubiquiti – Details – Details

Zyxel NAS542, NAS540, NAS520, NAS326, NSA325 v2, NSA325, NSA320S, NSA320, NSA310S, NSA310, NSA221, NSA220+, NSA220, and NSA210. – Details – Older models will not be patched, must keep NAS behind firewall.  Some Zyxel firewalls also have vulnerability. Stop using ones that are not patched. – Details

These routers have uPNP on by default and should not:

ADB Broadband S.p.A,    HomeStation ADSL Router  
ADB Broadband,    ADB ADSL Router  
ADBB,    ADB ADSL Router  
ALSiTEC,    Broadcom ADSL Router  
ASB,    ADSL Router  
ASB,    ChinaNet EPON Router  
ASB,    ChinaTelecom E8C(EPON) Gateway  
Actiontec,    Actiontec GT784WN  
Actiontec,    Verizon ADSL Router  
BEC Technologies Inc.,    Broadcom ADSL Router  
Best IT World India Pvt. Ltd.,    150M Wireless-N ADSL2+ Router  
Best IT World India Pvt. Ltd.,    iB-WRA300N  
Billion Electric Co., Ltd.,    ADSL2+ Firewall Router  
Billion Electric Co., Ltd.,    BiPAC 7800NXL  
Billion,    BiPAC 7700N  
Billion,    BiPAC 7700N R2  
Binatone Telecommunication,    Broadcom LAN Router  
Broadcom,    ADSL Router  
Broadcom,    ADSL2+ 11n WiFi CPE  
Broadcom,    Broadcom  Router  
Broadcom,    Broadcom ADSL Router  
Broadcom,    D-Link DSL-2640B  
Broadcom,    D-link ADSL Router  
Broadcom,    DLink ADSL Router  
ClearAccess,    Broadcom ADSL Router  
Comtrend,    AR-5383n  
Comtrend,    Broadcom ADSL Router  
Comtrend,    Comtrend single-chip ADSL router  
D-Link Corporation.,    D-Link DSL-2640B  
D-Link Corporation.,    D-Link DSL-2641B  
D-Link Corporation.,    D-Link DSL-2740B  
D-Link Corporation.,    D-Link DSL-2750B  
D-Link Corporation.,    D-LinkDSL-2640B  
D-Link Corporation.,    D-LinkDSL-2641B  
D-Link Corporation.,    D-LinkDSL-2741B  
D-Link Corporation.,    DSL-2640B  
D-Link,    ADSL 4*FE 11n Router  
D-Link,    D-Link ADSL Router  
D-Link,    D-Link DSL-2640U  
D-Link,    D-Link DSL-2730B  
D-Link,    D-Link DSL-2730U  
D-Link,    D-Link DSL-2750B  
D-Link,    D-Link DSL-2750U  
D-Link,    D-Link DSL-6751  
D-Link,    D-Link DSL2750U  
D-Link,    D-Link Router  
D-Link,    D-link ADSL Router  
D-Link,    DVA-G3672B-LTT Networks ADSL Router  
DARE,    Dare router  
DLink,    D-Link DSL-2730B  
DLink,    D-Link VDSL Router  
DLink,    DLink ADSL Router  
DQ Technology, Inc.,    ADSL2+ 11n WiFi CPE  
DQ Technology, Inc.,    Broadcom ADSL Router  
DSL,    ADSL Router  
DareGlobal,    D-Link ADSL Router  
Digicom S.p.A.,    ADSL Wireless Modem/Router  
Digicom S.p.A.,    RAW300C-T03  
Dlink,    D-Link DSL-225  
Eltex,    Broadcom ADSL Router  
FiberHome,    Broadcom ADSL Router  
GWD,    ChinaTelecom E8C(EPON) Gateway  
Genew,    Broadcom ADSL Router  
INTEX,    W150D  
INTEX,    W300D  
INTEX,    Wireless N 150 ADSL2+ Modem Router  
INTEX,    Wireless N 300 ADSL2+ Modem Router  
ITI Ltd.,    ITI Ltd.ADSL2Plus Modem/Router  
Inteno,    Broadcom ADSL Router  
Intercross,    Broadcom ADSL Router  
IskraTEL,    Broadcom ADSL Router  
Kasda,    Broadcom ADSL Router  
Link-One,    Modem Roteador Wireless N ADSL2+ 150 Mbps  
Linksys,    Cisco X1000  
Linksys,    Cisco X3500  
NB,    DSL-2740B  
NetComm Wireless Limited,    NetComm ADSL2+ Wireless Router  
NetComm,    NetComm ADSL2+ Wireless Router  
NetComm,    NetComm WiFi Data and VoIP Gateway  
OPTICOM,    DSLink 279  
Opticom,    DSLink 485  
Orcon,    Genius  
QTECH,    QTECH  
Raisecom,    Broadcom ADSL Router  
Ramptel,    300Mbps ADSL Wireless-N Router  
Router,    ADSL2+ Router  
SCTY,    TYKH PON Router  
Star-Net,    Broadcom ADSL Router  
Starbridge Networks,    Broadcom ADSL Router  
TP-LINK Technologies Co., Ltd,    300Mbps Wireless N ADSL2+ Modem Router  
TP-LINK Technologies Co., Ltd,    300Mbps Wireless N USB ADSL2+ Modem Router  
TP-LINK,    TP-LINK Wireless ADSL2+ Modem Router  
TP-LINK,    TP-LINK Wireless ADSL2+ Router  
Technicolor,    CenturyLink TR-064 v4.0  
Tenda,    Tenda ADSL2+ WIFI MODEM  
Tenda,    Tenda ADSL2+ WIFI Router  
Tenda,    Tenda Gateway  
Tenda/Imex,    ADSL2+ WIFI-MODEM WITH 3G/4G USB PORT  
Tenda/Imex,    ADSL2+ WIFI-MODEM WITH EVO SUPPORT  
UTStarcom Inc.,    UTStarcom ADSL2+ Modem Router  
UTStarcom Inc.,    UTStarcom ADSL2+ Modem/Wireless Router  
UniqueNet Solutions,    WLAN N300 ADSL2+ Modem Router  
ZTE,    Broadcom ADSL Router  
ZTE,    ONU Router  
ZYXEL,    ZyXEL VDSL Router  
Zhone,    Broadcom ADSL Router  
Zhone,    Zhone Wireless Gateway  
Zoom,    Zoom Adsl Modem/Router  
ZyXEL,    CenturyLink UPnP v1.0  
ZyXEL,    P-660HN-51  
ZyXEL,    ZyXEL xDSL Router  
huaqin,    HGU210 v3 Router  
iBall Baton,    iBall Baton 150M Wireless-N ADSL2+ Router  
iiNet Limited,    BudiiLite  
iiNet,    BoB2  
iiNet,    BoBLite  

Chips used in many products

Realtek rtl81xx SDK with the miniigd daemon – Details

Motherboards

SuperMicro BMC – Details

General Internet of Things Security Tips

Securing Wearable Technology Fitness Devices

Fitness trackers like the Fitbit, Vivosmart, Jawbone Up, Apple Watch, etc connect via Bluetooth.  Some devices use a fixed Bluetooth MAC address, allow criminals or law enforcement to identify you, wherever you go.

More secure fitness trackers like the Apple Watch protect users against tracking by switching the devices address every 10 minutes.

Look for updates from your fitness device’s website to address this issue. Garmin has issued updates to fix this issue.

Federal Trade Commission Makes Asus Improve Router Security

In February 2016, the Federal Trade Commission settled charges with Asus, over critical security flaws in its routers that put the home networks of hundreds of thousands of consumers at risk.

Finally!, the government is forcing these manufacturers to fix wireless routers that can be come huge security holes. This precedent should cause Internet of Things makers to also fix issues, or be subject to lawsuits.

Conclusion

IOT devices are great, but introduce a new level of complexity and security holes for hackers to break in.

Do you worry about getting hacked through your gadgets?

