Latest Netgear Nighthawk R7000 Firmware Upgrade To Collect & Share Private Data

If there wasn’t enough to be paranoid about with the recent news involving the US Senate Privacy Resolution.

It was recently revealed by Netgear themselves that new builds of Nighthawk R7000 firmware will begin recording specific information. It is unclear at this time if the feature can be disabled. The real question becomes, what information does Netgear need to record and what will the information be used for?

Netgear posted in their knowledgebase the R7000 firmware update will record the following: “information regarding the router’s running status, number of devices connected to the router, types of connections, LAN/WAN status, WiFi bands and channels, IP address, MAC address, serial number, and similar technical data about the use and functioning of the router, as well as its WiFi network.”

If they know this information, this potentially means that Netgear can know that the information it collects is from you specifically. Obviously, this is a problem for people who wish to stay private and as anonymous as possible online.

How To Protect Yourself From The R7000 Netgear Data Collection

It is important to note that this is an issue with the stock Netgear firmware. The ideal solution would be to replace that spying and bug-ridden firmware altogether. If you were interested in acquiring an R7000 still, our team would recommend purchasing the Netgear Nighthawk R7000 from FlashRouters.  A FlashRouter replaces this “informant router firmware” with open source DD-WRT firmware to prevent this data collection.

Flashing a router with open-source firmware completely replaces the stock Netgear firmware normally found on these models. Furthermore, this makes the router more stable and more secure by allowing for an array of benefits including advanced security features.

One of our most popular FlashRouters – the Netgear Nighthawk R7000 has a powerful 1 GHz processor and 3 external antennas. This makes it a great balance of range and power.

What To Do If You Own A Nighthawk R7000 Or Other Supported Router?

Concerned that if this effects the R7000, it might affect other Nighthawk routers? Then we suggest some preemptive, preventative measures. Your router is the first line of protection from Internet malfeasance on your home or office network.

If you already own an R7000 or another of the many router models that we support, our team offers assistance with DD-WRT or TomatoUSB firmware with our expert remote firmware upgrade/support plans. After purchasing a support plan, simply email our support team to setup a remote TeamViewer session.

Have Any Additional Questions?

Reach out to our friendly and helpful sales staff and we’ll be happy to answer any questions you may have and provide whatever expertise to help you find the best solution for you.

What is DNSCrypt & How To Set It Up On A Router (FlashRouters FAQ)

Earlier this month, about one million Google users were hit by a phishing scam. These Google users granted permission to a seemingly real service called “Google Docs” to access their email account data. Moreover, granting permission to the nefariously named “Google Docs” (which had nothing to do with Google), users allowed hackers access to their personal information.

No doubt, phishing is best avoided by being skeptical of any random query for credentials. However, there are still ways hackers can leak your information for unwanted and invasive use.

Want to prevent this from happening to you? Taking advantage of a protocol like DNSCrypt will help. In any case, DNSCrypt authenticates and validates communication between a DNS client and a DNS resolver. Basically, using DNSCrypt helps to prevent DNS spoofing. But what are those? And what is DNS, even? Good questions.

What is DNS?

DNS stands for Domain Name System. The Domain Name System is a hierarchical decentralized naming system for devices and resources connected to the Internet. Furthermore, each device which connects to the Internet is given a specific Internet Protocol address. IP addresses display as a series of numbers. The Domain Name System serves as a phonebook, translating hostnames into IP addresses. For example, users trying to access Google type “www.google.com” into their web browsers, instead of the IP address 2001:4860:4860::8888. For more information on IP addresses, check out What is an IP Address.

What is a DNS Client?

From here on, we can move to DNS Clients. A DNS Client service resolves and caches hostnames. When a DNS Client service receives a request to resolve a hostname which is not in its cache, it queries an assigned DNS server for an IP address for the hostname. Here is where the DNS Resolver comes in. Then, once the DNS Client service receives the requested address from the DNS server, the DNS Resolver stores the name and address in the cache. Ultimately, this allows the DNS Client to resolve future requests without having to query the DNS server.

