At a glance | |
---|---|
Product | Fing Fingbox () [Website] |
Summary | Home network activity and security monitor |
Pros | • Quick and easy way to see what’s on your network • Scheduled internet blocking • Local Wi-Fi speed test • No subscription fees |
Cons | • Does not scan inbound or outbound traffic • Most security features require user action • Speed test accuracy |
Typical Price: $129
Introduction
We’ve looked at a few small network monitoring solutions over the years, including the now defunct Cisco OnPlus, Belkin Pulse and Domotz’ "DIY". All required subscription fees and were suited more for small business users and VARs, not consumers.
In this review, we’re going to look at Fing’s new Fingbox, which the company describes as a "simple plug & play device to secure and troubleshoot your home network". Fingbox first appeared as a subscription cloud service, which we reviewed back in 2012. Overlook Soft created the original Fingbox and also created the popular, free Fing iOS and Android apps.
In May 2016, Domotz acquired Fing, which grew so much it was recently spun out into a separate company, Fing LTD. Fing LTD is based in Ireland and is the maker of this new incarnation of Fingbox, the original Fing apps and FingKit device scanning and recognition technology for OEMs and developers. Fingbox originally launched on Indiegogo last November, getting 14,000 backers and raising $1.1 M. It started shipping in August of this year.
The free Fing app for ioS and Android devices will scan your network and identify all connected devices, both wired and wireless. The app also port scans to detect security vulnerabilities, pings devices to verify they’re on line, can perform Wake-on-LAN (WoL) to power on WoL-enabled devices and sends alerts when new devices connect to the network. Fing is one of my go-to apps and I’ve written about using it for network management.
With the Fing app and a Fingbox on your network, you get all the features of the app, plus bandwidth analysis, internet speed testing, Wi-Fi speed testing, device blocking, internet security check, security alerts and an interesting feature called "Digital Fence". Fingbox also enables the ability to monitor your network from anywhere; the Fing app alone must be directly connected to your LAN.
The Fingbox is a simple device. It is a plastic white and blue circular device a little bigger than a hockey puck and fits inside a provided blue plastic case. The assembled Fingbox measures approximately 4″ in diameter and a shade under 2″ high. It has a single Ethernet port and a mini USB power port.
Installing it is also simple. Just connect the Fingbox to power and to an Ethernet port on your router with the provided Ethernet cable as shown in the below diagram from Fing’s website.
Installation
Fingbox communicates primarily via its app, but you can also have alerts emailed to you. Adding a Fingbox to your network enables the app’s Fingbox icon, which provides access to the Dashboard shown below.
Fingbox Dashboard
The Fing app and Fingbox also mirror your LAN information to Fing’ cloud, where it’s available at https://app.fing.io. Fing says it sends only MAC address, device name and IP address of each detected device, plus a list of any ports opened by UPnP to its cloud, which is hosted by a third party service provider on servers in Ireland and Germany. This data is anonymized and used to build the device fingerprinting capability of Fing’s Device Recognition Service. You can’t opt out of the data collection. Fing’s privacy policy contains more details on the company’s security and data handling practices.
Like CUJO, Fingbox also uses LEDs on the device itself for at-a-glance status indication. While the intent here is nice, the combinations of color, pattern and motion are unlikely to be remembered by those of us with less than eidetic memories. Fortunately, the app sets the brightness level, which includes 0% (Off).
Fingbox LED decoder
Once Fingbox is connected, install the free Fing app on your smartphone or tablet and create an account. The Fing app will find the Fingbox on your network and enable the Fingbox features. From there, the Fingbox will scan your network for detected devices.
Once a device is detected on your network, Fingbox will notify you with a message to your smartphone and an email, such as the message below.
New Device Discovery
Device Detection
The Fingbox device detection feature is useful, but as a security feature, it is limited. It simply notifies you when a device connects to your network; it is up to you to block or let that device remain on your network.
Fing will detect the device’s IP and MAC addresses, its operating system and host name. To better manage devices in the Fing app, you can name them, assign them to network users, add notes and enter their location as shown below.
Device Naming
A useful Fingbox feature is creating users and assigning devices to users. In a household with children, the Fingbox can come in handy by assigning the child a username, assigning the child’s devices to their username and then using the Parental Control feature to enable/disable Internet access for that user. I’ll cover this capabilty shortly.
Port Scanning
Port Scanning is one of the features that comes with the Fing app and doesn’t require the Fingbox. I ran a quick test on this feature, selecting my router as a target for a port scan. As you can see in the below image, the Fing app identified that ports 53 (DNS), 80 (HTTP), and 443 (HTTPS) are open on my router.
Port Scan
Wake on LAN
Wake on LAN (WoL) is an interesting tool for sending a special packet called a “magic packet” over a network to remotely turn a device on. More details on WoL can be found in this article. The Fing app will send a magic packet to devices on your network. If those devices are equipped and enabled for WoL, Fing will remotely turn them on. Unfortunately, I have no devices that support WoL, so I wasn’t able to verify this feature.
