Ruckus Router Breach

I can understand why routers purchased for business/professional use do not want auto-update firmware, but still seems a better idea would be to have auto-update enabled by default and allow it to be disabled rather than not having any auto-update option. Ruckus routers are primarily for businesses, not homes.

A security researcher has found several vulnerabilities in a number of Ruckus wireless routers, which the networking giant has since patched.

While auto update might work for small to medium or 9-5 businesses, enterprise need these things to be tested properly before a planned push into production.

You’re right though, for the devices that nobody is looking after properly then these things doing it for themselves is much better than it not happening at all!


Testing and planned downtime are the key reasons why you can’t auto-update business equipment.

We have Windows servers that can’t be updated, because it would break the software running on them. We have to wait for the OK from the software supplier, before we can patch servers - sometimes, when something like BlueKeep comes out, we will patch that specific problem, but if it breaks the software, we are on our own, because we have broken the terms of the support contract.

Likewise, if you have several plants working 24/7 all working off the main ERP system at HQ, you can’t just update the routers willy-nilly. Often the routers will stop talking to each other if they don’t have the same firmware revisions - especially a problem when you have routers on failover, you have to coordinate the update of both routers in the right order, otherwise you lose connectivity or redundancy.

So you have to have a planned window to perform upgrades, and hopefully a spare piece of kit to perform the update on first, to test that it still works reliably and doesn’t destroy the settings.