Yet another Mikrotik RouterOS exploit is in the wild

By Steve Biddle, in , posted: 24-Apr-2018 06:56

Users of hardware running Mikrotik RouterOS are urged to ensure their devices are secured after news of yet another security vulnerability affecting the platform.

The vulnerability allows a hacker to access the device remotely using Winbox port 8291 and then download the user database file from the router, extract valid usernames and passwords, and then access the device. It affects RouterOS versions 6.29 to 6.43rc3.

This vulnerability follows closely behind two others in the past month that have affected web access to the devices, and the SMB functionality.

All users of RouterOS should immediately ensure their hardware is upgraded to v6.42.1 (current) or  v6.43rc4 (release candidate). It’s important to note the 6.40.x bug fix only release channel does not currently have a fix available. If you are running 6.40.x restricting access via firewall rules to safe IP range(s) is essential to protect your device.

Best security practice is to also to not have a device exposed to the entire Internet on port 80 or 8291 for remote access. If these services are restricted to safe IP range(s) the risks of a device being compromised are reduced.

More information is available on the Mikrotik forums

No, AT aren’t stealing your money. How Stuff confused a nation.

By Steve Biddle, in , posted: 10-Sep-2017 18:25

New Zealand’s biggest news site today wrote a story basically accusing Auckland Transport (AT) of being thieves. I’d hate to be working at AT tomorrow having to be dealing with the fallout from this alt fact fake news.


This story has resulted in mass confusion from AT HOP card holders and lead many people to believe they’re going to lose the credit on their AT HOP cards if they don’t use them every 60 days. Nothing can be further from the truth.

The woman in the story topped up her AT HOP card online. The key point here is that AT HOP card, like any other stored value public transport card has the balance stored on the card itself. There are two ways to load credit onto the AT HOP card – the first is to do this at a retailer or AT HOP kiosk, and the second is to do this online.

Until the balance is physically loaded onto the card it doesn’t actually exist.

When you top up a AT HOP card at a kiosk or retailer it’s a real time transaction and your card balance update is immediately applied.

When you top up your card online it’s a two part process. First off you “buy” the credit online using your credit card. Typically this payment data is downloaded to every AT HOP terminal across the network in every bus, train and ferry overnight. When you now tag on to a bus, train or ferry, or ask for a balance query at a AT HOP terminal that new balance will be applied to your AT HOP card.

The woman in this story purchased the credit online but ignored the very clear instructions provided during the online top up process. Her balance never “mysteriously dropped to zero” as it was always zero. As she didn’t use the new card within 60 days of the online transaction her balance was never applied to her card.

Many people who have read the story now mistakenly believe that they will lose their AT HOP card balance if they don’t use it every 60 days.








The actual story here is the 60 day period that exists between purchasing credit online and using your AT HOP card on a bus, train or ferry, or asking for a balance at an AT HOP terminal. If you fail to use your card within 60 days of an online top up, your top up is removed from the system.

As explained above every night every AT HOP terminal is loaded with a file that contains online payment details and card numbers. Every time a person taps on to a bus, train or ferry this database needs to be queried to check if credit needs to be applied to the card.

A typical HOP transaction takes around 350ms to occur – in this time the card is read, the database queried to see if the card is valid or blocked, the top up database is checked to see if a top up balance needs to be applied to the card, and lastly the new balance is written back to the card. Every step of this process takes time, and time is critical. If transaction times were doubled to 700ms for example it would cause considerable delays to the tag on process and would create significant delays for people boarding their bus.

Best practice for any ticketing solution anywhere in the world is to have a period of time where online top up data is stored on terminals before it’s removed. If this data is stored indefinitely it would simply slow down card processing times to the point where the customer experience would be impacted.

Many people have accused AT of theft. This can’t be further from the truth. The credit is sitting there waiting for the AT card holder to tell them what to do with it, and it seems AT are only too happy to credit this back when people do make contact.

An analogy of this would be to compare it to ordering and paying for a product online from a click and collect retailer but never actually going to the store to pick it up. When you finally do the retailer has sent the product back to the warehouse because they don’t have room to store it. They’ve simply been waiting for you to contact them to tell them what you’d like to do.

Automatically refunding the balance back to the credit card that was used is not a good solution. Credit card numbers change and the card used may also not belong to the card holder.

