Site icon Sophos News

Feel free to hack your Wi-Fi routers, says FCC

Router

No, the feds will not come and knock down your door if you tinker with your Wi-Fi router.

That’s what the Federal Communications Commission (FCC) had to say on Thursday, as it reassured people who, rightfully enough, had cause to think otherwise.

In March, the commission had apparently banned the use of third-party firmware on Wi-Fi routers when it issued a Software Security Requirements document that said manufacturers applying for equipment authorizations should explain “what prevents third parties from loading non-US versions of the software/firmware on the device” and to …

Describe in detail how the device is protected from 'flashing' and the installation of third-party firmware such as DD-WRT.

DD-WRT is a Linux-based, open-source firmware used on a variety of Wi-Fi routers.

It’s one of a few open-source firmwares that people use to get more control over their devices and to add a user interface that’s not as clunky as routers’ default GUIs.

The proposed rule only affects devices operating in the U-NII bands: that’s the portion of the spectrum used for 5GHz Wi-Fi.

The FCC on Thursday issued an updated version of the guidelines, saying that it hadn’t intended to encourage manufacturers to prevent all modifications or updates to device software.

Rather, the goal was to secure devices against tweaks that would take a device “out of its RF [radio frequency] compliance” by, for example, causing a device to emit frequencies, types of modulation, or power levels that could interfere with other systems.

Telecom policy expert and Senior VP of Public Knowledge Harold Feld told TechDirt that one such example is interference at airports:

We had problems with illegally modified equipment interfering with terrestrial doppler weather radar [TDWR] at airports. Naturally the FAA freaked out, and the FCC responded to this actual, real-world concern.

Julius Knapp, Chief of the FCC’s Office of Engineering & Technology, said in a post on Thursday that the revised guidance clarifies that the FCC’s instructions were narrowly focused on modifications that would take a device out of compliance.

Some commenters on the FCC post thanked the FCC for clearing the air, but others were less impressed.

One such, Ken Arromdee, noted that the clarification doesn’t address the problem, which is that manufacturers can’t, or won’t, selectively lock down just RF:

The problem is that even if the ruling doesn't require that manufacturers lock down the whole router, it's not practical to lock down just the RF part, so the ruling is going to end up making manufacturers lock down the whole router anyway.

And they're not going to redesign the router to put the RF into a separate part just so that they don't need to lock the whole thing, since locking the whole thing is much cheaper.

Hackaday’s Brian Benchoff, for one, agrees, noting that while the proposed rule only affects the radios inside these devices, nowadays, most routers pack the CPU and the radio onto the same chip.

That means you can’t discriminately tinker with one without also modifying the other, he writes:

Because of the economics of cheap routers, nearly every router is designed around a System on Chip – a CPU and radio in a single package. Banning the modification of one inevitably bans the modification of the other, and eliminates the possibility of installing proven Open Source firmware on any device.

So while the FCC well might not have intended to ban open-source firmware, it seems that there are still fears that this could be an unintended result.

Image of workmen on router courtesy of Shutterstock.com

Exit mobile version