Online banking and online trading have been gaining market share every year. Security breaches make headlines almost daily. With more and more people going online, consumers are worried more than ever about keeping their online banking and online trading safe and secure. In this article, we will help you bank and trade more securely.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

1. Configure your wireless router for optimal security. Consult our article How to set up a secure wireless router for details. For maximum security, do your online banking and online trading when connected by a hardwired connection such as Ethernet.

2. Ensure that your operating system is set up securely. Consult our computer security guides for Windows and Macintosh. For maximum security, you could start off a Linux boot CD or USB key.

Burning Linux Live CD to a write only media such as a CD/DVD or a USB drive with Write protect switch, helps prevent any changes to a virgin Linux distribution. Keep in mind that no bookmarks, password managers, etc would be accessible.

The CD versions do take many minutes to boot up and ask you if you want to try Linux, so the USB route is definitely preferred.

3. Secure your Internet browser. Consult our security guides to Internet Explorer, Google Chrome, and Google Chrome.

4. Make sure you are accessing the online banking or trading website is using a secure connection, look for https:// in the browser’s address bar and a padlock icon in the browser. A broken key, broken padlock, or any open lock indicates it is not secure. If you want to ensure security, see if the bank or brokerage takes transactions over the phone.

5. When creating an account at the online bank or brokerage, we recommend you use a unique password as it is far safer in case the website gets hacked. You would not want hackers to get a password that worked on other websites. Consult our How to create, store and use secure passwords article for suggestions.

6. Sign up for alerts from your bank or brokerage by email or text message. This will allow you to respond to any fraud rapidly. Also carefully check each month’s statement for erroneous or fraudulent transactions. Consider checking your outstanding transactions every couple of weeks via the company’s website.

7. Two factor authentication is available from many banks and brokerage houses. Bank of America, Citi, Schwab, Fidelity Investments, and several other companies have this available, so check with your representative. This technique forces the use of both a password and a number generated by the hardware security token in your position, both are needed in order to log in. Clearly if criminals got a hold of your password, they would not be able to login.

Two factor authentication systems using SMS text messages are not secure, due to hijacking of mobile phone accounts and the weak SS7 routing system. Even Reddit got hacked this way. We suggest only using two factor when you can use a physical token or a time based authenticator like Google’s. Send text messages to a VoIP number such as Google Voice  instead. Do not allow Google Voice to forwards Texts/Calls to your main number.

• A new paper in 2020 from Princeton researchers shows how easy it is to pull off a SIM Swap against AT&T, Verizon, T-Mobile and others.

8. To avoid falling victim to e-mail phishing, never click a link or open an attachment from an e-mail. This is especially true for online banks and online brokerages. Manually type the URL into your browser.

Opening Attachments Safely with Gmail

Forward the email with attachment to a Gmail account.  From there, you can use Google Docs to open Word Processing, Spreadsheets, etc.  No need to endanger your own computer.

9.Internet Explorer Virtual Machine – Designed for web developers to test compatibility with different versions of Internet Explorer, these Virtual Machines for Microsoft’s Virtual PC allow you to run a Virtual computer on your desktop with Internet Explorer pre-installed. If you mess up the Virtual computer, you can just delete it and start fresh from a new image. You can perform your online banking and trading within the virtual machine to increase security.

10. When banking or trading on a smartphone or tablet, using the built in 3G/4G connection is a lot safer than connecting via a local wireless internet hotspot. This warning applies to both apps and mobile internet browsers.

11. Explicitly logout after you are finished.  Do not just close the browser.  This helps terminate your session officially.

Things Not To Do

1. Do not bank or trade when using public wifi hot spots or when using a shared computer in a cyber cafe. Many of these locations provide little to no security and are prone to snooping or malware. This warning also includes smartphones and tablets connected to public wireless internet.

Do these safeguards make sense?

Note: Facebook has committed to making these settings easier to find, so there may be some variance in what we depict below.

A September 2018 security hole in Facebook allowed 50 Million accounts to be accessed by hackers.  Check to see if you were affected.

Facebook reached a new low in March 2018. A massive data compromise was exposed that allowed Cambridge Analytica to obtain extensive psychographic information about 50 million Facebook users in 2014. This data was probably used to manipulate the 2016 Presidential elections.

Let’s be honest, in exchange for using this FREE service, you upload text, pictures, videos for Facebook to learn more about you. They then use this personal information to sell ads and more.  There is no free lunch. Facebook is a money making machine, not your friend.

Short of deleting Facebook and Facebook messenger, This is how you can adjust your Facebook Privacy Settings to protect yourself.

Two Factor Authentication

In September 2018 it became know that Facebook uses your second factor authentication for advertising purposes!  Do not use your phone number or another email address, instead use the option of employing Google Authenticator.

Important: You need to make change at both Facebook.com AND inside the Facebook App

Adjust Facebook.com Website Settings

Remove any friends you do not really know.  They can send you scams or other information with out being filtered.

Login to Facebook, Open the  App Settings Page

Click Edit in the Apps, Websites and Plugins box.

Also set Old Versions of Facebook for Mobile to Only me

Click Disable Platform

This will prevent Facebook from sharing your data with other apps and websites. You also cannot use your Facebook login to login to other sites any more.

If you want to still allow using Platform but want to lock down what is shared, instead of Disable Platform, select Edit under Apps Other Use.

We recommend Unchecking EVERY box and hitting Save

Adjust Facebook Ad Settings

Click on Ads in the lower left area of the Facebook Settings Page

For Advertisers you’ve interacted with – Click the triangle in the right side, to show the settings. Click on every company to disable this.

For Your Information – Click the triangle in the right side, to show the settings. Turn off everything. Also click the Your categories tab and turn off EVERYTHING. Pretty scary?

For Your Ad Settings – Click the triangle in the right side, to show the settings. Turn off everything.

For Hide Ad topics – Click the triangle in the right side, to show the settings. Set all of them to Permanently

.

Facebook Privacy Settings and Tools

Visit the Facebook Privacy Page to lock down its settings.

Adjust the settings so it looks like our screen. This was the best we could do. Make sure you have a bogus phone number in Facebook. Do not allow search engines outside of Facebook to link to your profile.

Change your birthday so it is a day earlier

Click the Use Activity Log link and remove yourself from any posts you have been tagged in.

Turn off Face Recognition

Visit the Face Recognition Settings and turn it to No

Adjust Timeline and Tagging Settings

Visit the Timeline and Tagging Settings and adjust it to the following:

Remove Facebook Likes

Click Timeline on your personal Facebook Page

Click More in the middle area and select Likes

Remove the Likes for as many items as possible! Delete TV Shows, Books, Events, Questions, Reviews and Movies from the list

Facebook Mobile App Privacy Lockdown

The above settings affect the Facebook App, but there are additional settings that need to be set in the App.

Prevent Facebook from using your Location

Facebook’s App can use your location even when you are not running it.

To disable it in iOS:

•  Settings – Privacy – Location Services -Facebook –  Never or While Using App

To disable it in Android:

• Settings – Apps – Facebook – Permissions – Location – Off

Remove Uploaded Contacts from Facebook

Click here to visit the  page to remove uploaded contacts in Facebook.

Prevent Facebook from continuously uploading new contacts from your phone.

Turn off Upload contacts if you use the Facebook App, it is located at:

• 3 lines in lower right corner of Faceebok App, Settings, Account settings, General, Upload contacts
• Facebook has a page to help you prevent syncing of contacts to Messenger. Details on the issue with Facebook looking at all your calls

Adjust who can see your posts from New Feed or Profile

• Select 3 lines in lower right corner of Facebook App, Settings, Account settings, General, Privacy, Check a Few Important Settings

Select Friends or Only me

On the next screen for Posts, also select Friends or Only me

The next screen will then be Profile

Lock Down your Profile

Select the appropriate level of lockdown for each item. Only me would be most secure.

The Next screen would be Apps

Remove Unnecessary Apps

Click the X next to apps you no longer need.

