You are about to read the first article in the series of articles about securing our routers. The series is tailored to our router devices, teaching and showing some general and specific principles and also describing possibilities and use cases. While some of the knowledge here is usable also outside of the router devices, you should keep in mind that we are focusing on our cellular routers running Conel OS 6.x here.
This first article is a basic building block. We are going to describe the device and its basic characteristics and possibilities of accessing the device with an accent on security. Also, some basic use cases are to be touched here and the terminology used for the rest of the series established.
Some time ago there has been questions about impact of IoTroop/Reaper Malware on our devices. A week ago there has been another inquiry. As it seems to be an (unexpected) pattern, this short information announcement is given to public.
New version of firmware for our routers is available on Engineering Portal.
Except the SR305 and SL302 which are destined for NAM market and thus a firmware change is a subject of certification, the 6.1.6 is available for majority of routers. Details of distributions can be found in the Firmware Distribution overview document.
To name a few changes out of the Release Notes:
It has been some time since we implemented and enabled notifications on the Engineering Portal. The notifications are primarily meant as something extra for our distributors and partners (as it requires an account on EP), but for example the RSS can be used by anybody without an account needed - read on.
The notification system we have is, thanks to the tagging system we use for all products and documents, quite unique however it could take some time getting used to. Also, we are still ...
Written by Jan Otte on Wednesday 21 February 2018 in the category Default.
PCN is a name for a specific type of document. The abbreviation means Product Change Notification. It is a kind of a document we issue when there is important change in one or more products we are manufacturing.
Not every change in a product requires a PCN. The documents are here so that we can communicate changes that may have impact on our partners, distributors and customers. Other changes, like, replacing one end-of-life component with equivalent one, may not be significant enough for creating a ...
Written by Petr Hanuš on Tuesday 13 February 2018 in the category Default.
The Firmware Over-The-Air (FOTA) user module is an additional feature of Advantech routers. This module will assure the correct firmware for cellular module is chosen, downloaded and installed into the router automatically. Only the firmware of the cellular module is updated (not the firmware of the router).
The user module is easy to use – it can be activated with just one checkbox. The router must be connected to the Internet in order to use FOTA updates. The module checks for the new cellular module firmware every 24 hours. It is also possible to check ...
Written by Petr Hanuš on Thursday 8 February 2018 in the category Default.
Since January 2018, we have been using alphanumeric form of product serial numbers. An example of such number could be:
There are some ideas hidden behind the new serial number scheme but this post is about R-SeeNet.
For those unfamiliar with R-SeeNet, it is a legacy Router monitoring tool that is still being supported and maintained.
If you are using this tool, you need to update it via patch linked below to get reasonable level of support for the new serial numbers. Without this patch, the new serial numbers are not being displayed ...
As you know, Conel OS 6.1.5 was released before Christmas with a few usual exceptions (SmartFlex SR305, SmartStart SL302, SPECTRE v2). Now, this firmware is also released for SmartFlex SR305 and SmartStart SL302 routers designed for the North American market.
Pointing out a few notable changes:
Early this year, a few vulnerabilities impacting inside-CPU code were announced.
While there is not a full disclosure available to us at present time, we can tell a few things now.
First, not all of the vulnerabilities are limited to x86 architecture. The ARM architecture is impacted as well.
While keeping this brief and understandable, the nature of announced vulnerabilities (CVE-2017-5753, CVE-2017-5715, CVE-2017-5754) lies in the problems connected with a few techniques used inside of the CPU.
The known impact is information leak via side effects of speculative execution. "Speculative execution" is nothing extraordinary. ...
New year, new bunch of fixes. Well, actually the new firmware was cooked before Christmas Eve so it was kind of a present...
To make a long story short, 6.1.5 is released for the majority of routers - usual exceptions applies (Spectre v2, SR305, SL302, see firmware distribution overview).
Pointing out a few notable changes: