Norton Announces Core, a Smart Router To Protect Domestic IoT Devices

fiannaFailMan writes: Norton has announced the launch of a smart router designed to protect connected home devices from intrusions. The Symantec-owned company says the device aims to keep safe up to 20 devices connected to it, including Windows computers, Macs, phones, tablets or any internet-of-things devices, in real time. Norton Core, shaped a little like a geodesic dome, can isolate an infected device from the rest of your network to prevent the spread of any malware. Some of the technical specifications include a dual-core 1.7GHz processor, 1MB of system memory and 4GB of flash memory, and the latest 4x4 AC2600 Wi-Fi standard, with a top speed on the 5GHz band of 1.73 megabits per second and up to 800Mbps on the 2.4GHz band. It also features four Gigabit LAN ports and can cover between 3,000 and 5,000 square feet.

Norton? Really?

So I guess it's acceptable for this to let practically everything by while slowing down the network to a crawl?

Norton? Uh-oh.

1) Install Norton security router.
2) Discover that your electricity bill is now $3000 per month and every device that's connected to it runs verrrrryyy slowwwwly.
3) Attempt to remove it from your home, and find that no matter how many times you do so, bits of it are still left under your couch, inside the walls, glued to the ceiling...
4) Realize that removing it from your home properly requires complete demolition and ground-up rebuilding.

No thanks.

Security Theater

[bragr]

So the attackers will just have to buy one of these to make sure their malware passes, just like they do already with desktop AV? I guess that's good for Norton's bottom line.

CVE-2017-666

[WaffleMonster]

How many days till we see an advisory for Norton core enabling attackers a method of leveraging Norton core to compromise systems it is supposed to be protecting?

http://fortune.com/2016/06/29/...

Also apparently if you don't renew your subscription your Norton paper egg turns into a Norton paper weight as they disable all access controls on spite not just the scanning/heuristic subscriptions but basic ACL shit too.

Money Grab!

[EndlessNameless]

FAQ this:

What happens if I don’t renew my subscription?

"If you don’t renew the Norton Core Security Plus subscription in the second year, Norton Core will continue to function as a high performance router. All network, IoT, and device level security, plus parental control features will be unavailable if the subscription is not renewed."

Yeah, thanks, but I prefer my equipment to function for more than a year.

Re:Money Grab!

[thegarbz]

Sounds to me like it does still function after a year, it just doesn't have the extra security.

So it continues to function except for the one feature for which you would buy this very expensive device. Why do I get the feeling I would be better off spending $40 on a TP-LINK router.

Re:Assinine Design

[phantomfive]

I stayed at a hotel recently that required scanning a QR code to get on the internet. So, my laptop had no internet that night. I didn't stay at the hotel a second night.

20 devices isn't enough

[adisakp]

I had to ditch my Netgear Nighthawk Router because it only supported 64 WiFi devices. I have close to 100 WiFi devices (mostly IoT) in my house at this time. I switched to Google WiFi Mesh Router because it can actually handle all the devices I have.

But here's a short list of most of what is connected to my WiFi Network and I plan on adding more in the future:

Haiku Homes Lights (40), Switches (10), and Fans (7)
Mitsubishi Ductless Heating System (4 Headers)
Ecobee (controls a Boiler)
Nest Thermostat (controls a forced air HVAC system)
Nest Cameras (4 Outdoor, 3 Indoor)
Nest Smoke and CO Alarms (4)
TP-Link Switches (2 lights, 5 others)
GE Dishwasher
Samsung Washer + Dryer
Sense Electrical Monitor
Amazon Echos (2 regular, 2 dots)
Yamaha Receivers (2)
Samsung TVs (4)
Google Chromcast (4)
Apple TV (2)
Amazon Fire (2)
Harmony Ultimates (2 Remotes, 2 Hubs)

My guess is people who are actively pursuing Smart Home Technologies will need much higher than 20 device capacity.

Re:20 devices isn't enough

[Pascoea]

You're gonna be fucked when your house becomes sentient.

Re:20 devices isn't enough

You forgot the wife's Sybian.

Re:20 devices isn't enough

Serious question......what benefit do you get from a dishwasher being attached to the internet?

Access to the Dish network?

Titanium and gold are two different metals - sigh.

[fahrbot-bot]

From TFA caption under photo of two units in different colors:

The Norton Core comes in titanium gold and granite gray.

I hate marketing people.

Privacy policy also quite interesting

[WaffleMonster]

What they collect (e.g. everything including Your F***ing passwords...)

Wireless network SSID/password (encrypted);
* Device information, including any Personal Information you include when assigning device name(s) and, if provided,
the name of the person to whom the device is assigned, and device user agent data/app user agent data, including
device type, manufacturer, and model; operating system; and IP address;
* Data regarding device usage, including data regarding the time of last device use, internet usage time for each
connected device, and gateway logs detailing network connection activities;
* Website addresses for parental control settings, including blocked websites, visited websites, and time and content
filter information;
* Personal Information you may enter into your profile, including username and your picture;
* Personal Information you provide for customer support and connectivity assistance, such as userID, name, role,
policies, and device information;
* Attempts to download executable files/mobile apps;
* Shipping address and related information.

What they do with it...

* Norton Core uses Google Analyticsâ(TM) Measurement Protocol with IP anonymization parameters to transmit critical error
information (including IP address) and information on your feature usage services (âoeNorton Core Telemetryâ) to Google
Analytics, which is not owned or operated by Symantec.

* Understanding product usage and alerts to inform you of better ways to benefit from a productâ(TM)s features

* Statistical analysis of product deployment

* Providing us with business and marketing information

How they use it...

* We are a global organization and may transfer Your Data to other countries, including countries that may have less protective data protection laws than the country in which you are located.

* may be disclosed in connection with any proposed or actual sale or other transfer of some or all assets of Symantec in the event of a reorganization, merger, acquisition, or sale of our assets;

* may be disclosed and shared if we are
required to do so by law or in response to a request from law enforcement authorities; ...Here they are clearly saying anyone in law enforcement can simply request data and receive it even if not required by law...

* To promote research, awareness, detection, or prevention of security risks, Symantec may disclose Your Data to relevant public
and private entities such as cybersecurity or identity theft research organizations and security software vendors.

Apparently also customers responsibility to make sure their down line users and guests are informed their data is also being collected. Note that "your disclosure" actually means going to the management portal and configuring a new device.

It is your responsibility to ensure that any disclosure by you to Symantec of Personal Information of your users or third parties is
in compliance with applicable privacy and data security laws, including informing users and third parties that you are providing
their Personal Information to Symantec, informing them of how it will be transferred, used, or processed, and gathering
appropriate consents and other legal measures required for such transfer, use, or processing.