Google’s New OnHub Router Offers Automatic Security Updates

Security experts have broadly welcomed Google’s newly unveiled home and SOHO Wi-Fi router, claiming its automatic update functionality should help fortify the device against attack.

The OnHub has yet to be released but promises something dramatically different to the usual home router box: power and usability.

In a novel pint glass design, Google has fitted 13 antennas in a circular pattern – six 2.4GHz antennas, six 5GHz antennas, and a congestion-sensing antenna.

In addition, everything can be managed by the user from a handy Google On app – which should avoid helpdesk calls and failed efforts at troubleshooting via the router’s blinking lights.

But most important from a security perspective is that the device is automatically updated over the air and won’t run unless it’s on the latest OS version.

This will finally surmount the issue with many Wi-Fi routers in that vendors often take months to fix serious flaws in the firmware, and even once patches are available, few home users or even network admins get round to applying them.

“It is easy for potential attackers to scan the internet and locate routers that are vulnerable to well-known exploits. Most of time the owners of the routers will not know that their device is vulnerable, that a patch exists, and even if they do, they may then lack the knowledge to apply the patch,” MWR InfoSecurity consultant Guillermo Lafuente told Infosecurity.

“This leaves end users open to attack even years after a patch has been released. Google’s idea has the potential to significantly increase security for end users in this respect.”

Stephen Coty, chief security evangelist at Alert Logic, added that the feature will also benefit SMB users who don’t have an IT manager in-house.

“The added functionality of the mobile device gives a lot of flexibility to the end user to monitor and manage their device remotely,” he told Infosecurity.

However, not all the feedback was positive.

Imperva CTO, Amichai Shulman, claimed automatic updates don’t necessarily make devices more secure.

“I think that most problems with home routers – as well as most vulnerable business routers – has to do with bad configuration, back door accounts and weak passwords,” he told Infosecurity.

“How can users make their router as safe as possible? Very simple: use strong password for the management function and make sure the management interface is only accessible from the internal network.”

What’s Hot on Infosecurity Magazine?