Discovering and patching a global 0-day vulnerability

Since our founding in 2014, eero has been built on several core product principles. There are the ones customers see, like great industrial design and simple setup in minutes. And then there are those in the background that can be even more important – like regular automatic software updates, which, in addition to delivering new features and functionality, allow us to keep your eeros, network, and devices secure.

In 2017, a wifi vulnerability named KRACK (Key Reinstallation Attack) was discovered by Belgian security researchers, and eero moved to protect 100% of our customers in less than a week. Today, we are disclosing that earlier this year we updated the entire eero fleet – tens of millions of eeros across 28 countries – to close a new industry-wide security vulnerability discovered by our own Amazon Security team. Our customers and our partners don’t have to do anything; they’re fully protected.

What we found
Amazon Security constantly examines and tests our hardware, firmware, and software, and our internal research teams look for novel ways to improve security. During a regular, proactive security review, we discovered a previously unknown 0-day vulnerability affecting U-Boot, an open-source secure bootloader used in hundreds of millions of devices worldwide (including eeros) when powering on to load and initialize the operating system (OS).

What we did about it
Because our robust cloud update architecture allows for fast, secure, and automatic software updates to the entire eero fleet, we were able to move immediately. We built, tested, and deployed an updated version of U-Boot for all eero products where U-Boot is used for secure boot (Wi-Fi 6 eeros and later), and our cloud observability tools confirmed rollout health across the fleet, completing all updates by January 2025. Other Amazon products, like Echo, Ring, and FireOS devices were also thoroughly inspected and updated where necessary.

In parallel, we worked with the U-Boot Project, the U.S. Cybersecurity and Infrastructure Agency (CISA), Qualcomm, and other technology companies around the world to responsibly disclose the issue and coordinate a fix. When we find issues with the third-party components we use in our devices, we help fix the problem not just for our customers, but the industry as a whole.

Why eero is able to do this
Historically, routers have struggled with fragmented codebases and an inability to receive dependable software updates. eero is built differently:

• A common OS across our fleet: Unified software and long-term backward compatibility mean fixes can be developed and deployed quickly and consistently.
• Automatic, cryptographically signed updates: Every eero receives secure over-the-air updates with no logins, downloads, or manual restarts required. Customers never have to go firmware hunting.
• Resilient and safe updates: A power outage or device reboot during a firmware update won’t brick (make permanently unusable) an eero device, even for critical firmware like U-Boot that is the first piece of software to run when the device is powered on.
• Continuous Amazon security testing, including supply chain review, code audits, hardware and firmware fuzzing, penetration testing, automated vulnerability scanning, targeted vulnerability research, and bug bounty programs.
• Privacy by design: eero does not collect browsing history, DNS lookups, or personal traffic data – and never has. All data between eeros and the cloud is encrypted, and we implement strict access controls.

Why router security matters more now than ever
Your network increasingly sits at the center of your digital life: personal and business traffic and data, smart home devices, entertainment and streaming, payments and ecommerce, home security systems, and, most recently, AI assistants. Wifi is critical home and business infrastructure.

Our security commitment
Since 2016, eero has shipped over 150 eeroOS software updates, and we guarantee long-term software security updates for all eeros. We expect the pace to continue as we add new features and performance enhancements – and as threats evolve. Our commitment is to keep every eero secure, everywhere, automatically.

– Gabe Kassel (eero Head of Product, eero HQ – San Francisco) and Bryce Case (Amazon Security, Los Angeles)