Home Routers and Data collection.

Home Routers and Data collection.

Earlier this year Netgear put out a memo that the new firmware for their Nighthawk routers would start collecting analytic data of all network traffic that went through it. This data includes1:

  • information regarding the router’s running status,
  • number of devices connected to the router,
  • types of connections,
  • LAN/WAN status,
  • WiFi bands and channels,
  • IP address, MAC address, serial number,
  • similar technical data about the functioning and use of the router and its WiFi network.

Now Netgear is saying that it collects this data only for

  • isolate and debug general technical issues,
  • improve router features and functionality,
  • improve the performance and usability of NETGEAR routers.

For example, such data may help NETGEAR get any early notification of Internet or WiFi disconnects in a firmware and help identify root causes in order to fix them quickly.1

This isn’t too much of a problem if it is true but for the security cautious I recommend disabling this functionality because there is no reason for them to have all that data the issues they say they are looking into. Why would they need the IP address, MAC address or serial number of a connected device?

To opt-out you can do this at the beginning after installing the new firmware by checking the opt-out option after the firmware install. If you have already installed the firmware and didn’t opt-out then you still can do it now by following the steps below2.

Launch a web browser from a computer or mobile device that is connected to the network.

  1. Enter http://www.routerlogin.net.
  2. A login window opens.
  3. Enter the router user name and password.
  4. The user name is admin. The default password is password. The user name and password are case-sensitive.
  5. The BASIC Home page displays.
  6. Select ADVANCED > Administration > Router Update.
  7. The Router Update page displays.
  8. Scroll down to the Router Analytics Data Collection section.
  9. To enable router analytics data collections, select the Enable radio button.
  10. To disable router analytics data collections, select the Disable radio button.
  11. To view the type of data that might be collected, click the router analytics data link.
  12. Click the Apply button.
    Your settings are saved.

The other router company we are going to look at is ASUS and their router firmware asuswrt. They have a really neat function of being able to prioritize devices in your house using QOS service to make sure that streaming devices have network priority. This is nice to make sure that all of your videos and tv content is coming through smoothly but there is a huge catch. They collect and transmit data about websites you visit to Trend Micro if you use any of the feauters listed below that are apart of ASUSWRT3:

  • Apps/traffic Analysis
  • Bandwidth Monitor
  • Network Analyzer
  • Network Protection (AiProtection), blocks known malware domains
  • Parental Controls, including time scheduling
  • Quality-of-Service
  • Web History

When you use any of the above functions you will be presented with a EULA from Trend Micro to read and agree to. The end of the EULA you find the section to “Privacy” Below are some snipits of that EULA3:

“[…] certain information (“Forwarded Data”) to be sent to Trend Micro-owned or -controlled servers for security scanning and other purposes as described in this paragraph. This Forwarded Data may include information on potential security risks as well as URLs of websites visited that the Software deem potentially fraudulent and/or executable files or content that are identified as potential malware. Forwarded Data may also include email messages identified as spam or malware that contains personally identifiable information or other sensitive data stored in files on Your router. […]”

[…] “Trend Micro reserves the title, ownership and all rights and interests to any intellectual property or work product resulting from its use and analysis of Forwarded Data.”

The EULA also holds the devices owner responsible for notifying anyone else using the router that their network data may be recorded and shared with Trend Micro.

So for the two facts above I would recommend NOT even buying an ASUS router and if you already have one I recommend that you very quickly flash the firmware over to DD-WRT if compatible, you can check compatibility here: https://www.dd-wrt.com/wiki/index.php/Supported_Devices. If not compatible I recommend you go buy something else if you can

 

Sources:

  1. https://kb.netgear.com/000038663/What-router-analytics-data-is-collected-and-how-is-the-data-being-used-by-NETGEAR
  2. https://kb.netgear.com/000038661/How-do-I-Enable-Disable-Router-Analytics-Data-Collection
  3. https://ctrl.blog/entry/review-asuswrt