AT’s best approach should be to make contact with the card holder if the top up isn’t applied within 60 days. I have no idea if this is process or not, but as a card has to be registered to be topped up online AT should have contact details for the card holder.

If you’re an AT HOP card holder you can be rest assured your balance will not expire if your card is not used every 60 days. As per AT HOP terms and conditions (section 9) any credit on an AT HOP card will expire if an AT HOP card is not used for a period of 6 years.

If you’re somebody who tops up online, ensure you use your card within 60 days by either taking a journey or checking the balance at an AT HOP kiosk or retailer so the balance can be applied.

The perils of using Airbnb during big events

By Steve Biddle, in , posted: 3-Sep-2017 15:56

Those of you who know me will know I’m a pretty prolific traveler. As is the case when you fly somewhere you normally need somewhere to stay, and over the past few years I’ve spent somewhere in the vicinity of 60 – 80 nights per year in hotels both for work and leisure.

Despite my need for accommodation, I’ve never been a big user of Airbnb. On a recent trip to to Europe I spent a week staying in Airbnb properties with friends, and on a trip to Europe several years ago also spent a week staying in a number of properties with friends. Apart from minor issues such as broken air conditioning that would be easily fixed in a hotel (they move you to another room) I’ve never had any major issues with Airbnb and have stayed in some fantastic properties.

So why don’t I book Airbnb more often? Much of it comes down to the fact that staying in a hotel is just so much easier. I can get to a location, head straight to the hotel, check in, and head to my room. With Airbnb the process normally involves meeting with people to arrange keys and/or access which simply isn’t as quick or simple. Like being an Apple or an Android user I appreciate both options – and in my case I simply prefer hotels for much of my travel. When traveling with friends however, a large house or apartment that can sleep 3 or 4 people is much preferable to booking multiple hotel rooms.

Those of you in the tech world will know all about CES. It’s the biggest tech show in the world and sees Las Vegas turned into a city of chaos for 5 days as 170,000+ people from around the world all converge on it. It’s somewhere I’ve been before, and somewhere I’m heading to again in January along with several other Geekzone users.

As you can imagine with so many people visiting Las Vegas, accommodation becomes very important. While hotels in Las Vegas can be dirt cheap for much of the year, CES is an opportunity to make money. Rooms that are normally US$25 a night can go for US$250. Rooms that are US$250 night can easily go for US$1000. Look at an accommodation site such as Expedia right now and you’ll struggle to find a hotel room in Las Vegas for a week for under NZ$2000 during CES. Want something more upmarket? A stay at the Venetian or Palazzo will easily set you back NZ$7000 for a week long stay! At other times of the year you’d pay roughly 1/4 of this price.

In May when I booked flights to Las Vegas I immediately started looking for accommodation. The traffic carnage that ensues during CES means that buses, taxis and Uber simply end up being the traffic congestion. Roads are clogged, and getting around takes a very long time during both the morning and evening rush hours. Despite Las Vegas being a big city, walking is the best way to go. Finding somewhere to stay within 20 mins walk of the Las Vegas Convention Centre and The Strip really is the perfect place to be.

I looked at both hotel and Airbnb options before settling on an Airbnb property that cost me NZ$1150 for the week. The apartment looked great, and the location was also great. Everything was great.. Until several days ago when I received an email from Airbnb saying my booking had been cancelled.

Immediately I asked Airbnb what they could do for me and have been in contact with their team both via email and phone. Their customer service has been great, but right now I still don’t have anywhere to stay. Several other suggested properties are literally miles away. Others that are closer are still not as good or as well located as what I had previously.

Due to the fact many hotels have sold their cheap rooms and most good Airbnb properties are now booked, finding something else to book is proving difficult. There is nothing in the price range that I paid that’s in a location I want. Airbnb are willing to offer me a US$100 credit for the inconvenience, but when properties that are suitable are up to twice the price I paid that’s hardly a great deal. Staying in a cheap hotel may be the best option, but that’s going to cost me another NZ$500ish or so for the week.

All of this shows the problem with the Airbnb model. Short of a major disaster, a hotel selling rooms isn’t going to suddenly disappear – once you pay your money your booking is confirmed and you’ll have a room.

Paying for a property with a strict refund policy on Airbnb meant I was locked in to that property and was not eligible for a refund if I cancelled. Nothing however prevents the Airbnb host from cancelling under an extenuating circumstances policy. This property has now been removed from Airbnb so there is nothing to suggest the host is doing anything dodgy such as cancelling so he can relist it for a higher price, but a recent change to the listing suggests it was being turned into a long term stay rather than short term.

