Motosync-enabled routers have true network-level threat detection and notification for the home using invisible monitoring. Motosync acts as a security blanket that protects the home network at the router level, actively monitoring against threats. Users who have the mobile app installed on their phones will receive notifications should their network become compromised.
View the mobile app's Security center in action here:
Finding the Security center in the mobile app
The mobile app's Security center can be found by navigating to the Network tab and tapping on the security box. This will pull up the Security center of the app.
Types of threats
When a threat is detected on a device connected to the home network, the motosync app provides information to learn more about the threat, which device is at risk, and the time at which the malware was detected. Identified threats will show by type group first (malware, intrusions, known vulnerabilities, etc.) and then be listed by their severity level within those groups.
Malware is software intentionally designed to disrupt, impair, or gain unauthorized access to a computer system.
One of the malware types motosync detects is called "Suppobox." Suppobox harvests personal information on computers running Windows and spreads aggressively through email.
When a potentially unauthorized device gains access to the home network, it’s marked as a detected intrusion. This doesn’t necessarily mean that the device is harmful; instead, it’s a useful notification to see what devices are attempting to connect to the network.
Motosync currently actively monitors for one type of known vulnerability called libUPnP Buffer Overflow.
LibUPnP is a library used to play media files or connect to other devices within a user's network. Many Smart TVs, multiplayer games, and game systems require it to allow them to connect to each other directly. The exploit allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.
The severity level assigned to a threat corresponds to motosync’s perceived threat level posed to a home network and will be given a rating out of four. The ratings are:
- 0 / 4: [Informational] Additional context for false positives. Enabled via verbose mode.
- 1 / 4: [Low] Device operations should not be affected. Typically poses no security risk.
- 2 / 4: [Medium] Device operations may be affected. Typically poses little to no security risk.
- 3 / 4: [High] Device under direct security risk. Avoid use until resolved.
- 4 / 4: [Emergency] Device under active threat. Immediate action recommended.
The icon of the affected device will also change in color depending on its assigned severity level. Higher severity threats will show first with subsequent threats appearing in descending order.
Threats detected on a home network will be grouped by threat type: malware, intrusions, and known vulnerabilities.
Learning more about a threat
Devices at risk are listed within the malware, intrusions, and known vulnerabilities categories. When selecting one of these groups, affected devices will appear as a list. If there are no affected devices within a category, no devices will be shown.
Tapping on a device within a category (Malware, for example) will show the threats affecting that device (such as PIZD or Simda). Devices with multiple threats will list each threat in the order of most threatening to least threatening.
Single threat editing
To edit one threat, simply tapping on it will allow the user to either mark a threat as Resolved or as a False positive. Marking threats as resolved means that that threat has been neutralized by the user outside of the motosync app. (motosync does not neutralize threats.) Marking threats as false-positive clears the alert from the motosync app, and the threat will not be shown again.
Bulk threat editing
If there are multiple threats within the same threat type, users have the ability to review those threats in bulk. This can be done by tapping the bulk edit icon at the top right of the Security screen.
Bulk editing allows for two options: marking all items as resolved or as false positives.
Selecting the Resolved button indicates that the malware issues have been resolved and clears the alerts. Selecting the False positives button prevents you from being alerted to the listed malware issues in the future and clears the alerts from your feed.
Please Note - False positives can happen when there is not enough information to make an assessment. When malware is detected but motosync is unable to gain information about the host, a false positive may be reported by the motosync app.
If a device is known to be safe, you can select the Known device button, marking it as a recognized device. If a listed device should not have access to the network, you can tap the Pause device button, effectively stopping it from having access to the network. In the case of a mistake, the action can be reversed by clicking the Unpause device button. Once a device is paused, you can also remove the recorded threat from the list by clicking on the Clear alert button.
Similarly, the already-established known vulnerabilities and rogue access point features behave in a similar fashion.
To resolve any detected threats, we recommend getting in touch with your service provider, or your employer's IT department. They will be able to identify which device on the network is being affected by the threat and provide you with any next steps to resolve it.
If you have any questions or need some help, please reach out to our Customer Success team by clicking here.