In a world where users should have control over their own computers, it is the customer who should have SSH access, not AT&T. But as you all know, most times the customer does not own the modem. One well-known workaround is for the customer to use their own modem or to use their own router as a gateway to the modem. But does this really give the user more contorl over the modem/router?
These user-owned modems/routers usually do not encourage SSH access by the user, if they even provide it. Instead they promote a "web interface". Indirect control of the settings. Better than SSH? That is for you to decide.
The "market" seems to love the "web interface". But this often the easiest vector for successful attacks. Less control, and less safety. Is the tradeoff still worth it? That is for you to decide.
Relying on "Keep up to date with patches" or "Enable updates" as a strategy to improve the safety of a product that was unsafe to begin with is a bit of cognitive dissonance given that its safety was deemed "good enough" for the renter/purchaser at the time of rental/purchase. To achieve a safer product requires not only manufacturers to set new priorities but also consumers as well.
How important is that "web interface"? More important than safety? And why not configure using SSH instead? Whatever the reasons, tradeoffs have consequencesre: safety.
These user-owned modems/routers usually do not encourage SSH access by the user, if they even provide it. Instead they promote a "web interface". Indirect control of the settings. Better than SSH? That is for you to decide.
The "market" seems to love the "web interface". But this often the easiest vector for successful attacks. Less control, and less safety. Is the tradeoff still worth it? That is for you to decide.
https://threatpost.com/vulnerability-disclosed-in-ubquiti-ne...
https://www.sec-consult.com/fxdata/seccons/prod/temedia/advi...
http://www.securityweek.com/worm-infects-many-ubiquiti-devic...
Relying on "Keep up to date with patches" or "Enable updates" as a strategy to improve the safety of a product that was unsafe to begin with is a bit of cognitive dissonance given that its safety was deemed "good enough" for the renter/purchaser at the time of rental/purchase. To achieve a safer product requires not only manufacturers to set new priorities but also consumers as well.
How important is that "web interface"? More important than safety? And why not configure using SSH instead? Whatever the reasons, tradeoffs have consequencesre: safety.