Under many circumstances such a cancellation may not be a major deal – the problem is in somewhere like Las Vegas during CES it’s now me who’s dealing the the extenuating circumstances of a cancelled booking and the fact rebooking somewhere to stay will cost me significantly more money.

I don’t necessarily think expecting Airbnb to front up and offer me another NZ$1000 in credit to book a property in a similar location to where I had booked is fair – but I also don’t think me having to pay a single cent more than I had already paid for a booking is fair either. Ultimately they’re the ones who have inconvenienced me, so why should I have to settle for a property or location that means my holiday experience is ruined?

While this won’t put me off ever using Airbnb again, it’ll certainly put me off booking Airbnb ever during a peak travel period or for an event where accommodation is busy. The risks of having your host cancel and being left to find accommodation that will cost significantly more simply isn’t worth the risk.

How to remotely control your heat pump from your phone for under NZ$25

By Steve Biddle, in , posted: 16-Jul-2017 12:46

A heat pump is now the most common method of heating New Zealand homes. With winter now in full force it’s safe to say most will be in use to combat the current cold weather.

One feature of relatively new heat pumps is the ability to connect them to your WiFi network and control them from a phone app. Being able to turn your heat pump on remotely as you’re on your way home, or schedule daily timer settings that can’t be easily set from the remote become incredibly handy features to have.

But what if if you’ve got an older heat pump that doesn’t have built in WiFi and an app? There are now a growing number of 3rd party hardware solutions that will allow you to control your heat pump from your phone - several New Zealand developers have even entered the market offering products.

These solutions are all very similar, consisting of a hardware Infrared (IR) transmitter that connects to your WiFi network, and an app that connects to the transmitter, typically via a cloud based server on the Internet. Simply by configuring your brand of heat pump the app can send commands to the IR transmitter which in turn sends the IR commands to the heat pump, emulating the regular remote control.

While many of these solutions work incredibly well there is one downside – the price. Many are well over NZ$200 for the hardware and app.

What if I told you that you could control your heat pump remotely from your phone for under NZ$25? You can.

Broadlink is a Chinese hardware manufacturer who builds IR transmitters and smart switches. Their miniature sized RM Mini 3 is a USB powered IR transmitter that’s perfect for controlling your heat pump, or in fact any other IR controllable device such as a TV, stereo or set top box.


The Broadlink RM Mini 3 is available from a myriad of usual sources of Chinese electronics goods such as Aliexpress, Banggood and eBay, with prices typically between US$13 and US$19 including free shipping to New Zealand. A quick search of TradeMe has shown several New Zealand sellers who are probably just importing this hardware from similar sellers and reselling it with a fairly hefty margin.

I don’t want to directly link to any Aliexpress sellers to avoid anybody accusing me of favouring a single seller. A quick search of Aliexpress will show plenty of sellers across the price range.

The Broadlink RM Mini 3 is USB powered but does not come with a power supply. Any surplus USB phone charger will work fine. Obviously the device needs to be permanently powered, and located within line of sight of the heat pump (or other device you want to control) so the IR transmitter will work.

Once powered up configuration is relatively straight forward. The device will broadcast it’s own WiFi network, so once you’ve installed the Broadlink app on your phone connect to this network. From the app you’ll now be prompted to enter the WiFi SSID and password for your home WiFi network. Once this is done the Broadlink RM Mini 3 will connect to your WiFi network and is ready to go.

Adding a heat pump is also relatively simple. Simply select the menu option to add a device and then follow the prompts on screen – simply by aiming your existing remote at the RM Mini 3 and pushing a button on the remote will allow the hardware to match the IR code with it’s database and know the brand of hardware you have. Setup is now complete.


Controlling the heat pump is now simple. Open the app, select your device and you’ll see a screen replicating your existing remote control.



From the menu you can also configure multiple timer settings across the week. You can configure one off events, or daily events to switch the heat pump on or off.


The Broadlink app is available for both Android and iOS. It’s fair to say it’s not the most beautiful app, or the best designed, but it serves it’s purpose allowing you to easily turn your heat pump on or off remotely.

For those are looking to take things further the Broadlink RM Mini 3 hardware can be integrated with openHAB or Apple Homekit via the Homebridge gateway. Fellow New Zealander Nic Wise has written up a great guide for integrating this hardware with Homekit.

