2018 will be the year of leaks, that’s already for sure. We still get the waves and impacts from last year attacks of KRACK, Meltdown & Spectre among other almost daily upcoming data breaches.
No provider and I really mean no provider, OEM’s or hardware manufacturer has given us something on the firmware subject over the last year, there is only the EULA and security guidance but when it comes to the most important question how long we get firmware updates nothing is mentioned! Router or in general hardware based firmware updates are a global problem if the provider wants he gives you an update and if not you’re vulnerable forever.
Some provider not even allowing you to install aftermarket firmware like OpenWRT to fix security holes, they argue that you lose your warranty which is totally nonsense because special sectors of most hardware are separate protected and can’t be overridden or damaged with a simple flash procedure - besides such protection mechanism - a simple re-flash or backup would solve this too, but the big ones preventing this.
Because of the recent leaks more and more people realizing that a lot of this could have been avoided if there would be an open dialog about the remaining question - what about firmware updates? It’s not that there aren’t firmware updates but they’re difficult to find, some pages are simply confusing and some people are not aware that there was a data breach which needs a firmware update. No one seems to be responsible for such important questions and no one seems to give a damn it seems. Oh yeah, another leak - so what my device is running and nothing visible happened to me so why should I care?! This is dramatically dangerous and in a modern world, I expect solutions very soon, at least some concepts this year.
In my opinion the ISP should work more together with OEMs to provide us with the updates as soon as possible, there should be no option to disable firmware updates in general, only an option to revert back or to flash other images (in case something happened or if you like to switch the firmware) - I see tons of outdated router and disabled update toggles because people simply don’t care or they using insecure default settings.