Checklist 312: Disconnecting Connected Appliances
On this edition of The Checklist, we’ll cover:
- Unfixed bugs in Cisco routers
- How long do smart things last?
- Tips for buying (and owning) smart things
Vulnerable routers left unsupported
Cisco has told customers that vulnerabilities have been discovered in several of its routers—and that these vulnerabilities won’t be fixed.
The Hacker News says Cisco’s small business-focused RV016, RV042, RV042G, and RV082 model routers contain a couple of serious vulnerabilities. One would allow a bad actor to bypass authentication and elevate privileges by sending a malicious HTTP request to a router. The other could let a hacker gain high-level permissions and access data without having proper authorization.
So why, you ask, is Cisco not planning to fix these bugs?
The answer is that the router models in question are reaching end-of-life (EOL), meaning they’re no longer going to be supported by the manufacturer.
Sound familiar? It should, if you listen to The Checklist. It’s similar to the situation faced by some owners of Arlo home security cameras, discussed on Checklist 310: Old Tech and a New Year Checklist.
Cisco has offered a potential mitigation, but seems to suggest that it may not work for everyone. It will be up to companies to determine whether they should attempt the fix—or simply take their routers offline for good.
EOL by the numbers
If these stories have you asking whether your connected devices will lose support soon, you’re not alone! But unfortunately, it’s difficult to get clear answers from manufacturers about their EOL policies.
In the UK, a consumer advocacy group called “Which?” is trying to help. Which? has been studying various connected devices and home appliances, and investigating manufacturers’ EOL policies.
The group estimates that buyers can expect about 7 years of life from their TVs, and 11 years and 13 years for washing machines and dishwashers, respectively. However, if you look at the EOL policies for manufacturers, you’ll immediately see a problem. Samsung, for example, guarantees updates for smart TVs for just three years after launch. And note that this is launch, not purchase. In other words, they’ll support a TV for three years after they first release it to the market, not three years from when you actually buy the TV.
Other manufacturers offer longer-term support. Hisense, a maker of smart TVs in China, says it will support its TVs a full 10 years after launch. Bosch/Neff/Siemens supports their smart dishwashers and washing machines for 10 years as well.
But the bottom line is that it’s up to consumers to research life expectancies and EOL policies for the smart devices they purchase—or risk a nasty surprise in the future.
How to be smart about smart things
A recent Wirecutter article has some great advice about buying smart things that we’d like to second: Don’t buy any home appliance because of network connectivity, since you can’t guarantee that this connectivity will be there in the future. Instead, look for products that you genuinely like…even when they’re not connected to the Internet!
The article is worth reading in full, and contains some more specifics about the support policies of different manufacturers. It also closes with a few tips for safe IoT device ownership that may sound familiar to Checklist listeners and SecureMac blog readers, but which nonetheless bear repeating:
- Make sure your home Wi-Fi network is set up for security.
- Use a separate guest network for all of your smart devices if possible.
- Change default passwords and usernames on all IoT devices.
- Turn on automatic updates for connected devices whenever possible.
And a final word of advice from everyone here at The Checklist: Regularly check on older appliances to see if they’re still supported—and take them offline when support ends.