Timeline and Tagging

• Select 3 lines in lower right corner of Facebook App, Settings, Account settings, Timeline and Tagging

Adjust Time line and Tagging to: Only me for all settings

Change the 2 Review settings to: On

Limit Facebook Location Data

• Select 3 lines in lower right corner of Facebook App, Settings, Account settings, Location

Do not allow Facebook to save your location, do not share location with Nearby Friends, Do not Find Wi-Fi

Adjust Public Posts

• Select 3 lines in lower right corner of Facebook App, Settings, Account settings, Public Posts

Adjust these settings to something less than Public

Interests

• Select 3 lines in lower right corner of Facebook App, Settings, Account settings, Ad Preferences

Remove all the Interests by clicking on each one and selecting Remove Interest.  Other settings should have been set at Facebook.com with the instructions above.

Facebook Messenger

Facebook keeps all your messenger messages.. FOREVER.  Scary isn’t that?

Here is how you delete Facebook messenger messages, conversations and photos.

Items We are still working on cleaning:

• Check-Ins
• Removing Apps

Do you feel more secure now?

Security has become an ever more important part of using a personal computer. Increasingly, the daily headlines include news of companies and websites getting hacked. It is important to learn how to properly secure your wireless Internet as well as secure your personal computer.

This article focuses on how to secure your wireless network router so that you do not become part of the statistics. The wireless router typically includes a firewall that defines the perimeter of your network. Think of this as a fence, walling off your network from the Internet. Having a vulnerable wireless network allows criminals to ppossibly steal your data as well as Internet access. You could also become responsible for illegal downloading if your wireless Internet was compromised.

October 2017 Wi-Fi KRACK attack Warning

KRACK attack on Wi-Fi. Attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted.  Virtually ALL Wi-Fi equipped devices need to be updated.  The attack is particularly bad on Android 6.0 and Linux. If you have a device with no updates (eg Internet of Things), you will be open to attacks.

You should not be using any non-802.11ac devices any more, if at all possible; and you should make absolutely certain you’ve updated the firmware on all routers to the latest available version.

If that newest available firmware version is older than November 2017, it is without a doubt vulnerable to KRACK, and you’re going to need to discard and replace that device. If it’s older than, say, July 2018 it might or might not include KRACK mitigations, and you should go through all of that device’s firmware release notes since November 2017 to make certain.

Government Spying via Compromised Wi-Fi Routers

WikiLeaks has confirmed that insecure wireless routers were hacked and users spied probably by the CIA.  If you own a router on the list, update its software immediately or buy a new one.

Federal Trade Commission Makes Asus Improve Router Security

In February 2016, the Federal Trade Commission settled charges with Asus, over critical security flaws in its routers that put the home networks of hundreds of thousands of consumers at risk.

The proposed consent order will require ASUS to establish and maintain a comprehensive security program subject to independent audits for the next 20 years.

Finally!, the government is forcing these manufacturers to fix wireless routers that can be come huge security holes.

Wirless Routers are a big Security Hole

The Wall Street Journal commissioned a security researcher to test 20 popular internet Wireless Routers in late 2015. 10 had known security weaknesses. 4 had old firmware that when upgraded could contain undocumented security problems.  Keep your router’s software update and if it is older than 2 years, you should buy a new one. Few routers automatically update their software, like Windows does. Most networking companies’ stop updating them after a year or two (They have no financial incentive), resulting in a major security risk.

Hackers can take control of insecure wireless routers to snoop on all your Internet traffic, initial denial of services attacks on others, or steal your financial information.

Cable or DSL Modem Direct Connection

Some high speed Internet connections allow you to directly connect your computer to the modem.  We recommend installing a network router in this situation to help protect the computer from external traffic. Install a wireless router and turn off the wireless capability if you do not need it.

Hardwired Ethernet Network

Secure wireless is an oxymoron! Using a hardwired Ethernet connection is much more secure than wireless Internet, a must for those looking for the maximum protection. Unfortunately, this is type of access is not possible for some devices (iPad, iPhone, etc.) and is far from convenient. Most users who demand the utmost in security and performance lay Ethernet networking in their homes and businesses. They may still run a wireless network, but limit access on that network to just a couple devices.

What is the most secure Wireless Router?

Wireless router hardware is available from many major manufacturers, including Apple, Cisco – Linksys, D-Link, or Netgear. We suggest avoiding smaller companies because they may be slow to update the software (firmware) and patch security holes. Unfortunately, even the large comes stop upgrade software on their routers after a year or two, you then should buy a NEW router. Fewer notify users of new software availability.

Manufacturer’s models differ in wireless range, speed, wireless standard support (Wireless-AC), and special features. Always make sure to update to the latest firmware available; bug fixes, security fixes, and enhancements were possibly added.

More Advanced Routers

The best routers are more robust routers targeted towards small business. They have more advanced security and are updated more often. If you are not technical, forget about buying one.

• pfsense – Makes a solid security appliance. Their 2 port model is more affordable at $299, $374 with 802.11N. You need to be somewhat technical to setup Virtual LANs.
• Ubiquiti Networks – Makes a great low cost multi port router, EdgeRouter X, for under $50. Add their UniFi AP AC Lite access points ($90) and you have one of the best and cost effective Wireless setups. Again not for beginners. Great Setup Guide

Cheap 3 Router secure Wireless Setup for IOT

Here is a good setup if you are concerned about security, are not a network expert, and need to have a guest network or have Internet of Things devices. (IE Nest Cam, Nest Smoke Detector, etc)  This configuration prevents these devices from snooping or intercepting your normal traffic. Using a typical Wireless router’s Guest network will NOT accomplish the same thing.

Kudos to Steve Gibson of Security Now. Buy or re-use a cheap old router that does not have to have wireless capabilities. We will be connecting them in a Y configuration. Connect this Router 1 to your Cable / DSL Modem.

Wireless Router 2 and Wireless Router 3 are both plugged into Router 1.

• Use Wireless Router 2 for all your computer, tablet, smartphone needs.
• Connect Wireless Router 3 with all your IOT or Internet of Things devices, like security systems, cameras, thermostat, etc.
• IOT devices should use a different DNS Server than your standard one.

Optimizing Wireless Routers for Maximum Range

• Physical Location – Where you place the wireless router is very important.
  • Position the wireless router to most central or optimal location for best coverage of your wireless network, and least amount of leakage to unwanted places like your neighbors or passersby on the street. This may be high up on a wall and may not be in the room the Internet connection is located in. Keep the wireless router away from microwave ovens and cordless phones.
  • If you have sufficient wireless coverage and your wireless router supports it, you could also Reduce your wireless router’s transmitter power so it doesn’t send the signal beyond your home.
  • Run a utility such as inSSIDer that helps you adjust your wireless router’s channel configuration to prevent interfering with surrounding wireless wifi networks. Wifi Analyzer for Android, Wi-Fi Finder iOS also works. Most routers are preset to channel 6, causing more collisions.
  • Antennas – Low cost 3^rd party add on antennas extend range without the need to buy a new wireless router; free antennas can also extend range. Some antenna’s omnidirectional, while others are directional, allowing you to focus a wireless signal. Replace the cheap antenna that came with your wireless router, to significantly increase performance.
  • Add an electrical power timer to turn off the wireless router when not in use or at night. This saves money and offers added security.

Wireless Network Router Settings

Wireless routers need to be configured properly to ensure proper operation as well as maximum security. Although wireless routers from different vendors include differing configuration options, most include these configuration settings. We have included screenshots for a variety of popular wireless routers, but can never cover every single wireless router available. We recommend disconnecting your cable or DSL modem while your router is being configured as some routers take a while to boot up and present an unfiltered connection while loading up.

Before you make any changes to your wireless router, always note how it was configured before the changes were done, so you can undo changes.

Access the administrator configuration for your wireless router by either running the software that was included with it or by accessing it directly from a web browser. For instance, Linksys router web interface for their wireless routers can be accessed when entering the following URL into your browser: https://192.168.1.1/

Administrator Password

• Password entered to gain access to the wireless router hardware. The administrator password MUST be changed from factory default to something difficult and long. Many people never change the factory password and leave themselves wide open to getting hacked. See our article on generating secure passwords for tips.
• Router Default Passwords can show you passwords for routers left unchanged from default
• Disable remote router access or Remote management so no one can change your settings from outside your network. On Linksys routers, it is located on the Administration tab – Management.
• Enable Logs so that you can go back and see where problems arose.