Why a 24hr parking limit won’t fix the Wellington airport parking issue.

By Steve Biddle, in , posted: 9-Jun-2017 12:22

Unless you’ve been living under a rock you’ll be well aware of the issues surrounding car parking at Wellington airport and the surrounding Miramar streets. Streets nearby to the airport have become a popular alternative for both travellers and staff working at the airport to avoid what many consider to be be excessive parking charges at the airport.

The issue reached breaking point earlier in the year when a local resident was charged and jailed for slashing the tyres of cars parked in streets near his home. This spurred the Wellington City Council into reviewing the situation.

Last week the Council (who are a part owner of the airport) announced that nearby streets within an approximate 700m range of the airport will have a 24hr parking limit. Local residents will receive a single parking permit per property allowing them to park a single vehicle in this area.

This was exclaimed as a “solution to the problem” by media and Council however this can’t be further from the truth – anybody who thinks such a limit will be a magic fix for the problem really are living in a dream world. Rather than actually looking at the issue and why it occurs they’ve implemented a “solution” that’s nothing but a knee jerk reaction.


From an economics point of view parking at the airport is a finite resource and with significant numbers of parks currently unavailable due to construction of both a new multi story parking building and hotel, many would argue that pricing needs to be set accordingly to ensure demand is matched with supply. With this in mind it’s clear the airport’s parking pricing model is fundamentally flawed – offering long term parking for $125 for up to 9 days and then $5 per day for additional days simply ties up parking space at the airport, meanwhile those who want to park at the airport for a weekend trip away can easily find themselves paying roughly between $64 and $90 for parking. With such high pricing for short term stays it’s hardly surprising people are looking for cheaper alternatives for a day trip or weekend away.

As a frequent flyer I used to be a regular customer of Air New Zealand’s airport parking. This parking space was shared with Air New Zealand staff and consisted of both outdoor and under cover parking using the former Air New Zealand hanger. I was happy to pay $18 per day to park 5 minutes walk away from the terminal and had the option of using the provided shuttle if I so desired. As a result of the demolition of the hanger in early 2017 this land is no longer available to Air New Zealand and their public parking has been discontinued. Air New Zealand Airpoints Elite customers are also disadvantaged with no ability to use their parking vouchers that are allocated each year as a customer benefit.

It’s not the first time that Air New Zealand have been involved in a dispute with the airport company over parking – their valet parking was discontinued several years ago after the airport company announced a significant price increase for the use of car parks near the terminal.

The alternative is now $32.30 per day to park in the airport’s own parking near the terminal. This significant jump in parking prices has turned me into a “street parker” and it’s something I don’t feel guilty about. An 80% increase in the cost to me is a fairly significant price hike.

Many would argue the solution is to encourage alternative forms of transport to the airport including public transport. Public transport during the day is great, but is not an option for those arriving for early morning international or domestic departures, and is also not available for late night international arrivals.

While a taxi or shuttle is an option (complete with an airport surcharge) the airport company refuses to let ride sharing service Uber operate from airport land and continually threatens to trespass drivers despite some legal advice which says they’re unable to do so. The airport company are so unhappy with Uber that they’ve even gone as far as blocking access to the Uber website using their free WiFi meaning it’s not possible to make a booking using this. This means that the hundreds of users per day of the Uber service are typically picked up from the nearby Burger King & Z petrol station which is a 5 minute walk away. Such draconian measures from the airport company towards Uber does nothing to encourage the use of alternative means of transport.

With a 24 hour parking limit set to soon be in place in nearby streets the big question will be what impact this has on those streets. Local residents will only be permitted to park a single vehicle outside their house in the zone – and one assumes if you have more than one vehicle that you will simply find somebody else’s street nearby outside the zone to park it in. Those staff at the airport who aren’t eligible for free staff parking will presumably continue to park in the streets as they’re under the 24 hour limit. Travellers parking for under 24 hours will presumably continue to park in nearby streets as they won’t be affected by the new restrictions. Those who are parking in the street for more than 24 hours will presumably just park outside the 700m zone, because after all an extra 5 minute walk is highly unlikely to change their mindset.

Vehicles breaking the new rules will be liable for a $57 fine or face being towed away. As parking for 28 hours at the airport will cost more than $57 such a fine seems pointless – every car caught breaking the rules would need to be towed for it to be affective as simply paying the fine will be cheaper than airport parking.

