Beware with the end of life. That old router you have in your house, could be a nest full of abominable malware capable of infecting all the computers connected to this device, and not because you did anything wrong, no, but because the manufacturer might have stopped offering security updates if the support period of the computers they manufacture has passed.
Of course, this doesn’t just happen with routers. Any product (hardware) has its life cycle, after which it is no longer supported and the updates disappear. It happens for example with our mobile phones and with our computers or their components, and in all cases the problem is that these computers are exposed to the discovery of new vulnerabilities that will never be patched.
One of the latest examples of this problem can be found in certain D-Link routers, which are quite old and were mainly sold outside Europe, but where a vulnerability has been discovered that allows remote code execution. These routers are no longer officially supported, so the only logical solution is, as with all other hardware that ends up being vulnerable forever: replace them with a new device.
End of Life or planned obsolescence
Let’s face it. Hardware manufacturers create equipment that, like humans, has a limited lifespan, and they often define lifecycles and support cycles for their products that run out of steam over time. When those lifetimes end, they stop giving updates to those products, which can cause serious problems in some cases.
This is something very well known and if not, let the Windows operating system say so, which in its different versions has been counting on various periods in which the updates arrive without problems for a long time.
Then come extended periods with security updates, after which the operating systems no longer have official support, something that is nothing more than a “forced” invitation to open your wallet in order to buy the latest jump to the new versions of these developments.
With Windows XP a somewhat different situation has arisen, and Microsoft extended support well beyond its life cycle due to the great popularity of this operating system years after the official update period ended, which demonstrated something clearly well known: if manufacturers wanted it, their products could last forever.
Those who continue to use these unsupported operating systems risk a cybercriminal taking advantage of some new system vulnerability to break into computers governed by such obsolete software.
The same story is told in Apple’s offices, which not only stops supporting their computers after a certain time, but also offers “upgrades” for their products that make them much slower, so that people are forced to buy a new device. In fact, Apple has recently been ordered to pay a multi-million dollar fine for this illegal practice of planned obsolescence.
Adding to Apple’s problem is the fact that it was recently discovered that Checkm8 is a perpetual exploit for various iPhone models such as the iPhone 4s which has long since been out of date and which breaches the security of those devices and consequently all the information they store, receive or transmit.
Another good example of protocols and standards that remain unprotected and without updates, is the first version of the SMB protocol for networking that was a real sieve for hackers, which generated real security disasters like WannaCry through the EternalBlue exploit.
The case of the old D-Link routers that are no longer updated
In the same case, a family of D-Link routers has recently been placed in which a critical vulnerability has been revealed that allows remote code execution and puts its users at risk. D-Link is no longer updating these routers because the official support cycle has ended, so this is a clear example of vulnerable hardware forever. And more and more cases are being added every day to the list.
The Fortinet firm and its FortiGuard Labs division recently indicated that several of D-Link’s older routers are affected by a vulnerability (CVE-2019-16920) discovered in September 2019. The affected models are the DIR-655, DIR-866L, DIR-652, and DHP-1565 families.
After discovering the problem and communicating it to D-Link, the firm indicated that these products have already exceeded their useful life cycle (they are in the End Of life phase), and therefore no patches will be offered to correct the problem.
The D-Link DIR-655 is a product with several editions that were launched between 2006 and 2013, and as indicated by their own manufacturers, are old and discontinued models that are out of the support period, and this is something that affects very old routers, more than ten years of manufacture.
This poses a problem for users, but it is only the latest example of a situation which, as we say, is global and serves as a lesson for both the manufacturers and the users who buy these products, and that lesson is the lesson of life itself: everything has a beginning and an end.
In some cases the manufacturer may release security updates for these discontinued products, but there are many more occasions when these products have a vulnerability that is never patched and puts their users at risk.
Experts recommend taking the end of life cycles of electronic products very seriously, to replace them in their hardware and software when necessary.
However, the only thing that is certain is that dealing with this side effect of planned obsolescence of electronic devices is very complicated in many scenarios.