Mixed feelings about this one, but want to throw it out there and have the discussion rather than pretend it did not happen or does not happen.
I am NOT going to relive it (far too stressful), but I had a very bad week (and a bit) of networking trouble at my house mid February 2016. Long story short, we went through 5 different routers before we found one that a) worked and b) that I could live with.
The router I ended up with is an Asus RT-AC3100.
Not that long ago, there is no way anyone should have used an Asus router on any network…..
the FTC found that the Taiwanese manufacturer’s routers had critical security flaws despite its promise to consumers that the devices can “protect computers from any unauthorized access, hacking and virus attacks.”
Hackers could easily exploit one of those bugs to access users’ web-based control panels and change their security settings. If the user isn’t exactly tech-savvy, someone with malicious intentions doesn’t even have to hack the device. He simply has to use ASUS’ default log-in credentials: username “admin” and password “admin.”
So, like most home router manufactures, they cut a LOT of corners on security and, well, pretty much ignored it.
They got caught. They got fined. And here is the interesting bit…..
Over the next two decades, ASUS’ routers and their firmware will undergo an independent security audit once every two years.
From here on, they have to hand over the code that runs on their (my) router and have someone poke under the covers.
If you are a regular reader, you will know that I am not running stock Asus firmware. This means that the code I am running has already been inspected three times. Once by Asus, once by the auditors and once by open source community that work on the firmware I use.
So yeah, mixed feelings. I wish all companies took security more seriously, but that is a hope wish dream…. So in the meantime, getting caught and having to show your cards every 2 years for the next 20 is better than nothing.