|Router Security||Firmware Updates||
Website by |
Updating the firmware on a router is a major pain the neck. While every article about routers says to regularly update the firmware, none talk about the problems. Here is my list of "issues" with firmware updates:
For an example of an Asus router update process that confused me (no documentation on what to expect) see A router firmware update goes bad. Not to pick on Asus, but in an August 2014 review of the Asus RT-AC68U router in PC Magazine Samara Lynn wrote "I was able to manually upgrade the newer router without a hitch ... This is an improvement over the quirky behavior I experienced when trying to upgrade the RT-AC66U's software." Quirky?
There are a number of ways that the owner of a router can learn about the availability of new firmware.
I have seen two different approaches for manually updating router firmware.
The worst approach requires you to download a file to your computer, and then upload it to the router. I call this is the worst approach because it requires the most work. I have also seen instances where the downloaded file was compressed and needed to be uncompressed, a fact not explained by the vendor. I have also seen the download include multiple files, only one of which was supposed to be uploaded to the router. Needless to say, this wasn't explained either.
A far better approach is where the router completely handles the update. The router owner says to upgrade from version x to version y and the router does so without the need for files to be manually downloaded to your computing device and then uploaded. Click a button and let it go.
As routers are evolving, more and more can self-update. The owner of the router can remain blissfully ignorant of the need to update the firmware or even that firmware exists. But, self-updating can be done well or poorly. For one, the router may not backup the current settings before upgrading the firmware. Then too, you have scheduling issues. It can be quite inconvenient for the router to reboot itself whenever it feels like it. And, if something all of a sudden goes wrong, you may not realize that the router just recently upgraded the firmware which may explain the new problem.
There is a list of self-updating routers on the Resources page. The Security Checklist page has details on what separates the men from the boys when it comes to self-updating firmware. Finally, the Firmware Self-Updating page has details on how some vendors respond to this checklist.
What to do?
On a new router, I would do the firmware upgrade pretty much first thing to minimize the danger. See the New Router page for more. For an existing router:
When it comes to firmware updates, Peplink is the Rolls Royce of routers. You get the first taste of this, when you update the firmware. Before it does anything it reminds you that its a good idea to save the current configuration. I have seen this on their Balance line and the Surf SOHO. Their travel router however, does not have this automated reminder.
What really separates the men from the boys however, is that Peplink/Pepwave routers maintain two copies of the firmware. The screen shot above illustrates that my preferred router, the Pepwave Surf SOHO can be rebooted to run either firmware version 6.2.1 or 6.2.0. I have also seen that their Balance line (high end) and their travel router (bottom of the line) also keep two copies of the firmware.
This eliminates almost all the risk involved in firmware upgrades. It's great Defensive Computing. If new firmware causes a problem, just re-boot to fall back to the prior release. The only downside is that when you download new firmware, the router reboots into it immediately. If you don't want to use the new firmware, however, just reboot back to the tried and true older version.
I have seen a Linksys Smart WiFi router (the EA6200) that also offered to reboot into the prior firmware. It didn't say what the prior version was, but still, it's a nice option to have. I have also been told that the Linksys WRT1900ACS supports two installed copies of the firmware, but that it is not documented. The secret handshake for the WRT1900ACS to switch firmwares is to turn it on and off three times. Or, if you can get into terminal, the fw_setenv command can switch the boot firmware. I can't confirm this.
If you know of other routers that maintain two copies of the firmware, please let me know.