Cisco Linksys Wireless Security Settings

Cisco Linksys Dual Band 2.4Ghz 5Ghz Wireless Security Settings

DLink Wireless Security Settings

Wireless Encryption

• It is best to use WPA2-Personal security mode, AES encryption (do not select TKIP), a long Pre-Shared Key. Recommendation: Long (40+ characters) and include symbols, and upper and lower case. You will have to enter this password on each wireless device.
• Do not use WEP or WPA encryption as they are easily hacked. WEP encryption can be broken in under a minute. If you have hardware that does not support WPA2 encryption, replace the hardware.
• Always use encryption and NEVER have an open Wi-Fi access point without a password.

Mac Address Filtering

• This should be Disabled. This ensures that only authorized Wireless devices’ Mac Address (the serial number of the networking devices) are allowed to access the wireless router. Enabling it does not make it anymore secure against hackers. They can spoof Mac Addresses.

SSID

• Name – Change the default name. Do not use your address or a personal name. It is important to have a unique name so that when you’re away from home, your devices do not automatically try to logon to other wireless networks with the same name. This will also make you less susceptible to attacks using precomputing tables based on default names. Make sure you do not use names like: linksys, netgear, attwifi, 2wire####.
• To make your WiFi Network name more secure you should also add “_nomap_optout” to the end of it.  This prevents early Windows 10 installs from sharing it and Google from indexing it.
• Broadcast – Should be enabled to present easy access and prevent devices beaconing for it when it is out of range. Hiding it does not make it anymore secure against hackers.

UPNP – Disable this feature.  Very Important! It makes your network much more vulnerable. Although adding devices will require manual action. You could also enable Universal plug and play only when adding a new device.

Wi-Fi Protected Setup (WPS) – Disable this feature (if possible) and enable manual setup, even though it makes setup much easier.  It makes your network much more vulnerable to external hacking. A flaw allows a remote attacker to recover the WPS PIN and, with it, the router’s WPA/WPA2 password in a few hours was uncovered in December 2011. Checkout our WPS article on this.

Some older Linksys routers have SecureEasySetup (SES), which can be disabled to increase security.

Bands – More advanced wireless routers operate on multiple frequencies at the same time.

• 2.4 GHz – This is the typical Wi-Fi frequency used by most wireless routers.
• 5 GHz – More advanced routers support this frequency. Your computer or Wi-Fi device needs to also support the 5 GHz frequency option, so an extra network adapter may be required. Utilizing only this frequency helps prevent your network from being probed by less sophisticated hackers. *Note* 5 GHz performance transfer rate decreases dramatically the farther the device is from the router. Buy a new router if this is the case.

DHCP

• DHCP is used to handout Internet IP Addresses to your local network devices. Be sure to set a limit to the number of DHCP addresses given out by your router. This number should correspond to the actual number of devices you own. Occasionally, login to your router and audit the number of DHCP addresses given out, to look for nearby Internet leeches. RogueScanner is a free tool that will help you find rogue wireless access points and devices.

DNS

Set the DNS (Domain Name Server) that the router uses to either your ISP’s DNS Server or better yet, to Google’s high performance DNS: 8.8.8.8

Leaving the field empty could lead to DNS spoofing.

Wireless Routers with Guest Network 

This is an IMPORTANT feature to look for in a new Wi-Fi router. If your wireless router is capable of setting up a separate network for your Guests and Internet of things (IOT – Cameras, Doorbells, etc) devices, you need to ensure that it is set up properly to prevent access to your main network. Keep in mind that some older guest networks (Linksys, Cisco) simply have a password but do not utilize wireless encryption such as WPA2. Buy a new router if this is the case.

Use a different password for this network and give this out to your guests.  Also place the following types of devices on this network, not your main network.

• Security Cameras
• Wireless Thermostats and Smoke detectors (IE Nest)
• Internet of things devices (Toys, Cars, Appliances, etc)
• Cars

Isolating Guest Network Access

If you have a D-Link wireless router, be sure that the Enable Routing Between Zones option is not checked. This will prevent access by a guest network client, onto your main network.

If you have an Asus wireless router, be sure that the Access Intranet option is set to Disable. This will prevent access by a guest network client onto your main network.

• Some Asus routers have Set AP Isolated in their Wireless-Professional Menu. Setting this to Yes for the 2.4Ghz Band will also increase security by preventing guest network clients from accessing each other.
• Advanced Asus Router users: If you are running 3rd party Asus Merlin firmware adding this rule to a firewall-start file will prevent guest network users from being able to access each others:
  • wl -i wl0.1 ap_isolate 1

Known Wireless Router Issues

If you own an AsusRT-N66U or Linksys E-series wireless router, make sure it has been updated to prevent the Moon worm.

Additional Security

• Options such as Radius Authentication may be supported by the wireless router. This is more for corporate or small business security. ZeroShell allows you to set up a RADIUS server inside a virtual machine.

Third Party Wireless Router Firmware

• 3^rdParty Firmware or software for the wireless router is often available with additional features not available from the manufacturer’s firmware. This many also be more secure than your original firmware.
  • Why? – Need a particular special feature. Often only for power users.
  • What features would be available? – Stability, security, configurability
  • Wireless Router Compatibility – Check website to see if your wireless router is supported by 3^rd party firmware

• Tomato – Popular 3^rd party replacement firmware for many wireless routers.

• DD-WRT – Popular open-source 3^rd party replacement firmware for many wireless routers. This firmware enables you to adjust the transmit power of the router to help boost range.
• Asuswrt-Merlin – This 3rd party alternative firmware is focused on Asus routers.

Buffalo  makes wireless routers with DD-WRT pre-installed. This allows them to reduce the amount of software (firmware) they have to write, and concentrate their efforts more on hardware. If you are afraid of accidentally damaging your wireless router by installing 3^rd party firmware consider purchasing a Buffalo High Performance wireless router.

• Do It Yourself (DIY) Wireless Router – allows for advance features , good if you have extra computers, higher performance needs, QoS, IP filtering, traffic stats, special network configurations that are not mainstream.
  • Smoothwall – Popular 3^rd party Linux based router software. Runs on any Pentium-class PC with at least 128 MB of RAM. Snort Intrusion Detection System support is also available, so you do not have to run Snort in a separate installation.

Testing Wireless Router Security

Testing wireless router security is important to see how secure your wireless router really is. Here are some sites that help test your wireless router’s security. You can adjust your configuration to close any vulnerabilities they find.

• Rapid7 – Has penetration testing software
• Shields Up – Tests your network with tools from Steve Gibson of GRC.
• HackerWatch – Tests your network with tools from McAfee.
• HackerTarget – Multiple tests on your network
• Arachni – Security scanning framework

By applying special settings to your wireless router, you can significantly increase the security of your wireless network to prevent theft and secure our privacy.

Also keep you wireless router’s software up to date and buy a new one every couple years, if there has not been an software update recently.

This concludes our How to setup a Secure Wireless Network Router  article. Other articles on Safegadget.com help you secure the other aspects of your personal computer, including How to Set up a Secure wireless network Router, and How to Secure Internet Explorer article, or How to Secure Firefox Article. Please see our other articles on security tips for your e-mail, iPad, online banking, online shopping, smart phones, and more.

Passwords are one of the biggest security problems on the Internet, possibly even more so than Malware. Poorly chosen passwords and security questions are making online accounts easily hackable by cyber-criminals.

1. Check to see if you have a compromised account
2. See if a password you used has been hacked

Everyone knows it’s important to create and use complex passwords, ones that do not include:

• Words from the dictionary of any language
• Personal information such as names of your kids, pets, addresses, etc.
• The same password for more than one site
• Ones that are written down

Few people follow this type of policy. If you are guilty of one or more of the above, you are at risk of getting hacked. Hackers are able to use brute force attacks to test over 200,000 passwords per hour. As technology improves, they will be able to test passwords even faster. In this article we will help you create, store, and easily use secure passwords.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

Better Usernames

We suggest users first start with a non-obvious username. Don’t use your first name or first name + last name as your username throughout your online accounts. Make up a name or alias. Include numbers and/or upper and lowercase letters. Better yet, use a different username on every site. The password managers recommended below will automatically remember all your logins.

