Netgear has added an unwelcome guest in the newest firmware update for its popular upscale Nighthawk R7000 router.
It's collecting and uploading user data. After being dogged by some firmware glitches last year, Netgear has taken the decision to keep an eye on what its high-end router is doing, including IP and MAC addresses of your activity.
A support page entry explains: "Technical data about the functioning and use of our routers and their WiFi network can help us to more quickly isolate and debug general technical issues, improve router features and functionality, and improve the performance and usability of our routers.
"Such data may include information regarding the router's running status, number of devices connected to the router, types of connections, LAN/WAN status, WiFi bands and channels, IP address, MAC address, serial number, and similar technical data about the use and functioning of the router, as well as its WiFi network."
Last December, the US Computer Emergency Readiness Team (CERT) went as far as to warn customers to stop using certain models of Netgear routers, including the R7000, because there was a risk of a code injection being applied which could potentially infect a whole network.
All credit due to Netgear, however, who began rolling out fresh firmware to plug the patch within a week, and before we all stopped to eat turkey and shout at relatives, as is the December custom. It does however raise the question of whether this much information is justified, even with the most benign of intentions.
Our insider at Netgear has confirmed that you do have the option to turn this off in the router interface, but it is on by default. This doesn't worry us too much as the type of people to own a Nighthawk router are probably savvy enough to know how to turn it off. It was also confirmed that this feature is only enabled in the R7000 model, not the more recent R7800 or any other product in the range. But a precedent has been set, which always gets experts’ alarm bells ringing.
Download SafeUM — communicate privately, without advertising and spam.