[scott_karana]

I know the Surfboards originated from Motorola, so there's a faint hope that they're okay...

[tomschlick]

I bought mine from Target 3 months ago and it still looks like it is running Motorola firmware even though it has an Arris logo stamped on the front of the device.

https://s3.amazonaws.com/tomschlick-screenshots/BGYfaCbLVEsB...

[Washuu]

Yep, they still run Motorola firmware.

I discovered a few months ago Comcast is able to push firmware updates to customer owned modems without permission. So even if the backdoor is not present now there is no way to trust it will never be pushed to the devices.

[oakwhiz]

From what I've seen, most ISPs running DOCSIS networks are able to do this with CPE (Customer Premises Equipment.)

[tomschlick]

Thats worrisome. I knew they could ping for info/reboot it but had no idea they had write access to the device.

[wmf]

Cable modems are based on a pre-Carterphone philosophy that the modem is an extension of the ISP and is completely owned (and 0wned), configured, updated, etc. by the ISP. They let you buy your own, but that doesn't change the protocol.

[tomschlick]

Makes sense. If they were to update something in their auth protocol or need to patch a security issue most people wouldn't have the tech chops to update firmware.

[ikeboy]

It should be auto-update but with the option to disable updates. So only technical people will turn that off.

[johncolanduoni]

How does this change anything? You can accept the update, or just let it will stop working with their network. And how is the new update any different in terms of trust than the initial carrier-specific update the modem gets when you activate?