What is a good password?

1. Characters, numbers, symbols, length, complexity

A good password has alphabetical characters of both upper and lower case, numbers, symbols. The password should be at least 12 characters in length. Length is more important than complexity. Computers have gotten so fast that they are able to password crack shorter passwords in no time especially with high speed GPUs. Keep in mind that some online services have limits as to what characters are valid and how long a password can be.

Examples of good passwords include: 9F1%6!Q(&3mdIOe39 or f7aX3z&a8L2;’\]

These are pretty hard to remember, aren’t they? We will include suggestions on how to create strong and easy to remember passwords below.

2. What passwords not to use

There should be no words from the dictionary of any language, present in your password. No personal information should be in your password including birthdays, names, addresses, phone numbers, etc. Develop a mnemonic system for remembering complex passwords.

Examples of bad passwords include: 12345 or john or 123elm or password

If you have to use one of these passwords, at least harden them with some extra symbols and length.

Examples of better passwords include: 12345!!!!???? or !!!!john!!!! or $$$$123elm$$$$ or %%password!! or {[password]}

Not only are the passwords only slightly more difficult to remember, but the security is enhanced by orders of magnitude.

3. Every website you visit should have a different password. The average Internet user has over 25 password protected accounts. If you only use one password, you would be in danger of losing your entire universe, if only one site got hacked and they stored passwords in plain text.

Examples of better passwords include: 12345!!!!????ebay or 12345!!!!????gmail

Another way to create an easy to remember but secure password is to come up with a memorable sentence or phrase and use the first character of each word. Append onto the end of each site’s password, the name of each website and a symbol and a number.

Example sentence: Jack and Jill went up the hill to fetch a pail of water

Website: gmail.com

Password: JaJwuthtfapowgmail!1

4. How often to change your password

Passwords should be changed every so often, especially if you think it has been compromised. Changing a password too often causes major logistical problems. Some companies require password changes every XX weeks.  This causes more harm than good. Works will then reuse old passwords or slight variants of them. The focus should be on changing the most important and most used passwords every couple months. US-CERT has additional password tips.

5. Avoid sites that are not making security a priority. See the posts on Plain text Offenders.

How to create secure passwords

Read the National Institute on Standards and Technology’s 2017 password guidelines.

1. Manually creating passwords

You will basically pick numbers, characters, and symbols at random and keep doing so until you have created a fairly long password. The upside is that it is easy to do, but the downside is that you will probably not pick very random passwords.

2. Web pages that create secure passwords

There are several websites that help you generate secure passwords. Keep in mind that having to visit a website every time you need to generate a password, becomes inconvenient really fast.

• GRC has a password haystack page that helps compute how long it would take to hack a given password.
• GRC also has a page that generates high-security passwords.
• PC Tools helps you generate secure passwords with customizable criteria

3. Software Utilities

Several free software programs can also help you generate secure passwords. Most of these programs also store the passwords, so they’ll be covered in the section below.

4. Password testers

It is best to test your password’s security with the hacking tools the expert hackers use. Windows-based password hacking utilities include: John the Ripper password cracker, Cain and Abel (Windows only)

5. Password recovery questions or security questions

We recommend that users enter secure passwords in these fields and not the true answer. Hackers can and have mined social media including Facebook to extract answers to these questions. You can alternately put in the correct answer and then consistently append a word to it.

6. Need to register and generate a password to see content?

BugMeNot.com is a database of usernames and passwords for sites that require logging in to see content.

7. If you use Steam, turn on Steam Guard so you need to respond to an email or use a mobile code every time you login to Steam from a new computer. Blizzard has an addon two factor authentication app to protect their gaming logins for iOS, and they also have a hardware authenticator for sale.

Two factor authentication systems using SMS text messages are not secure, due to hijacking of mobile phone accounts and the weak SS7 routing system. Even Reddit got hacked this way. We suggest only using two factor when you can use a physical token or a time based authenticator like Google’s. Send text messages to a VoIP number such as Google Voice  instead. Do not allow Google Voice to forwards Texts/Calls to your main number.

Google Smart Lock is also a great way to generate second factor authentication but using your iPhone or Android phone and their app.

• A new paper in 2020 from Princeton researchers shows how easy it is to pull off a SIM Swap against AT&T, Verizon, T-Mobile and others.

Many sites give alternate methods of logging in, if you do not have your second factor available. Commonly these are using your social security number or birthday, data that could be publically found.  This helps negates the advantage of two factor.

In the end, using Two Factor authentication is better than not using it.

These keys are more secure than using Text or SMS to send a one time code. Criminals can divert SMS messages and calls, to another device (either by social engineering a customer service person at the phone company, or via more advanced attacks like SS7 hacks).

8. There are password cracking utilities from companies like Elcomsoft that can break the encryption on many programs and even smartphones. Keep this in mind when assessing the security of a product.

9. If you are buying a new notebook, consider buying one with a hardware security module built-in. The new Intel Ultrabook lightweight notebook specification includes support for a IPT Identity Protection Technology hardware security module or Trusted Platform Module (TPM) that can enhance security by requiring both a password and this hardware key to access certain websites.

How to store and use secure passwords

1. Do not store your passwords in a simple Word or text document. Also, do not write your passwords on a piece of paper or Post-it note. Obviously, your passwords could be easily stolen this way. Storing password in a browser is also a no-no. They have been hacked easily. If you really need to write down your passwords, only write down parts of your passwords and or login, and leave the rest blank.

2. The best place to generate and store passwords is a password wallet utility program.  Our goal is to find a Multi-platform PC, Mac, iOS and Android compatible program that can create  secure passwords, save the passwords, and automatically fill forms with the secure passwords. Here are some examples:

• Lastpass – A password manager that works on Windows, Mac, Apple iOS, Linux, WebOS, Windows phone, Symbian, Android, and Blackberry. Stores data on the web for access anywhere and at anytime. Automatic form filling, one click login. Supports Yubikey, multi-factor authentication including Google two step authentication. Free for mobile users starting in August 2015. Make sure you have Password Iterations set higher than 1. Downside: Mobile version costs money, data is stored on their servers. A two factor authentication system using SMS text messages is not secure.
• KeePass – Open source password manager with auto type capabilities. Available for Windows.  Unofficial versions for Apple iOS, Android, Mac, Linux. Be sure to select the options to:
  • Lock workspace after KeePass inactivity
  • Lock workspace after global user inactivity
  • Lock workspace when minimizing main window
  • Lock workspace when locking the computer or switching the user
  • Lock workspace when the computer is about to be suspended
  • Lock workspace when the remote control mode changes
  • Downside: Password database is stored locally, no online synchronization.
• 1Password -A $49.99 password and identity manager that automatically save and fill website logins. Supports Apple iOS, Android, Mac, and Windows.
  Downside: Cost, Can’t retrieve master password.
• Passpack – Free version supports up to 100 logins. Windows only. Supports most browsers. Supports yubikey. Uses Adobe Air. Allows sharing of logins.
  Downside: Adobe AIR only. (No iOS support)
• Password Safe – Open source password manager for Windows.
  Downside: Windows only.
• Roboform – A password and wallet manager for Mac and Windows that is complete with 1-Click form filling. One identity is Free, Unlimited Logins, Identities, Bookmarks, Safenotes and more cost $29.95.
  Roboform everywhere supports Apple iOS devices, Windows phone, symbian, Palm, Android, and Blackberry. It costs $9.95 for the first year. $19.99/year thereafter.
  Downside: Cost, occasionally pops up when not needed, smartphone apps can’t fill forms, remote access doesn’t allow editing form-fill data.
• Clipperz – Free Online password manager from an Italian company.
  Downside: Web based, requires connection.
• SafePad – Is a notepad with password protection

Our recommendation is to use one of the password managers above for most of your passwords, while remembering a couple important passwords through memorization. Your e-mail, online banking, and online trading passwords should not be stored within these password managers.

