We have released a new version of Turris OS 5.0. It is based on top of OpenWrt 19.07.3 with our patches and feed for all of Turris routers. In this article, we will go through new features and changes, including experimental migration from the Turris OS 3.x version. We will mention a few obstacles we faced during the development and introduce several features you can expect in future releases.
Now more then ever, people connect and work remotely. Everybody uses some kind of VPN, at least in the tech world. The new, trendy and cool way of doing VPNs is Wireguard. Everybody speaks about it and since March it is finally a part of Linux kernel. Its advantages are that it is setup in more straight forward way than alternatives and that it is blazingly fast.
You might have heard on some news sites about “critical” vulnerability in OpenWrt. You might be worried about how it affects is your Turris. That is the reason for quotes around the word critical. TLDR not applicable against Turris
Little bit of history
Apart from operating .CZ top level domain, CZ.NIC does a lot of other interesting things contributing to the common good. Part of it is running Czech national CSIRT team, doing security research and raising awareness about potential security issues. As part of our security research, we started wondering a long time ago how much are the average Joes and Janes attacked, by who and how. People that are just connected to the internet, run no public service and are just consumers. If only there was some kind of probe that would allow us to see what is going on there…
At the end of November last year awesome crew from AT&T organized a hackathon about various aspects of smart technology. They have a long tradition in organizing those and they are really good at it. We spoke at various conferences with them and they asked us whether we would be interested in joining as we have interesting hardware to lend contestants and also developers skilled in various areas that could help the attendees to overcome various issues. We jumped on board right a way!
Once upon a time, in a company far, far away, they build a bike shed. The actual bike shed. Surprisingly without any bike-shedding. But then they were wondering how to give access to all the cyclists to the yard bike shed was build on. It was not a highly secured area, but still, it was behind gates so no stray dogs or stray cars could enter. They already had a remote-controlled gate via special key fob. But those were expensive, required some tracking, it took quite some time to order a new one and in general there was quite some overhead managing them.
IoT or Internet of Things is a real hype nowadays. Everybody is talking about it and everybody is doing it. Especially companies producing various electronic devices like light bulbs, electric switches, thermometers, scales, CCTV and such. Everything can be smart – even your toilet. All you need to do is to measure something or replace the manual switch with electronic one and connect it to Bluetooth, Zigbee, ZWave or even WiFi and you have a smart device that people will pay a hefty price for. But there are some issues (apart from the obvious one that not all those devices make sense).
From the beginning of the development of the Turris MOX router, we have faced a difficult task –how to assemble the modular system so that it does not collapse during handling and, at the same time, make it as user friendly as possible when the user deciders to disassemble and reassemble it. You will be able to find out whether we have accomplished this task or not in the coming weeks when the first MOXes in cases arrive to their users. In the following article, I would like to introduce you to the development and production of the final case of our new product.
One of the less known advantages of the Turris router is the possibility to verify quality of Internet connection, the so-called QoS (Quality of Service), i.e. especially to measure the download and upload speed, IPv6 support, DNSSEC and parameters connected with net neutrality. Such a measuring may serve to analyse the use of the line and to evaluate whether paying a high speed fee is unnecessary. The experience of the Turris router users shows that the majority of their time online is spent in the slowest zone (0-250 kbps). Moreover, even when the majority of data is transferred in higher speed, fast operation may have only a tiny representation from the time´s point of view. Especially those who do not spend a lot of time watching videos pay extra for high speed connection for a relatively short time of use, mainly for the moments it takes to load a page or download and send an e-mail.
Vulnerability of SOHO routers becomes a topic of analyses by various security organizations almost every week. The 2017 Symantec report shows a year-on-year increase in the number of attacks on IoT devices by 600%. The most vulnerable are unsecured routers, which often make it possible to gain easy access to each connected device. The April’s alert from the official US-CERT also tells us of the growing number of these attacks and their severity.