Who and how can update cable modem firmware?

Question

This might sound stupid question, but I need to know: can only my ISP update the firmware of my cable modem? Or can I do it? And if yes, should I? I have vague memory of once updating something using my PC after AVAST gave false alert about network being compromised (it was later solved as their screw-up).

I can not remember what I updated, just tinkering in panic and updating something from PC I have no found again later.

So I need to know - is it possible to update modem firmware myself? And could I ruin something about modem from PC side?

Answer 1

It doesn't matter at all if you own the cable modem or not. Providers have policies (for several good reasons) about how endpoints are managed and most of them (especially the big ones, Comcast, Cox, Charter/TWC/Spectrum, etc) require that in order to connect to their network, your cable modem must run their firmware. Its not even a choice, during initial connection handshake the cable modem downloads the appropriate firmware (every time, no matter what) and runs it. Trying to update the firmware to some other version, if even successful, would only result in losing connectivity until you reboot the modem, at which time it will load again from the network.

Now, its important to not confuse the cable modem with the router/firewall gateway device, in most circumstances these are two different pieces (the modem is strictly responsible for providing IP/ethernet connectivity over the coax, nothing more) so a much different answer would apply if you ask the same question about your router/firewall device.

Answer 2

It depends if the ISP has granted you access to the cable modem or not. Most ISPs don't change the default credentials for the cable modems. You can easily Google your cable modem manufacturer for default credentials.

Once you have the default credentials, connect the PC directly to the cable modem (Don't use any device between your PC and Modem, while updating). Login in to modem configuration panel. Search the Cable modem manufacturer's website for latest update for your device.

Once you have downloaded the update, upload the new firmware to the modem configuration panel.

If the update is successful, the modem will work proper but if not, then the device won't have any firmware. Mostly, everything works fine if done properly.

Answer 3

This is going to depend on your ISP - it isn't something that we can definitively say. Likely, if your ISP owns the cable modem, they may not grant you access to do that. Then again, they might. A question for them.

If you are concerned about the security of this device (which is great) or are concerned about the integrity of the ISPs network (or about anything the ISP might do, like inserting ads or messages into http traffic), my advice would be to first ensure there is hardware you own between your devices and the cable modem and to ensure that that hardware has good passwords and is kept up to date - product recommendations are off topic here, but there are some good open source router firmware replacements out there that might be more reliable and secure than factory default ones.

Secondly, don't allow unencrypted traffic to go out over the modem, wherever possible. You can do this either by using https everywhere (this takes work, though there are browser plugins that automatically update to https where available) or by using a VPN (this just moves exit point, though, and requires you to trust the VPN provider - https everywhere is still an excellent idea)