Furthermore, this process increases the efficiency of using a Domain Name System. Resolving and caching hostnames minimizes management time and allows for all of the clients on a network to have the same access.

How Does DNS Work in Routers?

Nighthawk Netgear Secure VPN Router

Within the firmware of most routers, there is an area marked DNS.

Furthermore, in the DNS area, users have the option to select specific DNS servers. Devices connected to the router can go through the VPN if they are setup for DHCP. For this reason, if a device is set up for DHCP it looks to the router for DNS server information. Currently, most devices are set up for DHCP.

What is DNSCrypt?

Now that we know the in’s and out’s of DNS, we can move to DNSCrypt. In layman’s terms, DNSCrypt is a protocol which improves DNS Security.

To put it in more technical terms, DNSCrypt turns regular DNS traffic into encrypted DNS traffic. Ultimately, this works by using cryptographic signatures to verify responses are coming from the chosen DNS Resolver.

In turn, DNSCrypt helps to prevent DNS Spoofing. DNS Spoofing is also known as DNS Cache Poisoning. Furthermore, DNS Spoofing is a form of computer hacking where corrupt DNS data is introduced into the DNS resolver’s cache. Therefore, this causes the name server to return an incorrect IP address. Finally, DNS Spoofing allows for traffic to be diverted to an attacker’s computer.

TOP REASONS TO USE DNSCRYPT ON A ROUTER

  • Guarding your network from phishing attempts
  • Configure a single setup to protect all your connections.
  • Preventing DNS Leaks and Cache Poisoning
  • Stopping man-in-the-middle attacks

How Can I Use DNSCrypt?

If you would like to use DNSCrypt, most OpenNIC protocols utilize it. You can also download it directly from OpenDNS. However, if you would like to use DNSCrypt on the router level to secure your entire network with one setup, simply use a DD-WRT or Tomato router.

DNSCrypt is not an option in your stock Asus, Netgear or Linksys firmware. DD-WRT and Tomato are open source router firmware and being of increased importance, DNSCrypt is now available n the DNS setting options of these firmwares.

To set up DNSCrypt on a Tomato or DD-WRT router, simply enable it in the DNS settings.

Setup DNSCrypt in TomatoUSB Firmware

Setup DNSCrypt in DD-WRT Routers Firmware

Important note: Using these settings combined with a VPN service may cause interference. For this reason, investigate any other important setups you use before activating DNSCrypt.

Best Routers For DNSCrypt

In any case, DD-WRT and Tomato routers are able to work with DNSCrypt out of the box. However, if you want a powerful performance from a router, you are going to need a powerful processor.

Top DD-WRT DNSCrypt Router

Meet The Netgear Nighthawk X4S R7800 DD-WRT FlashRouter - Holiday Gift Guide

Netgear Nighthawk X4S R7800

  • 1.7 GHz Dual Core Processor
  • MU-MIMO Support
  • QuadStream X4 Wireless Architecture
  •  Wireless-AC2600 Gigabit WiFi

Top Tomato DNSCrypt Router

Asus RT-AC3200 Tomato

  • Top Tomato Router
  • 6 External Antennas
  • 1 GHz Broadcom Processor

First and foremost, there is not a dramatic performance difference for most users between DD-WRT and Tomato. Still, some users prefer Tomato, as it has a more user-friendly interface. However, if one is interested in putting together a repeater setup, DD-WRT is recommended. Consequently, when bandwidth monitoring is a priority, Tomato offers a superior performance to DD-WRT.

Fixing New Asus Firmware Vulnerabilities

If you have an Asus RT-N or RT-AC router with stock/default Asus Firmware, you should install the latest firmware updates released for these models. These firmware updates address many vulnerabilities in the Asus firmware.

What Are the Latest Asus Firmware Vulnerabilities?

Firmware vulnerabilities could allow attackers to hijack router settings. Additionally, these flaws could have allowed for hackers to change router settings without your authentication. The flaws can also change the router password, extract data and even execute malicious code.

A security consultant company called Nightwatch Cybersecurity discovered these flaws in January. Furthermore, the consultant has brought them to Asus’ attention, prompting this firmware patch/update.

