Security News Netgear router firmware contains a remote data collection feature

frogboy

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Do you have NightHawk R7000 Netgear router?

Netgear released a new firmware update last week for the wireless router model NightHawk R7000. Security experts found that it included a remote data collection feature that collects router’s analytics data and sends it to the vendor (company’s server).

The new release of the firmware that issued by the company gathers the following information from the devices:

– IP address
– MAC addresses
– Serial number
– Total number of devices connected to the router
– Router’s running status
– Types of connections
– LAN/WAN status
– Wi-Fi bands and channels
– Technical details about the use and functioning of the router and the WiFi network.

Netgear said that it is collecting the data to isolate and debug common technical issues, develop router features and functionality, and improve the performance and usability of the routers.

Full Article. Netgear router firmware contains a remote data collection feature - Latest Hacking News
 
  • Like
Reactions: Solarquest, HarborFront, Fritz and 3 others
H

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,140
ASUS's routers also doing the same......maybe worse

Read

Router Bugs Flaws Hacks and Vulnerabilities

Quote

The stock firmware that runs Asus routers is called ASUSRWRT and it has a somewhat hidden privacy issue. If you use any of the following features, it will collect and transmit data about which websites you visit to Trend Micro: Apps/traffic Analysis, Bandwidth Monitor, Network Analyzer, Network Protection (AiProtection), Parental Controls (including time scheduling), Quality-of-Service, Web History and Network Map. This is spelled out in a EULA from Trend Micro. If the software thinks a website URL is potentially fraudulent, it sends the URL to Trend. In addition, executable files or content that is identified as potential malware is also send to Trend. Finally, email messages identified as spam or malware are sent to Trend, despite the fact that they may contain sensitive data. Quoting: "The EULA also contains language holding the router's owner responsible for notifying their friends, family, and house guests who connect to the internet through the ASUS router that any network activity may be recorded and shared with Trend Micro."
Click to expand...

Review: ASUSWRT router firmware – Ctrl blog
http://ec2-54-202-251-7.us-west-2.compute.amazonaws.com/tm_eula.htm
 
  • Like
Reactions: ravi prakash saini, Solarquest, Winter Soldier and 1 other person
frogboy

frogboy

In memoriam 1961-2018
Thread author
Verified
Top Poster
Well-known
Jun 9, 2013
6,720
Solarquest said:
In my opinion all these companies that collect data for whatever reason should clearly ask the users if they agree and specify what information is collected.
They don't do it? "No problem", they should be fined...Soon we will have no more issue like this.
Click to expand...
If only that could be initiated it would be great for sure. ;)
 
  • Like
Reactions: ravi prakash saini, HarborFront, Solarquest and 1 other person
H

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,140
Last edited:
  • Like
Reactions: ravi prakash saini and frogboy
Warrior

Warrior

Level 4
Verified
Sep 2, 2014
179
There is no best method or firmware It depends on whats best for u and your Router
the method I prefer is flashing using the routers own Firmware Restoration Software from the pc,
As for firmware My ASUS can run Advanced tomato and DD wrt + Asuswrt + tomato
but not Openwrt
It best to find the firmware that supports your router and your needs
like
Network management and Deep Package Inspection
Built-in OpenVPN or Bandwidth Monitoring,

I don't recommend flashing with third party software ,
I use Advanced tomato my self ,
I would think most if not all Router manufacturers collect this data now , so why use their software if one dose not need to .
 
  • Like
Reactions: ravi prakash saini, HarborFront and frogboy
H

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,140
Warrior said:
There is no best method or firmware It depends on whats best for u and your Router
the method I prefer is flashing using the routers own Firmware Restoration Software from the pc,
As for firmware My ASUS can run Advanced tomato and DD wrt + Asuswrt + tomato
but not Openwrt
It best to find the firmware that supports your router and your needs
like
Network management and Deep Package Inspection
Built-in OpenVPN or Bandwidth Monitoring,

I don't recommend flashing with third party software ,
I use Advanced tomato my self ,
I would think most if not all Router manufacturers collect this data now , so why use their software if one dose not need to .
Click to expand...
My router is ASUS RT-AC5300. Which open source firmware is best for it?

BTW, you heard of PORTAL router? It seems fantastic

Portal WiFi - Home
 
Last edited:
  • Like
Reactions: ravi prakash saini and frogboy
H

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,140
Warrior said:
dd-wrt for the RT-AC5300
new beta is here ftp://ftp.dd-wrt.com/betas/2017/03-21-2017-r31722/asus-rt-ac5300/
PORTAL looks good
flash at your own risk ,, and have ASUS firmware ready to reflash encase of any issues.
Click to expand...
BTW, can you advise how can I protect my IoT devices if I flash my ASUS RT-AC5300 with say DD-WRT?

ASUS's stock firmware has TrendMicro anti-malware protection built-in against IoT malware infection. I don't like ASUS(with TrendMicro) stock firmware for its personal data collection but it gives protection to IoT devices.
 
  • Like
Reactions: ravi prakash saini
Warrior

Warrior

Level 4
Verified
Sep 2, 2014
179
With DD-WRT u have 2 choices

1 Create a different subnet for each device. this can take some time,

2 Use guest networks to secure IoT “smart” devices

this will give protection to IoT devices while keeping your own home network
safe , u can find more info here DD-WRT Forum :: Index
along with help and support from DD-WRT Guru's an expert's /developers
 
  • Like
Reactions: HarborFront
H

HarborFront

Level 72
Verified
Top Poster
Content Creator
Oct 9, 2016
6,140
Warrior said:
With DD-WRT u have 2 choices

1 Create a different subnet for each device. this can take some time,

2 Use guest networks to secure IoT “smart” devices

this will give protection to IoT devices while keeping your own home network
safe , u can find more info here DD-WRT Forum :: Index
along with help and support from DD-WRT Guru's an expert's /developers
Click to expand...
Thank you very much
 
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
Details of the vulnerability in NETGEAR Nighthawk WiFi6 Router (RAX30 AX2400)
Replies
1
Views
880
News Archive
enaph
enaph
silversurfer
    • +Reputation
    • Like
    • Wow
Security News TP-Link Gaming Router Vulnerability Exposes Users to Remote Code Attacks
Replies
5
Views
2,219
Security News
I Walk MY Way
I Walk MY Way
vtqhtr413
    • +Reputation
    • Like
Security News ASUS warns of critical remote authentication bypass on 7 routers
Replies
1
Views
1,662
Security News
blackice
blackice

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top