Important: If you use a password manager and use its convenient form filler, DO NOT enable automatic form filling. You could be brought to a malicious page and have all your information automatically entered on it, before you realized it.

3. Never send your password via email, over a social network like Facebook, or via phone.

4. Do not forget to backup your Google account with Google Takeout

We have covered many ways for you to create, store, and use secure passwords. If more people utilized the techniques covered above, fewer password intrusions would occur.

Online shopping has been gaining market share every year. Security breaches make headlines almost daily. With more and more shoppers going online, consumers are worried more than ever about keeping their online shopping safe and secure. In this article, we will help you shop more securely.

Secure your computer, web browser, Internet connection

Follow our guides to secure your Windows PC or secure your Macintosh by installing the right software, firewall, antivirus software, etc. Secure your mobile devices: iPhone, Android smartphone or tablet, iPad. Configure the settings and add plug-ins to you web browser so that it is more secure. Consult our tutorials for: Internet Explorer 9, Google Chrome, and Mozilla Firefox. Secure your Internet Connection: Wireless Network, Public Wi-Fi.

1. Configure your wireless router for optimal security. Consult our article How to set up a secure wireless router for details. For maximum security, do your online shopping when connected by a hardwired connection such as Ethernet.

2. Ensure that your operating system is set up securely. Consult our computer security guides for Windows and Macintosh. For maximum security, you could start off a Linux boot CD or USB key.

Burning Linux Live CD to a write only media such as a CD/DVD or a USB drive with Write protect switch, helps prevent any changes to a virgin Linux distribution. Keep in mind that no bookmarks, password managers, etc would be accessible.

The CD versions do take many minutes to boot up and ask you if you want to try Linux, so the USB route is definitely preferred.

3. Secure your Internet browser. Consult our security guides to Internet Explorer, Firefox, and Google Chrome.

4. Make sure you are shopping at a reputable online store that has a good reputation. Gone are the days when you could score a stellar deal on a iPad from a no-name vendor. Online shops need to buy and sell in volume to produce low prices. Check vendor review sites like Google Product Search, BBB online, or Reseller ratings for feedback.

5. Type the URL for the shop directly in the address bar, do not rely on a link from email.  This helps prevent phishing scans. Make sure you are accessing the online store’s website using a secure connection, look for https:// in the browser’s address bar and a padlock icon  in the browser. A broken key, broken padlock, or any open lock indicates it is not secure. If you want to ensure security, see if the online store takes orders over the phone.

6. When creating an account at the online store, we recommend you use a unique password as it is far safer in case the store gets hacked. You would not want hackers to get a password that worked on other websites. Consult our How to create, store and use secure passwords article for suggestions. Using Paypal, Apple Pay, or Google Pay also solves the unique password problem.

7. Pay for your purchase with a credit card and not a debit card or check. This gives you the best purchase protection, under Federal law your liability is limited to $50.

Some credit cards allow you to create single use, virtual, or disposable credit card numbers. Try to use these unique credit card numbers whenever possible. Check your credit card issuer’s website to see if they offer this feature.

If possible, do not allow the online store to save your credit card number.

Remove your credit card and use prepaid gift cards on Facebook, iTunes, Playstation Network, and Xbox Live.

8. Another method to avoid transmitting your credit card number is by using Google pay or PayPal access. These checkout systems store your credit card number and prevent the number from being seen by the online store. Additionally when paying with PayPal, select the option that causes payment to come from your credit card, not from your bank account. This gives you more recourse in case of problems.

9. If you are using PayPal or buying from eBay, consider purchasing their PayPal Security Key that adds an additional log on step. You need to hit the button on the security key and type in the security code it displays before you can log into eBay or PayPal.

These keys are more secure than using Text or SMS to send a one time code. Criminals can divert SMS messages and calls, to another device (either by social engineering a customer service person at the phone company, or via more advanced attacks like SS7 hacks).

Two factor authentication systems using SMS text messages are not secure, due to hijacking of mobile phone accounts and the weak SS7 routing system. Even Reddit got hacked this way. We suggest only using two factor when you can use a physical token or a time based authenticator like Google’s. Send text messages to a VoIP number such as Google Voice  instead.

• A new paper in 2020 from Princeton researchers shows how easy it is to pull off a SIM Swap against AT&T, Verizon, T-Mobile and others.

10. Sign up for alerts from your credit card vendor by email or text message. This will allow you to respond to any credit card fraud rapidly. Also carefully check each month’s credit card statement for erroneous or fraudulent charges. Consider checking your outstanding charges every couple of weeks via the credit card company’s website.

11. When shopping on a smartphone or tablet, using the built in 3G/4G connection is a lot safer than connecting via a local wireless internet hotspot. This warning applies to both apps and mobile internet browsers.

12. Explicitly logout of a website after you are finished.  Do not just close the browser.  This helps terminate your session officially.

13. Print out the confirmation screen of your order to ensure you do not get overcharged.

Things Not To Do

1. Do not shop when using public wifi hot spots or when using a shared computer in a cyber cafe. Many of these locations provide little to no security and are prone to snooping or malware. This warning also includes smartphones and tablets connected to public wireless internet.

Do you perform all the above?  Do you have other security tips?

Google’s Android operating system powers many popular cellphones including the popular Samsung Galaxy S10. Most Android Smartphone users as well as most of the pubic at large do not think very much about security.

If your phone is not running the latest Android Monthly security patches or is Android 6 or older, you are open to attack. A recent Wall Street Journal article showed that only 2.8% of Android devices have the latest security patches. Compare that to 79% of iPhones, due to Apple’s more uniform eco-system.

As of February 2019 only Android 7 to 9 receive security updates now)

Most Up to Date Android Smartphones

• Google Pixel 3

This flagship phone runs the latest Android version and is patched regularly. Sold directly from Google or from a couple wireless carriers.

You can check this Google Support page that shows when updates will be available for Google devices and when devices stop getting updates.

Keep in mind that some companies claim to have all the latest security patches but may not.

We will cover some techniques to enhance your Android phone security.

Obsolete Hardware

Most hardware vendors like Samsung stop issuing updates after 3 years of release.  Need a good reason to upgrade to a new phone?  This is it. Incapacitate then recycle your old phone to prevent reuse.

Samsung has a page that lists which devices are still getting updates, as does Google.

Samsung SmartSwitch helps you update phones on Windows or Mac.

If you have an Phone or Tablet that no longer gets updates, we would recycle it and buy a new one RIGHT away. Keep in mind that Android Patch in July 2017 is the first version that fixed a Huge Broadcom Wi-Fi bug. Without that fix, you can get hacked by just having a Wi-Fi signal nearby.

Google Play Protect

• Be sure your device is running Google Play Protect.  It scans for Malware and bad apps. This was release in July 2017 and runs on Google Play Services 11 or higher. This is a unification of Android security systems like Verify Apps, browser protection, and anti-theft measures.

You need to test your Android Device for Vulnerabilities

Here are the major security holes that you need to test your phone against.  If your phone fails any of these, get it updated or buy a new phone.

2/1/2019: Google has patch a major bug in Android where you can get hacked just by looking at a picture in a SMS, Email, or web page!  Update your Android software to Patch Level February 2019 or later, right away.  If your phone no longer gets updates, please consider buying a new one.

QuadRooter – Learn more about this issue. August 2016

DroidJack Remote spying – Learn more about this issue. August 2015

Stagefright MMS Flaw- Learn more about this issue. August 2015

Shellshock – Learn more about this issue. September 2014

Why is Android more susceptible to attack?