Which Asus Router Models Can Be Hijacked?

As many as 40 Asus routers were affected from the RT-N and R-AC family of routers. It is recommended you update the Asus firmware if you are running v3.0.0.4.380.7378 firmware or higher. Firmware updates can be found on the Asus website.

FlashRouter Support Plan

However, if you own one of the models in bold below, you can flash the router with open-source fimware. This is where FlashRouters is here to help. FlashRouters can flash your router remotely with DD-WRT firmware with our FlashRouter Remote Tech Support Plans. After purchasing a support plan, simply email our support team to setup a remote TeamViewer session and they will remotely flash your router with DD-WRT firmware.

RT-AC

RT-AC51U, RT-AC52U B1, RT-AC53, RT-AC53U, RT-AC55U, RT-AC56R, RT-AC56S, RT-AC56U, RT-AC66U, RT-AC68U, RT-AC68UF, RT-AC66R, RT-AC66U, RT-AC66W, RT-AC68W, RT-AC68P, RT-AC68R, RT-AC68U, RT-AC87R, RT-AC87U, RT-AC88U, RT-AC1200, RT-AC1750, RT-AC1900P, RT-AC3100, RT-AC3200, RT-AC5300

RT-N

RT-N11P, RT-N12 (D1 version only), RT-N12+, RT-N12E, RT-N16, RT-N18U, RT-N56U, RT-N66R, RT-N66U (B1 version only), RT-N66W, RT-N300, RT-N600, RT-4G-AC55U – [No patch available]

 

How To Protect Yourself From Future Asus Firmware Vulnerabilities

The simplest way to remove potential network security holes from under-performing firmware like stock Asus is to remove it. Whether it’s upgrading to open source firmware on your compatible router or replacing it with a FlashRouter pre-flashed with tested, plug and play open source firmware.

Flashing a router with open-source firmware completely replaces the stock Asus firmware (and it’s security flaws) normally found on these models. Furthermore, this makes the router more stable and more secure by allowing for an array of benefits including advanced security features.

Tomato Installed Asus RT-AC3200 Open Source WiFi Router

Asus RT-AC3200 Tomato FlashRouter

The most popular Asus model we offer is the Asus RT-AC3200 AC3200 TomatoUSB router. It has a 1 GHz Broadcom processor and 4 external antennas. This makes it a fantastic balance of range and power.

Need a bit more power or have a huge house? There’s also the very high-end Asus RT-AC5300 AC5300 DD-WRT. It has a whopping 8 high powered external antennas. Indeed, these antennas offer maximum WiFi coverage and an ultra power 1.4 Ghz Broadcom processor. A phenomenal choice if your looking for high-quality streaming, multiple devices and lag free gaming.

Have More Router or VPN Questions?

Reach out to our friendly and helpful sales staff and we’ll be happy to answer any questions you may have and provide whatever expertise to help you find the best solution for you.

Choose a VPN Server Location: Which Server Should I Use?

choose-a-vpn-server-location

There are many reasons why purchasing a FlashRouter with Open Source Firmware is a smart choice. One is that the firmware that comes with store-bought routers is often corrupted, resulting in frequent issues with factory-installed backdoors and bugs. It seems like every week there’s yet another new story about the failure or malfunction of default router firmware. However, these bugs are not present in routers with Open Source firmware.

Another benefit of using Open Source firmware is the ability to integrate a Virtual Private Network (VPN) on the router level. Using a VPN allows users to create an encrypted network in their home. With this setup, all connected devices will be going through the VPN, even devices without native VPN support. However, this raises a new question: if I am to choose a VPN server location, which am I to choose?

Choose a VPN Server Location, But Which One?

If you are using a Virtual Private Network, you are tunneling your connection both to and from a VPN server. This process of tunneling your connection provides you with a layer of encryption. Additionally, this process also allows for you to appear as if you are in a different location than where you are physically present.

There are many reasons why you might want to make use of this ability to change your perceived online location.