Bandwidth Analysis
The Bandwidth Analysis and all the other features I’ll describe going forward require Fingbox. Bandwidth Analysis allows you to examine multiple devices on your network and see which ones are consuming the most bandwidth at any given time.
In the screenshot, I’ve selected my laptop (T460-Laptop-wired) and iPhone. I ran a speedtest on the laptop to make sure it was consuming bandwidth while I left the iPhone idle. As you can see, the Fingbox detected my laptop is consuming 65.7 Mbps while my iPhone is consuming 0.0 Mbps.
Bandwidth Analysis
Internet Speed Testing
Fingbox measures your internet speed and uses the results to calculate the devices consuming the highest percentages of your bandwidth. I first ran a speedtest using the Fing app, which reported my internet speed at 25.6 Mbps down and 6.0 Mbps up. This was a lower than expected result, as my internet connection is supposed to be 50 Mbps down and 5 Mbps up.
Internet Speed – Fingbox
I then ran a speed test from a wired PC on the same network using speedtest.net. This test from the wired PC returned a result of 70.88 Mbps down and 5.89 Mbps up. This method didn’t measure my downlink throughput accurately, either.
SpeedTest.net
I thought the discrepancy might be that the Fingbox speed test was running from my smart phone over Wi-Fi, but that wasn’t the case. I disconnected Fingbox and the Fing speed test wouldn’t run, which tells me the Fingbox appears to be running the speed test via its wired Ethernet connection. It’s possible the discrepancy was due to the servers used for each test (Fing has partnered with M-Lab for speed testing). The Fing speed test says it was testing to a location in Atlanta, GA, whereas the speed test I ran on my wired PC was connecting to a server not far from my location in Charlotte, NC.
I ran the Fing test multiple times and later got a result of 64 Mbps down and 5.8 Mbps, which is closer to what I expected. A nice feature is the Fing app tracks your speed results and displays them in the internet Speed History menu, shown below.
Speed Test History
Wi-Fi Performance
A useful Fingbox tool is the Wi-Fi performance tool that enables measurement of your local Wi-Fi speeds. The Fing app on your smartphone runs a speed test between it and Fingbox; no internet servers are used. This tool provides a handy means of measuring your Wi-Fi performance without inaccuracies introduced by using internet-based services.
Test results are averaged and displayed in real time on the screen shown below, so you can move around and see how speed changes. I used the tool in various locations of my house to discover where my Wi-Fi network was strongest and weakest.
Wi-Fi Speed Test
The history view shows past Wi-Fi speed test results. Note the Streaming Quality indication provided as part of the Wi-Fi Performance results. The 169.5 Mbps result shown above is deemed good enough for 4K streaming (25 Mbps). The SD and HD buttons will light up for measured speed of 3 Mbps and 5 Mbps and higher, respectively.
Wi-Fi Speed History
Device Blocking
Blocking a device’s Internet access is accomplished on the app by selecting the device and tapping “Block device.” I ran a simple test by setting up a continuous ping to the Internet from a laptop connected to the same network as the Fingbox. With the pings succeeding, I selected “Block device.” Within a few seconds, the pings failed. After a few failed pings, I selected “Unblock device” and the pings succeeded again. The below image shows the Internet pings succeeding, failing, and then succeeding again.
Block device
It’s important to note that the Fingbox “Block device” feature is a manual tool to enable and disable network access per device. The Fingbox does not detect devices as a security threat and automatically block them. Note also that Fingbox can’t block individual ports or port ranges to control access to specific internet services.
Parental Control
In addition to blocking a device’s internet access, you can also use the “Pause Internet” feature to block internet access but allow the device to access other devices on your network. Fing calls this feature a “simple internet Parental Control.” This tool is similar to the “Block device” tool in that you manually enable and disable it on a per device basis. When you enable the tool, you get the option to enable it for 30 minutes, 1 hour, 2 hours, 6 hours, 1 day, 1 week, or Forever.
I tested this feature by running two continuous pings, one to the internet (8.8.8.8) and another to the Fingbox. When I enabled the “Pause Internet” feature, pings to the Internet failed, while pings to the Fingbox on my network continued.
Fingbox also has a tool called “Schedule Pause” which allows you to create various schedules for automatically pausing internet access by day of week, time of day, and selected users. Below is a screen shot of the pre-built “Bedtime” schedule.
Blocking Schedule
How Does Blocking Work?
I found the Fingbox Block and Pause features interesting. The Fingbox has only a single Ethernet connection and doesn’t act as the network gateway, so it doesn’t appear to have the means to intercept traffic to and from a device.
To get a better idea of how the Fingbox blocked traffic, I did a packet capture (using Wireshark) on my network while I blocked a device that was actively connecting to the internet. Based on that packet capture, it appears that when you enable the “Block device” feature, the Fingbox sends an ARP (Address Resolution Protocol) message to the blocked device providing the Fingbox’s MAC address as the network gateway, which directs the blocked device to send its internet traffic to the Fingbox. The Fingbox then drops the internet packets coming from the blocked device, effectively cutting it off from the internet. We’ve seen this technique, known as ARP spoofing or ARP cache poisoning, used in the Circle With Disney device.
