Do you have an example of a cable modem that blocks remote setting updates?
Both remote configuration and remote software updates are MUSTs in the DOCSIS spec[1], and my understanding is that the information in the configuration file is technically required for the modem communicate with the headend for anything more than bootstrapping. There’s no way to turn this off and have a functioning modem.
CableLabs enforces adherence to the DOCSIS spec, and there’s a certificate scheme that ensures that only certified devices gain access to the network, so I don’t see how a non-compliant device that allows users to block updates completely could ever be used with most ISPs. (I’m ignoring the possibility of extracting a valid certificate from a compliant device, of course—I’m talking about buying a non-compliant device off the shelf.)
There’s another configuration protocol, TR-069[2] which is more concerned with configuring the Wi-Fi side, and this is usually under user control in user-owned devices. This might be what you’re thinking of?
For ISP-owned DOCISS devices, even if the user switches TR-069 off, it could potentially be silently re-enabled by a remote software update.
Both remote configuration and remote software updates are MUSTs in the DOCSIS spec[1], and my understanding is that the information in the configuration file is technically required for the modem communicate with the headend for anything more than bootstrapping. There’s no way to turn this off and have a functioning modem.
CableLabs enforces adherence to the DOCSIS spec, and there’s a certificate scheme that ensures that only certified devices gain access to the network, so I don’t see how a non-compliant device that allows users to block updates completely could ever be used with most ISPs. (I’m ignoring the possibility of extracting a valid certificate from a compliant device, of course—I’m talking about buying a non-compliant device off the shelf.)
There’s another configuration protocol, TR-069[2] which is more concerned with configuring the Wi-Fi side, and this is usually under user control in user-owned devices. This might be what you’re thinking of?
For ISP-owned DOCISS devices, even if the user switches TR-069 off, it could potentially be silently re-enabled by a remote software update.
[1] https://www.cablelabs.com/wp-content/uploads/2015/08/CM-SP-O... (section 8.2.2 and 8.2.3)
[2] https://en.m.wikipedia.org/wiki/TR-069