Computer hardware can last a really, really long time. It very rarely just dies as long as the hardware is well ventilated and cooled appropriately. A quick search on Ebay can find computer components that date even as far back as 2008! So when hardware lasts this long, what is the harm in keeping it running? Why buy anything new unless you need a new feature or the hardware is too slow? Well, sometimes it comes down to companies no longer supporting products with security updates. That can be dangerous for you.
The D-Link problem
Last month, it was discovered that certain D-Link Network Attached Storage (NAS) devices, storage solutions that sit on your network for all your devices to use, had a major security flaw. These devices were phased out from support and considered end of life in 2017 but are still in use today. Successfully exploiting this flaw allows an attacker to run commands on the device leading to sensitive data being accessed or even denying the owner’s use of the device. With this discovery, the researcher who found this flaw also disclosed around 92,000 devices currently on the Internet available and vulnerable to this. Let me put it this way, this is serious and allows someone on the Internet who can see your device to take it over. Would you want something that you possibly store family photos on to be controlled by a bad person on the Internet? Probably not.
Here are the affected devices:
- DNS-320L Version 1.11, Version 1.03.0904.2013, Version 1.01.0702.2013
- DNS-325 Version 1.01
- DNS-327L Version 1.09, Version 1.00.0409.2013
- DNS-340L Version 1.08
I won’t get into the technical details of what D-Link did to make this possible, nor will I get into how easy it is to take advantage of it is. If you really want to read into it, you can check it out here. What I will point out is since these systems are end of life and no longer supported by D-Link, the chances of them receiving a software update to patch this problem is very unlikely.
Danger in phase outs
Just like the D-Link example above, when companies phase out products, it is no longer cost effective to continue updating the software in them. Years and years go by, and those companies are more concerned with new products and innovation. Whether it is a NAS in your home storing family photos or those great pictures of your dog, or the old Windows XP machine someone you might know still uses, eventually they stop receiving software updates. When that happens, you are then stuck with whatever the company last left with you – secure or not.
The physical hardware itself may still work just fine. The computer still runs, though slowly. The NAS still saves files, but with some dust on the outside. But inside, the software running on the device could contain bugs not yet found or worse, security issues that will be discovered at some point and disclosed.
Summary
I am not saying you should always go out and buy new devices. The point here is that it is important to know when a company will no longer service the device you have. While the device still turns on, that isn’t the only consideration, basically.
If you absolutely must keep an old device that is no longer getting updates, keep the device away from the Internet, and do not use it for anything critical.