• Older Smartphones with unpatched old versions of Android
• Many phones never being given latest updates
• Bigger audience to attack due to market share
• Chipset vendors fixes slow to reach public
• Multiple App stores
• Apps are not thoroughly vetted
• Bloatware, trialware from handset makers
• Malware introduced in production chain

The Android Smartphone is part of Android’s open ecosystem, making viruses and malware more possible than closed platforms like the iPhone. As the Android Smartphone has grown in popularity, the smartphone has become more of a target by hackers and criminals. The DroidDream and Plankton Android malware infected over 250,000 phones before anyone discovered their malware. Google removed over 58 malicious apps from this single malware. A recent survey has shown that only 30% of Android Smartphone users installed security software on their phones. Malware can grab private data or use the phone to communicate externally.
Carrier IQ is a controversial piece of software that can show you what certain Android phones and spyware can do if the carriers allow it.

It is important that Android Smartphone users immediately become more vigilant about smartphone security. Our tutorial covers the Android Smartphones running most versions of the Android operating system.

Android Vulnerabilities.org gives a snapshot of how many devices are insecure.

The NSA and Android

Did you know that the NSA has been programming for Android and has inserted its code into the operating system? This has been happening since 2011 and has been focused on adding code to prevent hackers and marketers from accessing personal data on your Android device. Devices including the Samsung Galaxy S4 and HTC One have NSA code embedded, but not enabled by default. Apple does not accept code from government agencies. Android is open source, so programmers can more easily scrutinize every line of code that is in it. Hopefully the NSA will not add monitoring code in the future.

1. Android Smartphone Software Updates

Google upgrades the Android software for the Android Smartphone all the time. Montly Updates include additional functionality as well as security bug fixes. It is important that users apply updates immediately. Yes, updates take a while to install, but you do need to do it right away. Contact your smartphone vendor for the latest Android software update to your handset.

Some handset makers take their time to release Android updates.  Beware. This is the MAIN reason why millions of Android phones go unpatched.  Buy a phone that use plain Android and can take updates directly from Google, like the Google Nexus or Pixel line.

90 percent of Android devices two years or older have an operating system that’s vulnerable.

Replacing an Android Phone due to Lack of Updates

If you have an Android Smartphone that does not get the latest Android updates, we highly recommend you REPLACE the smartphone with a new one that does. Unfortunately you will need to switch phones every 2-3 years to keep up to date. Recycle the phone, do not give it away.

This Google support page  shows you the status of Google Nexus Software updates and security updates.

These Nexus phones, tablets are have no guaranteed security updates after October 2017!

• Nexus 10
• Nexus 9
• Nexus 7
• Nexus 6
• Nexus 5
• Nexus 4

If you Root your Android Smartphone, you need to be extra careful with regards to security as updates are much more difficult for you. Be careful where you obtain your Android Apps as malware is much more prevalent. Rooting also exposes your device’s internal hardware to software much more so than normal. This is the equivalent of running your PC as Administrator.

2. Android Smartphone App Security

Apple’s App Store reviews all submissions before adding them, but Google does not thoroughly review Apps added to their store. Google does run a security scanner on apps to ensure that they do not include known malware. There have been several occasions where Apps containing malware have entered the Google play formerly known as Android Market.

Neither App Store technique is full proof, users need to be careful when installing apps.

Apps are prone to security vulnerabilities that are fixed by updates. Keep apps updated regularly and remove apps that you do not use. To update applications do the following:

• Tap the Notification menu at the top and drag it downwards. If there are App updates available, they will be shown
• Tap on App updates to bring you to Google play formerly known as Android Market
• Tap the App to be updated
• Repeat the process for all Apps

Google has the ability to remotely remove malicious apps from your Android Smartphone. This is NOT true if you buy from 3rd party App store.

When installing new Apps, we suggest you install well known Apps from Google play formerly known as Android Market or Amazon App Store with positive reviews, and avoid brand new Apps from unfamiliar companies, and unofficial 3rd party App stores like mmoovv.com or samsunggalaxy-s.ru.This becomes a problem when the official App Market is blocked, such is the case in China.

It is fairly easy to repackage free Apps into a clone of the App. Repackaged Apps that also include Malware or Spyware have been encountered on 3rd party Android Markets. Free pirated versions of paid Apps are also found on 3rd party sites. Download only from the official App Market and give new Apps time to build trust and to allow others to help test the App for malware and security risks.

Users also need to be aware that scareware where apps are displaying advertisements for battery saving apps have been tied to malware. If the user taps on the ad, your phone’s browser launches and proceeds to download the apps file. These apps could endanger your privacy by stealing your address book, or cause money to be withdrawn from your accounts via costly phone calls or SMS messages.

3. Suggested Android Smartphone Settings for Security

Below are several suggestions for Android Smartphone settings to increase security on the smartphone. If you use swipe patterns to unlock the phone, make sure you clean your Android devices’ screen regularly otherwise people can see how your pattern looks.  Doing repeated circular or square patterns helps foil thieves.

Enable Passcode

• Open Settings
  
• Select Security
• Select Screen Lock
• Select Password
• Enter a Passcode – Do not select an obvious passcode like 1234a or 1111a

Google automatically encrypts its Nexus smartphones, but other companies are not required to do this. As of 2016, less than 10% of Android phones had encryption enabled. 80% of iPhones had encryption turned on. Android 6 Marshmallow requires encryption to be enabled by default.

Encrypt your Android Smartphone and require a PIN or password to decrypt it every time you power it on. It takes an hour or longer to initially encrypt your Smartphone. Older Android phones many operate slower when encryption is enabled. Launching apps might take a second or two longer. Turning on encyption requires a full battery or the phone connected to a charger.

• Open Settings
  
• Select Security
• Select Encrypt phone
• Click Encrypt phone

Lock SIM card makes your phone require a PIN before becoming enabled.

• Open Settings
  
• Select Security
• Select Set up SIM card lock
  
• Select Lock SIM card

If you are not using any Bluetooth devices, disable Bluetooth to increase battery life and prevent security risks.

• Open Settings
  
• Select Wireless and Networks
• Uncheck Bluetooth

Backing up your Android Smartphone regularly is an important task. If you have a rooted Android Smartphone use the ROM Manager and Titanium Backup root.  Regular Android Smartphones need to pay for backup Apps like MyBackup Pro. There are free Apps to backup individual areas like SMS, images, or Applications.

4. Android Smartphone Email Security

It is important that email accounts accessed from a smartphone are setup utilizing encryption when available. Many email providers including Google’s Gmail, Microsoft Exchange, AOL Mail and Yahoo Mail support SSL (secure sockets layer) when accessing their mail servers. If SSL is not used, your emails as well as your password can be read by hackers. Most major email providers automatically activate SSL if you let Android setup your email account.

If you are setting up a new email account, make sure that you have enabled SSL or TLS in the Security type field for both the incoming and the outgoing mail server.

To check an existing Mail Account for secure SSL access, do the following:

• Open Email application
  
• If Combined Inbox is shown, Select a mail account by tapping Accounts then Select the email account. Otherwise, hit Menu then Account Settings
• Check Incoming settings and Outgoing settings
• Examine the Security Type field
• Verify that it is not set to None

If it is set to None, check with your email provider to verify their SSL support and enable it if possible.

Also, make sure your email account has been cleansed with a good spam filter. This is a basic requirement of any solid email provider. If your email vendor needs spam filtering assistance, consider accessing the email account via POP inside a Gmail account.

OpenKeychain – public key encryption for emails and files, to make sure your emails are only read by who you sent them to and others can send you messages only you can read.

5. Find a Lost Android Smartphone, Erase a Lost Android Smartphone

Andrdoid 5.1 and higher includes a Device Protection feature. This is required on all phones manufactured after June 30, 2015 and sold in California. You can set it up in the Lock screen settings. It requires you be signed into your Google account.

Find My Device is a helpful feature made by Google, so you can locate, ring, or wipe your device remotely.

If you are running an older version of Android, you need a 3rd party app to handle finding a lost phone. Here are some options:

• Android Lost – Locate, wipe, lock, take pictures, and much more
• Prey – Open source, cross-platform, lost phone or tablet protection
• Wheres My Droid – Find your lost phone, password protection, notification of changed SIM card. Paid Pro version includes remote phone erasing

When you lose your device utilize the lost device App you installed. If you cannot access the device, make sure you contact your Wireless carrier so they can disable the device. If you recover your Smartphone, make sure you change all passwords.