These reasons include:

  • Security: If you are visiting sites which track your location, appearing as if you are in a different city will act as a shield to tracking.
  • Bypassing Geo-Restrictions: If you want to get around a geo-location block to watch a film or sports event, changing your online location with a VPN will help you out.
  • Testing: If you want to test the Dev version of your site or if you want to make sure your software works in different regions, a VPN is necessary.

Choose a VPN Server Location, But My Own?

On the other hand, there are benefits to picking the geo-location you are physically present in as your VPN server location. The first reason for doing this is that a VPN server requires you to tunnel your connection to the server and back. With this, there will always be a reduction in Internet speed. Accordingly, the reduction in speed will correlate to how far the connection must travel.

As an example, if you are located in New York City and choose a server in New York City, you will more than likely experience less of a slowdown than if you were to choose a server in a more distant locale like Los Angeles. However, as stated above, there are reasons why you may not want to appear as if you were in your own geo-location.

In short, if you would like to appear as if you were in a different location, choose a server from that location. However, if you do not need to appear as if you are in another location, choose a server closer to you to minimize slowdown.

Which VPN Provider Should I Choose?

VPNRecommendation
ExpressVPNPopular premium VPN provider with top performance and a Swiss server.
NordVPNAn increasingly popular service with 2 servers in Switzerland.
IPVanishOffers some of the fastest Level 1 server speeds worldwide, with 8 servers in Zurich, Switzerland.

Now you should have more of an understanding about which VPN server locations to choose. The next question is deciding which VPN service to choose. FlashRouters allows for the integration of numerous VPN services. Incidentally, we are always adding more services to our Supported VPN Provider List. Some recommended providers are listed above.

Preventing The New Linksys Firmware DDoS Vulnerability

Here we go again. Unfortunately, with stock router firmware vulnerabilities are nothing new. Netgear routers were recently affected by a bug in their firmware. Additionally, D-Link was affected by a vulnerability which was patched in Spring of last year. Previously, Asus was in legal trouble with the FTC for known security flaws in their firmware.

Linksys experiences bugs as well. Security researchers at IOActive are identifying several vulnerabilities in Linksys router firmware. These vulnerabilities allow hackers to bypass authentication and perform denial of service (DDoS) attacks.

The good news? Linksys is working on a fix for the vulnerabilities. The bad news? This issue affects more than two dozen models of Linksys wireless routers in the WRT and EA series. You can see the full list of in-danger models here:

From the WRT series: WRT1200AC, WRT1900AC, WRT1900ACS, WRT3200ACM

From the EA series: EA2700, EA2750, EA3500, EA4500 v3, EA6100, EA6200, EA6300, EA6350 v2, EA6350 v3, EA6400, EA6500, EA6700, EA6900, EA7300, EA7400, EA7500, EA8300, EA8500, EA9200, EA9400, EA9500

How To Protect Yourself From Linksys Firmware Vulnerabilities

We recommend a FlashRouter with open source DD-WRT firmware. Flashing a router with open-source firmware completely replaces the stock Linksys firmware (and it’s security flaws) normally found on these models. Furthermore, this makes the router more stable and more secure by allowing for an array of benefits including advanced security features.

The most popular Linksys model we offer is the Linksys WRT1900ACS DD-WRT router. It has a 1.6 GHz Marvell processor and 4 external antennas. This makes it a fantastic balance of range and power.

Need a bit more power? There’s also the Linksys WRT3200ACM DD-WRT. It also has 4 external antennas but has a 1.8 Ghz processor. What does the “M” in “ACM” stand for? The “M” stands for MU-MIMO. MU-MIMO allows for the router to communicate with multiple devices simultaneously. This increases the speed of the WiFi network, by limiting interference between devices.

Already Own A Linksys Router?

Additionally, if you already own a Linksys model that we support, we can flash it remotely with DD-WRT firmware with our remote support plans. After purchasing a support plan, simply email our support team to setup a remote TeamViewer session and they will remotely flash your router with DD-WRT firmware

Have Any Additional Questions?

Reach out to our friendly and helpful sales staff and we’ll be happy to answer any questions you may have and provide whatever expertise to help you find the best solution for you.