Rather than fixing the problem this change is simply going to move the problem further into the suburbs and potentially even increase the problems on the Kilbirnie side on the airport which is easily accessible via the underground subway under the runway.

So what am I going to do? For my regular day trips away I’ll likely still be parking in the street. For weekend trips I’ll just park beyond the 700m zone and walk. I was happy to pay $36 for parking at Air New Zealand for a 30 hr weekend away in Auckland – I’m not happy to pay the $64 the airport want for their parking. For that extra $28 I could even park in a nearby street and catch a taxi or Uber and still save money. Watching what happens over the next six months will be interesting to observe.

CCTV exposed. Why understanding network security is so important.

By Steve Biddle, in , posted: 18-May-2017 07:44

For those of you who are regulars on Geekzone you’ll know one of my pet peeves is people who don’t understand the huge security risk associated with port forwards. Configuring a port forward in your router or firewall is something configured by people every day, with the vast majority probably failing to consider the security risks of something that’s so easily done.

Opening up your network to allow traffic from anywhere on the Internet to directly access your PC or hardware behind your router and/or firewall removes an entire layer of security, and allows anybody on the Internet to directly access your PC or hardware on the port(s) that have been forwarded. If there are security exploits in either the software on your PC or the hardware it could easily compromise your entire network and your security.

If you’re running a VoIP setup and port forward port 5060 you’re opening your IP PBX or phone system up to what will be a never ending attack from bots and scripts trying to find holes your system for the purpose of routing illegitimate calls.  By setting up a port forward to CCTV equipment you run the risk of your security cameras being left wide open for anybody on the Internet to view for both entertainment and for possible malicious purposes.

In recent days we’re once again seen a mainstream media article on Stuff discussing compromised or poorly configured CCTV cameras in New Zealand that can be openly viewed by anybody on the Internet. While Stuff have chosen not to name where these cameras are linked from, the source is, a site that proclaims itself as “the world biggest directory of online surveillance security cameras”. This story is very similar to another run in 2014 in the NZ Herald discussing the very same issue with cameras in New Zealand viewable on the insecam website.

cctv image 1

cctv image 3

While this site lists only lists openly viewable CCTV equipment, IoT search tool Shodan is the best resource on the Internet for discovering hardware devices (both CCTV and other) that are exposed to the Internet. Many of these devices are “compromised” because of one simple flaw – either configuring port forwards to allow remote access, or enabling UPnP allowing the devices to create their own port forwards for remote access. It’s worth pointing out here that the insecam website isn’t doing anything illegal – they’re simply aggregating content that’s all publically accessible.

If you’ve got CCTV cameras then it’s not an unrealistic requirement to want to view these remotely. Most systems these days offer web access and/or mobile apps allowing you to view your cameras from anywhere in the world, and many even pitch remote access as a key selling point. The simplest way to configure remote access is to set up a port forward allowing direct access to the camera itself, a Network Video Recorder (NVR) or a Digital Video recorder (DVR).

Some equipment may also be UPnP enabled to make this process even easier – if you have a router with UPnP capabilities and the UPnP functionality is enabled on both your router and the CCTV equipment you may have your CCTV equipment exposed to the Internet even without your knowledge. By having a port forward or UPnP enabled you’ve exposed your CCTV system to the entire Internet and it’s now as a secure as the hardware you’re using.. And that’s where the problems start.

Many people clearly never change default passwords of some of the equipment viewable on the Internet. Many brands of cheap Chinese CCTV equipment also run embedded software of dubious quality with very well known exploits and hacks. Many also contain backdoor passwords, meaning that even if you change the password these devices can still be accessed by anybody with this knowledge. As many of these systems are never upgraded by installers or end users, flaws that have been fixed can often still exist for the life of the system.

The issues also extend beyond somebody snooping on your video feeds – some of these exploits can also be used to turn your hardware into a bot capable of being used for major DDoS attacks, or even turned into a tool for mining bitcoins. In September 2016 one the world’s largest DDoS attacks against krebsonsecurity was reportedly performed with the assistance of over 145,000 compromised CCTV cameras.

In my day job as a network engineer I’ve had numerous dealings with security companies who lack even basic fundamental knowledge when it comes to networking and security. Concepts of networking are something that many people will fail to grasp, with many people relying on the advice of others or a “she’ll be right” mentality rather than seeking proper advice from an expert.

