Some users of new Wi-Fi routers from Cisco's Linksys division complained this week that the company automatically updated the routers' firmware and pushed them toward a cloud-based administration service they didn't want.
Users posting on the Cisco Home Community forum and the U.K.-based site PC Gamer said they had turned on their Linksys EA3500 and EA4500 routers earlier this week and found they were running a new firmware version. The new firmware presented a login screen for the Cisco Connect Cloud instead of the LAN-based router management interface that had come up previously, they said.
Some voiced concerns about the security of cloud-based LAN administration and didn't want to set up accounts on Cisco Connect Cloud. They were able to bring up a local, non-cloud management interface after disconnecting the router from the Internet, but that interface lacked most of the features they had been used to with the previous firmware, the posts said.
On Friday, an administrator in the Cisco forum posted a link to official instructions for downgrading the routers' firmware to the previous, non-cloud version. Some commenters had said earlier that Cisco had sent them the old firmware when they complained. But some people on the forum had already said they were fed up and would return their routers. Linksys did not respond to a request for comment on Friday.
The EA3500 and EA4500 were introduced in April. They are high-end models for Linksys, which is Cisco's brand for home and small-office networking, and are designed to be able to run third-party applications. When it introduced the routers, Cisco said it would offer free software in June for managing them remotely through a new service called Cisco Connect Cloud. The company announced availability of the service on Wednesday. The cloud service is intended to let people manage their home networks from smartphones, tablets and Web browsers and remotely change settings such as parental controls, guest access and traffic priority.
Several users said they were surprised to discover firmware upgrades Tuesday that pointed them toward the cloud service.
"I do not want this. A cloud interface is not what everyone wants. Stop trying to make decisions as a corporation and what you think the people need. Options is what people actually desire," wrote a commenter named "combsmsteven" on the Cisco Home Community forum.
On the PC Gamer forum, user "Lunatitch" posted a screen shot of the new start screen.
"Note that in the picture, the 192.168.1.1 unroutable (internal) network address used for accessing the admin panel for my router won't let me log in without signing up for a Cisco Connect Cloud account. I just finished talking to tech support, who confirmed there is no way around this," Lunatich wrote.
Cloud-based router management is not necessarily less secure than the traditional method of logging into the device over the LAN, said Farpoint Group analyst Craig Mathias. Any router connected to the Internet may be susceptible to an outside attack, he said. And management from the cloud is more convenient because it can be done from anywhere, he said.
"We see cloud-based management as ultimately the dominant vehicle ... for almost everybody," Mathias said.
However, Mathias warned against allowing automatic firmware or software upgrades.
"If someone hacks that interface, they can load any firmware they want into your router," he said. Some users complained that when they discovered the problem and tried to turn off automatic firmware updates, they couldn't. The rollback instructions posted Friday included directions for turning off that setting.
Another concern raised in user comments came from Cisco's privacy policy for the Cisco Connect Cloud. "When you use the Service, we may keep track of certain information related to your use of the service," the policy said. Among other things, that data may include how much traffic is going through the router every hour; that information includes the Internet history from the home network, the policy said.
In the policy, Cisco said it "may share aggregated or anonymous user experience information with service providers contractors or other third parties," but that the data would not personally identify the user in any way.
Mathias condemned that practice.
"There is no legitimate reason for them to do that, other than they want to make more money," he said.
see original article at PCWorld
0 comments:
Speak up your mind
Tell us what you're thinking... !