|Router Security||Firmware Updates||
Website by |
Updating the firmware on a router is a major pain the neck. While every article about routers says to regularly update the firmware, none talk about the problems. Here is my list of "issues" with firmware updates:
For an example of an Asus router update process that confused me (no documentation on what to expect) see A router firmware update goes bad. Not to pick on Asus, but in an August 2014 review of the Asus RT-AC68U router in PC Magazine Samara Lynn wrote "I was able to manually upgrade the newer router without a hitch ... This is an improvement over the quirky behavior I experienced when trying to upgrade the RT-AC66U's software." Quirky?
There are a number of ways that the owner of a router can learn about the availability of new firmware.
I have seen three different approaches for updating the firmware.
The worst approach requires you to download a file to your computer, and then upload it to the router. I call this is the worst approach because it requires the most work. I have also seen instances where the downloaded file was compressed and needed to be uncompressed, a fact not explained by the vendor. I have also seen the download include multiple files, only one of which was supposed to be uploaded to the router. Needless to say, this wasn't explained either.
A far better approach is where the router completely handles the update. The router owner says to upgrade from version x to version y and the router does so without the need for files to be manually downloaded and then uploaded. Click a button and let it go.
The third approach is rare, and I have yet to experience it first hand. This is the most automated scheme, the router does everything: it checks for new firmware on its own and when there is an update, it installs it, all by itself.
At first this sounds like a good idea, but there may be gotchas. For one, the router may not backup the current settings before upgrading the firmware (see below). Then too, you have scheduling issues. It can be quite inconvenient for the router to reboot itself whenever it feels like it. And, if something all of a sudden goes wrong, you may not realize that the router just recently upgraded the firmware which may explain the new problem.
In August 2015, Google announced a new OnHub router that they say will self-update. I have read that some Verizon FIOS ActionTec gateways can self-update and that a Linksys router gives you the option to install updates automatically at night. In August 2014 the EFF and OpenWireless.org were working on firmware that would self-update via Tor but that project went nowhere. If you know of any other routers that self-update, let me know.
What to do?
On a new router, I would do the firmware upgrade pretty much first thing to minimize the danger. See the New Router page for more. For an existing router:
When it comes to firmware updates, Peplink is the Rolls Royce of routers. You get the first taste of this, when you update the firmware. Before it does anything it reminds you that its a good idea to save the current configuration. I have seen this on their Balance line and the Surf SOHO. Their travel router however, does not have this automated reminder.
What really separates the men from the boys however, is that Peplink/Pepwave routers maintain two copies of the firmware. The screen shot above illustrates that my preferred router, the Pepwave Surf SOHO can be rebooted to run either firmware version 6.2.1 or 6.2.0. I have also seen that their Balance line (high end) and their travel router (bottom of the line) also keep two copies of the firmware.
This eliminates almost all the risk involved in firmware upgrades. It's great Defensive Computing. If new firmware causes a problem, just re-boot to fall back to the prior release. The only downside is that when you download new firmware, the router reboots into it immediately. If you don't want to use the new firmware, however, just reboot back to the tried and true older version.
I have seen a Linksys Smart WiFi router (the EA6200) that also offered to reboot into the prior firmware. It didn't say what the prior version was, but still, it's a nice option to have. I have also been told that the Linksys WRT1900ACS supports two installed copies of the firmware, but that it is not documented. The secret handshake for the WRT1900ACS to switch firmwares is to turn it on and off three times. Or, if you can get into terminal, the fw_setenv command can switch the boot firmware. I can't confirm this.
If you know of other routers that maintain two copies of the firmware, please let me know.