There have been many threads here on Geekzone about CCTV systems and comments posted by people who have been told that “nobody knows your IP address”, “you’re on a dynamic IP address which keeps changing so nobody will find you”, “I’ll change the port to something random so they won’t find you” or “if you make your password secure you’ll be fine”. Statements like this show a fundamental lack of knowledge, and when they’ve given by people posing to be security experts, should really be raising alarm bells. Having a public IP that changes regularly or changing ports offers absolutely nothing in the way of security. Likewise having a secure password is meaningless if a backdoor master password exists on your device.

If you’re wanting remote access to most hardware on an internal network there is only one safe way to do this – by using a Virtual Private Network (VPN). By using an appropriate router with a built in VPN server you can connect your remote PC or phone via VPN and then safely browse your cameras with no risk of your cameras or data being exposed to the entire Internet. If access is only required from specific connections then you could also look to restrict access to a locked down range of public IP addresses to ensure your cameras are not unnecessarily exposed.

If you have an IP camera, NVR or DVR that’s exposed to the Internet using port forwards or you have UPnP enabled you should be taking immediate steps to secure it. If your knowledge of networking doesn’t extend to configuring a VPN then you should be disabling remote access and/or UPnP until such time as you are able to implement a VPN or lock down access to specific IP ranges.

If your security or CCTV installer has no issues with allowing port forwards then you should be on the lookout for a new installer. You’re not just compromising your own safety and security, you’re also compromising the safety, security and end user experience of everybody on the Internet if your hardware can be compromised and used as a bot for DDoS attacks.

Anker make some of the best USB chargers and powerbanks available. Now you can get their products shipped directly to New Zealand

By Steve Biddle, in , posted: 21-Apr-2017 07:37

I’ll start by being honest. I’m a huge Anker fanboy. Since I first purchased one of their multiport USB chargers a few years ago I’ve ended up with quite a collection of their USB chargers and USB powerbanks. These days electronic devices running out of battery can be a major first world problem, so a good portable powerbank and desktop charger are must have gadgets for many people. As I travel a lot I find a good quality powerbank an essential travel item in my bag.


I’ve played with other brands of USB chargers and powerbanks and have quite a collection here of devices from Anker, Ravpower and AUKEY. Anker is the top selling brand of USB charging devices of Amazon, with Ravpower and AUKEY sitting just behind. Based on my experiences I find AUKEY is OK, Ravpower is great, and Anker leads the pack.


Purchasing all three brands is difficult as none of these are sold in New Zealand. Purchasing a good quality portable USB powerbank or desktop charger from a NZ retailer is pretty much impossible. Anker products are slowly entering the Australian market after launching there last year, so hopefully a New Zealand retailer will pick up distribution here.

You’re probably wondering about now these brands are so much better than cheap powerbanks or wall chargers. The answer to that isn’t quite so simple to explain without a long lecture on USB standards and modern devices. I’ll try and shorten that to a few paragraphs.

In the “old” days USB ports simply supplied +5VDC over the power pins and anything plugged into it charged, normally at a rate somewhere between 100mA and the 500mA maximum that the USB standard supported. As smartphones got smarter and battery capacity increased in both phones and tablets additional USB charging specifications were created allowing devices to draw far more than 500mA. If you’ve got a smart phone manufactured within the last 5 or so years you’ll typically find it can charge at up to around 1000 mA or more. Most mid to high end devices from the past couple of years support Qualcomm Quickcharge (QC) 2.0 or QC3.0 standards that supports charging rates of up to around 2000 mAh, or have a USB-C connector that supports charging rates even higher.

Years ago it could easily take 5-6 hours (or even longer) to charge a phone. Now a modern high end smart phone can often be fully charged in 60 - 90 minutes. A quick 10 minute top up charge on a modern QC2.0, QC3.0 or USB-C device can give you a few extra hours of battery life.

If you plug a modern smart phone into a “dumb” charger you’ll find that it’ll probably charge at around 400 – 500 mA maximum and charging your device can take 6-8 hours. Such examples of dumb chargers are USB connectors on plane IFE screens, hotels or in many public places. Most cheap USB chargers and powerbanks also fall into this category. It’s also worth mentioning here the importance of good quality USB cables – many cheap cables are poorly made and can also affect charging performance.

