Reply to post: Grimm

Netgear was told in January its routers can be hacked and hijacked. This week, first patches released – after exploits, details made public

RM Myers


"Grimm: publishing an in-depth advisory showing how to exploit the holes, and released full, working proof-of-concept exploit code".

I feel really conflicted about this. Yes, Netgear should have patched their routers. But how many home users update the firmware even when an update is available. I'm on my 4th router, and none have ever had a process to notify me that an update was available, let alone actually automate the updating. I have made it a habit to check Asus's website on patch Tuesday (my current router is from Asus), but does anyone really believe more than 10% of people ever check for updated firmware, if the router is still working.

Given that reality, why publish exploit code so any jackass with time on their hands can hack people's networks. Until we have processes in place to make router (and other internet connected IOT devices) updating simple and a common practice, this seems like nothing more than showboating which hurts security, rather than helping. Free advertising for Grimm, but hardly a benefit to security.


POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon