This site may earn affiliate commissions from the links on this folio. Terms of utilise.

The FCC is currently inviting open comments on its program to crave router manufacturers to lock down device firmware as a ways of ensuring that consumer devices can't operate in sure frequency bands or at power levels that violate FCC guidelines. While these requirements are made to guarantee that limited spectrum is allocated fairly and in a manner that minimizes interference, many accept raised concerns that locking downwards devices in this style will prevent open up source firmware projects from continuing as well as hampering critical security research.

Now, a group of more than 250 researchers and developers, including the Internet'due south gramps, Vint Cerf, have sent the FCC a letter of the alphabet proposing an birthday different prepare of rules that would actually mandate open up-source firmware while simultaneously protecting the FCCs original goals. There are multiple reasons, the letter argues, why open up-source firmware updates are a necessary part of securing the Net confronting assault.

The first problem is that existing router models are incredibly insecure. Hundreds of router models shipped insecure out-of-the-box and fundamental hacks continued to exist found in devices that ship today. While it's true that this is partly a problem of update policies (it'south relatively rare for consumers to update their router's firmware), shipping locked-down firmware would prevent inquiry into router bugs and hamper efforts to create secure networks. Today, open-source firmware similar DD-WRT provides at to the lowest degree some additional security to users knowledgeable enough to seek it out. If the FCC stops allowing firmware updates, that route volition close.

OpenWrt_3

Projects like OpenWRT are disquisitional to extending the life of older devices

Second, the team points out that with IPv4 addresses now wearied in the United states, IPv6 is going to be increasingly of import to future deployments — only the country of IPv6 in default firmware and older devices varies enormously. Without the ability to perform checks and verify proper operation, scandals similar VW — in which the regulatory bodies of the US and Europe were deliberately lied to and misled for over half a decade — get more than likely. While a rash of improperly secured WRT54G routers isn't going to ruin the air quality in the Usa, existence unable to perform certain kinds of evaluations and updates to business and some consumer hardware could expose critical information to corporate or inter-governmental espionage.

Paul Vixie, the CEO of computer security firm Farsight Security, told Motherboard about i recent router vulnerability that allowed hackers to redirect their victims' internet traffic to an advert server under their control. "At present, most people may non care nearly who gets what advertizing acquirement," Vixie said, "but the fact that [traffic] tin can be redirected at scale for hundreds of thousands of victims means that people [may end upward] going to a phishing site."

The letter acknowledges the need to protect sure radio functions from tampering, but calls on the FCC to require that companies go on other areas of the router open up and able to be modified as a means of protecting against these other problems. Whether the FCC will listen, or consider such changes, is still unclear.