The picture below demonstrates the charging rate of my Xperia Z5 phone plugged into my Anker powerbank (left) and the IFE screen on an Air New Zealand 777 with Panasonic eX3 IFE. As you can see the Anker is charging the phone nearly 5x faster than the IFE USB port. Fully charging my phone plugged into the IFE would take somewhere around 9 hours. It would take under 2 hours with this particular powerbank.


A good portable powerbank or charger will support modern standards such as QC2.0, QC3.0 or USB-C and also have the smarts to detect the type of device and charge it at the maximum possible charge rate. Products from reputable brands such as Anker, Ravpower and AUKEY all do this on various models. In my opinion Anker just do it better with their PowerIQ smart charging system. Many cheap aftermarket USB powerbanks and chargers don’t have any smarts, and as a result you’ll encounter charging rates far less than you could be enjoying.

As I visit the US several times each year I tend to order a lot of products from Amazon and have found myself bringing back large quantities of Anker products for other Geekzone users. Many people can use shipping services such as YouShop to buy products from the US, but due to restrictions now in place in the aviation world in part due in part to two 747 freighter crashes linked to cargo fires involving lithium batteries, the shipment of devices containing lithium batteries is now heavily restricted.

Anker have their own eBay store and have been selling products on here for some time. At times they’ve offered shipping to New Zealand, but without reason this has suddenly ended – only to resume again months later. For several months now they’ve been shipping products to New Zealand, and the good news is it’s a) affordable (shipping is around $10 on many products), and b) they will ship some portable powerbanks.

Products such as their regular 10,400 mAh portable charger work out at just over NZ$40 incl shipping


Or if you’ve got a phone with QC2.0 or QC3.0 and want to take advantage of much faster charging speeds then you’ll probably be interested in one of their QC3.0 capable powerbanks. This is the model I currently use and recommend.


Or if you’re simply after a desktop charger for your USB-C phone then one of these will work perfectly. You will just need to purchase a NZ power cable (figure 8 plug) which will cost you about NZ$4.54 from PB Tech


Not all products on the Anker store can be shipped to New Zealand, but many of their powerbanks and desktop chargers can. If you’re after a great charging solution or powerbank it’s a great time to buy now in case these shipping deals ever end again.

You can visit the Anker eBay store at

United Airlines pulls out of New Zealand for Southern Hemisphere Winter – AKL/SFO becomes seasonal.

By Steve Biddle, in , posted: 6-Jan-2017 21:55

Airline travel from New Zealand to the United States has seen plenty of deals over the past year with the introduction of flight by both American Airlines and United Airlines on the Auckland (AKL) to Los Angeles (LAX) and Auckland (AKL) to San Francisco (SFO) routes during the middle of 2016. These routes had been operated exclusively by Air New Zealand for a number of years since Qantas stopped flights to North America out of New Zealand in 2012.

The tie up between Air New Zealand and United on the SFO route was a joint venture that also revenue shared. It meant a reduction in Air New Zealand services (who previously operated twice daily flights some days) that were in turn replaced by the United flight. The earlier United Airlines flight time meant better connections into SFO for those heading across the country on the United Airlines US domestic network.

United have today pulled year round services on the AKL to SFO route and made this route seasonal. The last scheduled services will be on April 16th 2017, however availably beyond March 24th 2017 seems to be non existent. The route will recommence on 31st October 2017.

Those who are cynical will know that the reason for such a tie-up between both airlines seemed merely to introduce additional capacity into North America to compete with American Airlines (AA) who launched AKL to LAX and partnered with fellow oneworld partner Qantas on this route. Both Qantas and American had applied for permission to operate Australian and New Zealand routes as a joint venture, however their application was declined by the US Department of Transportation (DOT) in November, a decision that has also potentially throw into doubt the future of their New Zealand operations in light of their low passenger loadings on this route.

The introduction of American Airlines services saw prices drop as low as $899 return from Auckland to Los Angeles as competition heated up on the route. Such pricing is not sustainable however, and even with pricing that low American Airlines have struggled to fill seats on their planes. Rumours have been around for some time that they’ve been considering pulling the plug on this route, so it’ll be interesting to see if anything eventuates in light of this news from United Airlines.