Below are a few lines from my Wireshark capture showing ARP messages sent from the Fingbox (Fing) to my Apple PC after I applied a “Block device” to it via the Fing app. As you can see, the ARP message is coming from a device Wireshark detects as a Domotz device (which is the Fingbox) and going to a device Wireshark detects as an Apple device (my Apple PC.) The ARP message is telling my Apple PC that its gateway at 172.24.7.1 is at MAC address f0:23:b9:eb:62:d7. The IP address 172.24.7.1 is my router but that MAC address is the Fingbox. The end result is my Apple PC sends its internet packets to the Fingbox instead of my router when the block feature is enabled.
ARP Spoofing
DigitalFence
The DigitalFence feature shows Wi-Fi devices in your Fingbox’ range, which the user manual says is around 30m/100 feet.
DigitalFence maintains three lists of detected devices:
- Nearby – devices that are active but are not connected to the local network managed by Fingbox.
- In my network – devices that are active and are connected to the Wi-Fi of the local network managed by Fingbox.
- Stations – Wi-Fi access points in the vicinity, sorted by signal strength.
Note the Stations nomenclature is contradictory to standard Wi-Fi use. Stations (aka STAs) are devices that connect to access points (APs). So the Stations screen actually lists APs; Nearby lists stations/devices/STAs.
Below is a screenshot of the “Nearby” list showing some of the devices (STAs) near my network that were picked up by the Fingbox.
DigitalFence Nearby view
Tapping on the chart icon in the screen top right corner displays a bar chart of devices (STAs) grouped by signal strength. The chart is updated every 5 seconds while it is open.
DigitalFence Nearby view
The "Fence" part of DigitalFence consists of two features. You can mark any device in the Nearby list to be watched.
DigitalFence – Watch device
If you really are concerned about a watched device, you can be alerted when its state changes. This means you’ll get an alert when it moves both in and out of range.
DigitalFence – Watched Device Alert
Internet Security Check
This feature looks for holes on the public-facing side (WAN) of your internet connection. The Remote Scan portion of the check looks for open ports from the internet side. The Internal Router Audit portion checks the router addresses, NAT configuration and whether UPnP or NAT-PMP is activated. You can run scans on demand; otherwise they run once a week.
Internet Security Check report
One interesting feature is the ability to close ports opened by UPnP, right from the app. This FAQ has the details.
Security Alerts
In addition to notifications about the comings and goings of devices, Fingbox can alert you to two other Wi-Fi maladies. The first is its ability to detect de-authentication messages. De-auths are part of most Wi-Fi attacks and are used to force Wi-Fi STAs to disconnect. An AP or router may legitimately use de-authentication for to move STAs for load balancing purposes. But a stream of de-auths usually indicates some sort of attack.
The good news is Fingbox can alert you to a de-auth attack. The bad is that it doesn’t do anything about it automatically. As with most of Fingbox’s security features, it’s up to you to take appropriate action (or not).
Finally, Fingbox detects "evil twin" access points and changes in default gateways, which can indicate man-in-the-middle attacks. Because of its ability to detect "evil twin" APs, Fing claims Fingbox protects against KRACK attacks. I did not verify this claim or either the de-auth or "evil twin" detection features.
Closing Thoughts
I liked the Fingbox’s simplicity and its ability to enable/disable Internet access manually and by schedule and its Wi-Fi speed test tool. I also liked the fact that you can purchase the Fingbox ($129) without a monthly or annual subscription.
But as a security device, the Fingbox is limited. It doesn’t scan packets going in and out of your network and it doesn’t scan devices for malware or viruses. Fingbox doesn’t act as a firewall, so has no means of blocking traffic from entering your network. Nor will it detect a compromised device that has been conscripted into a bot network and participating in DDoS attacks. And as noted earlier, it can’t block specific ports or port ranges.
However, Fingbox’s main weakness as a network security device is that it is limited to generating alerts, not taking action. This may be helpful for folks who know their way around a network and can judge the significance of each alert. But your average consumer is more likely to have his/her anxiety level raised and wonder whether, and how, to take action.
Even for those of us who know what to do, the timing of doing it can be a problem. If an attacker is trying to get into your network in the dead of night, do you want to be roused from sleep to respond to an alert?
In the end, Fingbox joins CUJO, BitDefender Box, Circle With Disney add-on boxes and router/Wi-Fi System based efforts from Norton, Luma and eero in the ranks of nice-try-but-no-cigar consumer solutions for network security. CUJO and the Box provide browsing protection, but neither do much for DoS or Parental Control security. While CUJO device inspects both incoming and outgoing packets to detect malware, Box inspects only outgoing packets and relies on software running in devices to detect malware.
For $129 and with no subscription fees, Fingbox definitely makes it easier to know what’s on your network, alert you to some forms of unusual activity and see who is using the most bandwidth. As a device to "secure and troubleshoot your home network", Fingbox’s strength is definitely on the latter.