Also consider creating a special graphics file with your emergency contact information that can be used as your lock screen. If you are having a life threatening emergency, people could still access this information. If your Android Smartphone is lost and password protected, people could still contact you.

6. Using WiFi securely

When accessing a wireless network outside the home, exercise caution. Any information sent over an external wireless may be subject to eavesdropping. Unless you know the Wi-Fi network is secure, we would recommend against connecting to it.

If you really want to use an unfamiliar wireless connection, limit usage to non-critical apps, email, and web. Do not e-mail, online shop, online bank, or online trade from public wifi hot spots or cyber cafes. Many of these locations provide little to no security and are prone to snooping or malware.

The Android Smartphone can remember wireless networks by name and automatically log into them. This convenience function turns into a security problem because the Android Smartphone will automatically send the same password to a wireless network of the same name. So if you name your wireless router, Linksys, if you encounter another wireless router with the same name, the Android Smartphone will automatically use the password. A hacker could exploit this to obtain your wireless router’s password. We suggest you do not enable any automatic joining to wireless networks. The Android Smartphone is very good at transparently switching from a cellular data network to a Wi-Fi wireless network. You can turn off Wi-Fi auto connect by the following:

• Open Settings app
• Choose Wireless & Networks
• Select Wi-Fi Settings
• Uncheck auto connect

When accessing the Internet on a smartphone or tablet, using the built in 3G/4G connection is a lot safer than connecting via a local wireless internet hotspot. This warning applies to both apps and mobile internet browsers.

The safest way to use a public wireless network is by employing a VPN (virtual private network) which securely tunnels all of your Android Smartphone’s traffic through a secure server. There are many paid services that sell VPN access.

Disable WiFi when you are not accessing wireless networks. This will extend your battery life and increase security.

7. Secure Browsing with Android “Browser”

Force websites to use secure connections – It is important to utilize secure connections or HTTPS whenever possible. Several large websites have configuration options to force these secure connections. Here is more information on configuring HTTPS with: Gmail, Facebook, Twitter, Google. Google.com defaults to HTTPS if you are signed into your Google Account, if you are not, just manually add the s after http to force a secure connection i.e – https://www.google.com

Use a password manager to create, use, and store passwords for websites. See our password manager guide for details.

8. Careful Link Clicking and Attachment Opening

As we have learned on computers, clicking on links in email can lead to viruses or malware being installed. We need to take the same precautions and more, on an Android Smartphone. Avoid clicking links in email, text messages, and websites that are unfamiliar to you.

Email attachments require the same amount of caution. Only open attachments when they are expected. Avoid opening your email provider’s spam folder and do not open any attachments in your spam folder.

Opening Attachments Safely with Gmail

Forward the email with attachment to a Gmail account.  From there, you can use Google Docs to open Word Processing, Spreadsheets, etc.  No need to endanger your own computer.

9. Android Smartphone Free Antivirus and Internet Security Software

Android Smartphone anti virus software is available and highly recommended because of the open Android Market for Apps. Be aware that fake anti-malware Apps have appeared, so stick to brand name antivirus Apps.

Antivirus Free – free antivirus App for Android

AVG Antivirus – free mobile security and antivirus App for Android

DR. Web Anti-virus Light – free antivirus App for Android

Lookout – free mobile security and antivirus App for Android

Norton Mobile Security – free mobile security and antivirus App for Android

Webroot Secure Anywhere Mobile – Free Mobile Phone and Tablet security antivirus protection.

Android Smartphone security Apps

Orbot: Tor on Android – Enhance your privacy, break through firewalls and communicate more safely.

10. Android Market Password and Payment Option

You can delete the payment information in your Google account after making a purchase. You must have a payment method in order to make purchases or make refunds. If you are very cautious, remove payment information when you do not anticipate App purchases.

11. Malicious QR Codes

QR codes are appearing in print and all over the place. Be aware that malicious QR codes that lead the user to download malware have been found. Be sure you check the link the QR code points to before using it.

12. NFC – Near Field Communication

NFC has been touted as using your phone as a contact-less credit card.  It is being hyped up by smartphone manufacturers as well as credit card firms.  This technology opens up a new way of hacking your credit card info.  TURN IT OFF and avoid it.  This recent Defcon presentation shows how a security researching skimmed a NFC credit card and used it.

To disable NFC on the Samsung Galaxy S III and other phones:

1. Tap Apps
2. Choose Settings
3. Scroll down the screen and tap More Settings
4. Uncheck the NFC box
5. Close the Settings app

13. Avoid Huawei and ZTE Android Smartphones

These Chinese companies are drawing a lot of attention. Congress suggests people avoid their products due to possible suspicious equipment behavior.

We have covered many ways to improve your Android Smartphone security. Utilizing our tips will help significantly improve the already good security of the Android Smartphone.

14. Stagefright MMS Messaging Bug

August 2015. A specially crafted MMS message can cause your phone to be taken over. Many old phone may never get updated to fix this.

If you’re using Google Hangouts as your default SMS client, disable automatic downloading of media files sent via MMS:

Settings – SMS – Auto Retrieve MMS uncheck

Here’s how to protect your phone from the if you are using Google Messenger (the default SMS client for Android Version 5.0+):

Messenger – Settings – Advanced – Auto Retrieve OFF

Here’s how to protect your phone from the if you are using Messages (the default SMS client for Samsung Galaxy S6):

Messages – More – Settings – More Settings – Multimedia messages – Auto Retrieve OFF

15. Secure Messaging

Law enforcement and probably the NSA use cell phone tower simulators called Stingrays, IMSI catchers, or dirtbox made by Harris. These fake cell phone towers slurp handset identification information and can snoop on data. They deploy these in small planes to net a ton of intercepts, without getting a warrant. Cell phone users have no right to privacy in public areas.

You can fight back by using secure messaging clients like Signal or Chat Secure. Older Stingrays only support 2G, not 3G/4G included with the Hailstorm upgrade, so turning off 2G will help here.

Disable 2G On Android prior to 5.0 – Stops Stingray
1) Pull up the phone dialer and dial *#*#4636#*#* (that spells INFO)
2) This brings you to the Testing screen where can select “Device information”.
3) Scroll down a little and it should say “WCDMA Preferred” or similiar.
4) Change it to WCDMA Only.

It will now stay on 3G/4G/4GLTE and avoid the old school GSM 2G Data towers, keeping you safe from older Stingrays.

Note: Google removed this option on Lollipop 5.0.

You can detect a Stingray by running the apps SnoopSnith or Android IMSI-Catcher Detector.

16. Public Charging – Video Jacking

Do not use a public phone charging cable, it could be capturing video video HDMI recording while you charge aka Video Jacking. Always use your own charging cable.

17. Secure your mobile phone’s account from hijacking or Port-Out Scams

Hackers have been calling wireless carriers like: AT&T, Sprint, T-Mobile, and Verizon asking them to switch control of mobile phone numbers to themselves.

They will repeatedly call, hundreds of times, and make up all kinds of sob stories to get control. Once they hijack control, they will reset passwords of any device that uses that phone number as a security backup via SMS Text or two factor authentication. IE Google, Facebook, Twitter, Bitcoin accounts, etc.

How do you protect against phone hijacking?

• FTC has details
• Do not use your cell phone number in the first place!
• Use two factor authentication that uses a physical key or Google Authenticator App, not Text
• AT&T – Enable an account passcode
• Sprint – Customers setup a PIN when first signing up
• T-Mobile – Enable a customer care password
• Verizon – Setup an account PIN

T-Mobile customers can also call in to the company’s customer support line and place a separate “SIM lock” on their account, which can only be removed if the customer shows up at a retail store with ID.

Be sure to use Google Authenticator instead of Text messages for second factor authentication when possible.

If your phone stops receiving a signal and says “emergency calls only” or “no network,” even after you restart your phone, contact your mobile carrier to see whether your account has been hijacked.

Conclusion

Android is a sophisticated operating system. Because of the nature of its diverse eco-system, users unfortunately need to be proactive to keep their device secure and up to date.

Do you have any Android Security Tips?