Air New Zealand launches Flexitime Membership (and how it can save you $$$)

By Steve Biddle, in , posted: 2-Nov-2016 08:52

In my inbox this morning I received an announcement of Air New Zealand’s new Flexitime Membership. It’s been a while since Air New Zealand made any significant changes to their domestic flight offerings, and if you’re a frequent flyer this membership represents a true bargain that could easily pay for itself in a single trip.

On Domestic flights Air New Zealand offer four fare types -


Flexitime Membership is an annual fee of $199, is only available to specially invited customers, and at this stage is only available for sale during a trial period until the 15th November (what happens after then is unclear). For your $199 you get the ability to purchase seat only fares but get the benefits of flexitime for all flights – this means you can change your flight on the day of departure, get a free bag, and also have the ability to select a seat. Airpoints Dollars and Status Point earn is that of the seat only fare.

The ability to change a flight only applies to the person with membership, so you can’t book a flight with somebody else and make changes to both passengers.

For those who don’t travel frequently, the significant benefits of a flexitime fare may not seem obvious. While primarily targeted at business customers who may find their plans change and giving them the flexibility to change their flight time to an earlier or later one, flexitime fares are increasingly being purchased by passengers to save money on airfares.

Looking at the example below it’s $139 for the cheapest flexitime fare between Auckland and Wellington this Friday. Later on the day it’s up to $314 for a seat only fare on flights later in the day. If you were travelling between Auckland and Wellington this Friday evening and were only planning on a seat only fare, by buying a $139 fare on the 6:30am flight you can change this on the day you are flying (from midnight Thursday) to the 8:00pm flight for free, meaning you’ve saved yourself $140 – or 50% of the fare price. With Flexitime membership you would save even more as you’d only need to spend $109 for a seat only fare on the 6:30 flight.

Playing a game like this not for the faint hearted – you’re gambling that there is space on the flight you want to move to, and if the flight you want fills up, you’re going to be stuck. On main trunk jet routes this is unlikely except for very busy travelling times, but on regional routes with only a few flights per day it’s not recommended as it’s a lot easier to get caught out.



Flexitime Membership changes the game entirely. The $199 membership could easily pay for itself in a couple of flights, but it’s likely to significantly increase the number of passengers flying with flexitime fares, meaning same day changes could become more difficult. This is no doubt the reason why sales of the product are currently only available until Mid November and that it is considered to be a “trial” product.

More details are available on the Air New Zealand website -

Have an interest in retail payments and credit card interchange rates? Here’s your chance to have a say.

By Steve Biddle, in , posted: 28-Oct-2016 07:43

In May this year I wrote a blog post about credit cards and reward schemes - “Addicted to the Airpoints Credit Card money go round? You might be about to be pushed off.”. I wrote this after the Ministry of Business, Innovation and Employment (MBIE) was asked by the Government to examine retail payments in New Zealand. This followed similar investigations in both the United Kingdom and Australia over the past two years that have seen major changes to retail payment schemes. Amongst other things these changes have seen credit card interchange rates slashed, meaning that the cost for retailers to accept credit cards has been cut significantly. It has also meant major changes to credit card rewards programs in the United Kingdom, but the effects on the Australian market have yet to be felt.

MBIE are now calling for public submissions on the issue, so if you’re a retailer who believes that your cost of accepting credit cards is too high, or simply an individual who has an opinion on the matter here’s your chance to be heard. Submissions close on the 13th December 2016.

Even if you have no interest in making a submission but have an interest in understanding how payments systems work the issues paper makes great reading.

sbiddle's profile

Steve Biddle
New Zealand

I'm an engineer who loves building solutions to solve problems. I'll also a co-founder of the travel site. 

I also love sharing my views and analysis of the tech world on this blog, along with the odd story about aviation and the travel industry.

My interests and skillset include:

*VoIP (Voice over IP). I work with various brands of hardware and PBX's on a daily basis
  -Asterisk (incl PiaF, FreePBX, Elastix)

  -xDSL deployments

*Structured cabling
  -Home/office cabling
  -Phone & Data

*Computer networking
  -Mikrotik hardware
  -WAN/LAN solutions

*Wireless solutions
  -Motel/Hotel hotspot deployments
  -Outdoor wireless deployments, both small and large scale
  -Temporary wireless deployments
*CCTV solutions
  -Analogue and IP

I'm an #avgeek who loves to travel the world (preferably in seat 1A) and stay in nice hotels.

+My views do no represent my employer. I'm sure they'll be happy to give their own if you ask them.

You can contact me here or by email at