Underpinning the original question, it seems replacing older Netgear products is a necessary part of the ‘solution’ for those worried enough…
6 Likes
Nice to know, or better not to know?
I wonder what percentage of average users might get to learn there is a risk?
Further how many of those who become aware are able to make an informed and appropriate decision about what to do next?
If only products (as suggested in the article) came with a ‘Use by’ Or ‘Best before’ date sticker. Typically operating systems (PC to mobile devices) come with built in updates. AV and security products such as Norton also self manage and try to ensure OS updates are implemented. Home networking products appear to exist in a vacuum where users are left to be self aware of the management needs and of updates.
Although I’ve just noted my Telstra 4GX enabled mobile data modem with wifi does remind me when updates are available. But at 2+ years old is it about to fall off the support list? (While Telstra branded the manufacturer is Netgear!)
5 Likes
Is this the same problem as: Security Warning From Netgear. 23.06.2020 ?
Regardless, the same advice applies: disable remote management (assuming that in order to exploit this problem remotely does require that remote management be enabled).
My home network equipment honeypot 
is not (yet) seeing any attempts on upgrade_check.cgi
This can sometimes be complicated because there are examples where a manufacturer has declared something EOL and then, later on, a vulnerability emerges that is so damaging to the brand that the manufacturer fixes it even in EOL equipment.
One way of tackling this is via warranty. That would hopefully stop vendors selling equipment that is already EOL (as mentioned in the article).
If home network (internet gateway) equipment were capable of periodically checking for available updates, a manufacturer could at least use that as a means of advising owners when the equipment went EOL.
This won’t work for air-gapped home network equipment. However that would be niche.
Don’t get me started on that …
4 Likes
I don’t think so but could stand corrected. They are patching newer products but those deemed ‘older’ products as listed are at risk, no patches to be forthcoming.
4 Likes
Such as Microsoft patching Windows 7 a couple of months after it reached EOL.
Note: that link is to Forbes. It appears that the Forbes website is now generating a tracking key when you visit a page. I have removed that part of the address, but a new key will be generated for anyone clicking the link. Deleting the key and then refreshing the page forces a new key to be generated, interestingly.
3 Likes
How great to know Forbes value your contribution.
On a tangent, a recent acquaintance has ordered two implantable storage devices. Both to keep valuable personal or confidential information. Supposedly this circumvents all known legislation demanding access and decryption because the content is part of your person. In a further stretch, it supposedly demonstrates the authenticity of the contents.
Before offering an alternate point of view I considered the proximity of the nearest mystical Glass House Mountain, it’s magnetic influences and absence of 5G nearby. Left well alone, it’s good to know we can rely on Businesses like Forbes to look after our interests.
The tale re the implants is fact. At least so far as an online order. I await their arrival and follow up discussion. I’d a Google for more but suspect it may lead me to a place I wish not to go.
3 Likes
That may be the case in the US, but your friend may want to consult a local lawyer about ‘self-incrimination’.
How do they expect to read from and write to their ‘internal storage’? There must be an external interface, and that is not part of their ‘person’.
4 Likes
I don’t claim to be a lawyer but, if this is a reference to Australian law, I think it is incorrect. I don’t think there are any such exemptions. Perhaps your acquaintance can cite an Act and Section etc. containing the exemption i.e. what the legal basis for this claim is.
It is possible that if you arranged the storage in such a way that accessing it would kill you, a magistrate would find that the demands by law enforcement are “unreasonable” and hence would not grant the order - but that would be risky. 
4 Likes
I believe it was a reference to the law as defined by the product promotion or a third party of doubtful reliability. IE BS. My opinion, not the purchaser’s who is possibly a victim of a deception or misguided.
Our old friend Forbes again suggests that to their knowledge the protection of data or control of access to data stored on human embedded devices is an unresolved concern. At least at Dec 2019.
The three classes of devices discussed extend the potential reach of the internet to places some of us might not want exposed. Simply put they carry the same vulnerabilities we often discuss with IOT.
4 Likes
