WiFi routers: from lockdown to lock-open

Posted Oct 20, 2015 19:08 UTC (Tue) by erwbgy (subscriber, #4104)
In reply to: WiFi routers: from lockdown to lock-open by dskoll
Parent article: WiFi routers: from lockdown to lock-open

The problem with automatic upgrades is that if the keys to push the upgrades were to be stolen then it would be possible to push out malicious software to a large number of devices. And if it were not possible to somehow update these devices then users would have no other option but to switch them off, if they even noticed that there was an issue.

WiFi routers: from lockdown to lock-open

Posted Oct 20, 2015 19:12 UTC (Tue) by mjg59 (subscriber, #23239) [Link]

If your keys aren't in an HSM then you're doing it very wrong

WiFi routers: from lockdown to lock-open

Posted Oct 22, 2015 9:15 UTC (Thu) by Wol (subscriber, #4433) [Link]

The problem is that it is currently very easy for a malicious actor to push out updates to a large number of devices RIGHT NOW.

So no change there, then.

At least if we have updates, the ISPs can then block routers which have been compromised or not updated and we have some sort of stick to make people care (not that that's what we want to do, it's what we may have to do). Oh - and many people have their routers supplied by their ISPs, so they can do bulk updates and/or replaces, as required.

Cheers,
Wol