Netgear Routers Now Collecting Data On Users’ Networks

Matthew Broersma,
data protection, GDPR

Users must opt out of the data collection, which includes the IP and MAC addresses of devices connected to the network

Netgear has quietly begun collecting data on users’ networks via a popular router, saying the data is to be used to quickly isolate technical issues.

The feature was implemented in a recent firmware update to the NightHawk R7000, a top-selling model, but came to light only after a user mentioned it on the online forum Slashdot.

IP, MAC addresses collected

Netgear provided more information on the feature in an online technical support article, saying the data would be used to “more quickly isolate and debug general technical issues, improve router features and functionality, and improve the performance and usability of our routers”.

The data collected may include the router’s running status, the number of devices connected to the router, types of connections, LAN/WAN status, Wi-Fi bands and channels, IP address, MAC address, serial number, and other similar technical data, Netgear said in the article.

Netgear R7000
Netgear R7000 router

The move infuriated some users, particuarly since those who don’t want their data collected are required to manually change the device’s settings.

“I guess it is time to switch to a different brand,” one user wrote on Slashdot, while another argued the data would be useful to an attacker if it fell into the wrong hands.

For those who don’t want the data collected, Netgear provided step-by-step instructions for logging into the router’s control panel and turning the feature off.

But at least one user found the idea appealing, saying data collected from routers could be used to spot malicious activity.

“When you collect analytic data like this and feed it back into a correlation engine you can do analysis and look for things like widespread attacks, malware propagation,” the user wrote on Slashdot. “It would be nice to have an open source answer to this.”

Netgear didn’t immediately respond to a request for comment.

Data collection by Internet-connected devices is seen as an increasingly important privacy issue, due to the growing ubiquity of such gadgets in all areas of life, and is regulated under the GDPR rules set to come into force in the UK and Europe next May.

The collection of such data is also covered in the UK by the 1998 Data Protection Act.

Security bugs

In December Netgear’s home routers, including the Nighthawk R7000, were hit by a severe security bug that could have allowed attackers to gain access to the network. In response the company told users to turn the routers off while it worked on a firmware update to fix the problem.

All the affected models have now been patched by firmware updates, according to Netgear.

The company’s routers were also affected by a lower-severity issue in January, for which patches were widely available before the bug was made public.

Do you know all about security in 2017? Try our quiz!