Remix.run Logo
yukIttEft 3 hours ago

In Germany we have "Störerhaftung" where routerowners are responsible for everything that happens through their router.

I wonder how this would hold up in court, couldn't you argue that routers are generally buggy, how can they force any responsibility if they can easily be hacked?

hylaride 36 minutes ago | parent | next [-]

It would depend on the laws of the jurisdiction. I would imagine if you can show you kept the firmware up to date and had a secure as possible config (eg not having admin interfaces exposed to the internet), you could argue that there's no negligence - outside of maybe using a known insecure vendor; sometimes I think that would be a good idea (cough cough Fortinet).

Germany has some sensible laws about personal responsibility, like it being an offence to run out of gas on the autobahn and seriously treating driving in general as a privilege. But it requires a certain cultural mindset.

nerdsniper 3 hours ago | parent | prev | next [-]

Nearly every stock consumer router keeps getting these RCE’s. Perhaps that’s the point, they can get any arbitrary household in trouble if it’s expedient to do so.

cynicalsecurity 2 hours ago | parent | prev [-]

It won't work. You would need to back up your claim with proof that someone hacked your router. You can't drive a car that is easily breakable and expect the court to clear you of any responsibility if it causes harm because it broke while you were driving.

faidit 2 hours ago | parent | next [-]

An allegory here would be someone stealing an easily stealable car (e.g. doing the Kia Challenge) and causing damage or injury. The thief would be liable, not the owner

SoftTalker 17 minutes ago | parent [-]

Generally any damage done by a car is the responsibility of its owner. The owner will likely be sued anyway, because they have insurance and assets, and the thief (even if known) does not.

msh 2 hours ago | parent | prev [-]

But if it’s the isp delivered router they should carry the responsibility

wildzzz an hour ago | parent [-]

I would assume that liability is avoided when someone has done a reasonable effort to secure the device. The user needs to make sure they've secured their router from unauthorized access by using proper passwords. The ISP needs to make sure the router is delivered with the latest firmware and is pre-configured to be secure.

SoftTalker 10 minutes ago | parent [-]

The last few routers I've had from an ISP are totally turnkey. There's no configuration, no passwords set (maybe the local Wifi password), any config is done with an app that talks to the ISP, who then updates the router settings remotely. There isn't even an admin interface you can access from the local network side.