Home > OpenWRT > New FCC Rules May Prevent Installing OpenWRT on WiFi Routers

New FCC Rules May Prevent Installing OpenWRT on WiFi Routers

Many cheap WiFi routers are sold with the vendor firmware, but the most popular ones likely also support OpenWRT, which some users may prefer as it is much more customizable. However, this may soon become more difficult according to a talk at the upcoming “Wireless Battle of the Mesh” which will take place on August 3-8 in Maribor, Slovenia.

tp-link_no_openwrtThe talk scheduled for August 6 at 15:00 is entitled “openWRT vs. FCC – forced firmware lockdown?” and Simon Wunderlich, the speaker, provided the following abstract:

The new FCC rules are in effect in the United States from June 2nd 2015 for WiFi devices such as Access Points. They require to have the firmware locked down so End-Users can’t operate with non-compliant parameters (channels/frequencies, transmit power, DFS, …). In response, WiFi access point vendors start to lock down firmwares to prevent custom firmwares (such as OpenWRT) to be installed, using code signing, etc. Since the same type of devices are often sold world wide, this change does not only affect routers in the US, but also Europe, and this will also effect wireless communities.
We would like to discuss:

  • What are your experiences with recently certified WiFi Hardware?
  • How can we still keep OpenWRT on these devices?
  • What can we suggest to Hardware vendors so that they keep their firmware open for community projects while still compliant with the FCC?

The rule in question is listed on the FCC website with the question “What are the software security requirements for non-SDR devices and what limitations apply to software configuration control for such devices?” and the critical part of the answer being “require all devices to implement software security to ensure that the devices operate as authorized and cannot be modified“.

It will be interesting to see how all this develops, and whether it will have some real consequences on the hackability of access points.

Thanks to Zoobab for the tip.

  1. pm7
    July 27th, 2015 at 13:41 | #1

    Seems to be same situation as bootloader lock in Android phones/tablets.
    It’s something that GPLv2 allow. GPLv3 requires producers to allow to modify software in the device they sell.
    Unfortunately, Linux is GPLv2 licensed. http://www.linuxtoday.com/developer/2010092000435OPKNMO
    But if the include any GPLv3 software, like gzip, they can be sued if user is unable to modify firmware in device he/she bought. Maybe 🙂

  2. anon
    July 27th, 2015 at 19:09 | #2

    Everyone in US starts to use Chinese devices which give a f%ck, and only a f%ck, about FCC rules? Rainbow WiFi campaign? Supreme Court gives a ruling, love wins again?

  3. Bibi
    July 28th, 2015 at 13:00 | #3

    So am I to use the faulty stock ROMs of routers in the future? This seems very unreasonable to me. Currently I’m using a router from TP-Link which had Remote Management over HTTP only and other issues. Stock ROM? No thanks. DD-WRT was the way to go.

  4. July 28th, 2015 at 13:12 | #4

    @anon It doesn’t matter where they’re made. Devices that don’t comply with FCC rules can’t be sold in the U.S.

  5. dharari
    July 28th, 2015 at 14:08 | #5

    Who are the FCC kidding? If Apple and Google have not been able to lock down their devices putting much investment trying to do so, why do they think that commodity hardware WiFi router vendors would be more successful? And even if they do lock the device, is the FCC going to demand the vendor to supply timely fixes for horrible security breaches they used to have in their boxes and will surely have going forward?

    This is a clear case of an over-zealous federal agency acting against the good of the people, trying to fix a problem by creating a much bigger one.

  6. JIV
    July 28th, 2015 at 14:39 | #6

    When I am buying router i always check for openWrt compatibility. If its not there they can keep it. But i dont think this will be a big deal, vendor FW have some many backdoor so hacking it would be easy 😀

  7. user
    July 28th, 2015 at 15:34 | #7

    Good example is Ubiquiti products. Once so great products are now ruin by FCC. Anyhow if US wants give all wifi business to china it is fine for me also. Naturally china must make us export versions where firmwares are locked but nice thing at china manufacturing is that they usual make also clones for free marker.

  8. Kelly
    July 28th, 2015 at 20:03 | #8

    Alternate solution – everyone go take the $15 test and get your Technician level amateur radio license.

  9. July 28th, 2015 at 20:10 | #9

    The FCC is only wanting to control VERY SPECIFIC things, like transmission power and frequency. The FCC has zero interest in any other aspect of the devices. The FCC ONLY cares about the settings that have any (direct) impact on the RF transmissions.

    Think how cell phones have the main app processor that runs iOS or Android or … -and- the base band processor that runs the cellular radio. The FCC wanting to lock down ONLY the cellular component, not the rest of the system.

    This can very likely be accomplished by a binary driver for the RF portion of the equipment, NOT the rest of the software that provides all the other features.

    This will end up being like running any PC with your distro of choice running HostAP (et al) talking to a wireless NIC driven by a binary driver. It is the binary driver that controls the pieces that the FCC cares about. Everything else on the system will be free to be changed as desired.

  10. July 28th, 2015 at 20:13 | #10

    @Kelly
    Kelly,

    Even licensed HAMs will have to comply with FCC requirements. Lest you get the pink tickle.

    Granted, under some situations licensed HAMs can receive (some) additional operating privileges. I believe that the only thing that -might- apply to licensed HAMs is _some_ additional operating power.

    But as HAMs know, power is not everything. – In fact, as a licensed HAM, you are REQUIRED to use the minimum power necessary to reliably communicate.

    73

    KD0OBJ

  11. me
    July 28th, 2015 at 21:06 | #11

    If the firmware can be user-updated, then it can be user-modified. The FCC must be stoned if it thinks programmers can’t circumvent such a “lockdown”.

  12. me
    July 28th, 2015 at 21:07 | #12

    @Kelly
    How would that solve anything?

  13. me
    July 28th, 2015 at 21:08 | #13

    Isaac Rabinovitch :
    @anon It doesn’t matter where they’re made. Devices that don’t comply with FCC rules can’t be sold in the U.S.

    But the producers get to self-certify compliance.

  14. Ken Felder
    July 28th, 2015 at 21:11 | #14

    Technician license doesn’t let you play in the 2.4GHz unregulated band and doesn’t solve the problem in this article one whit. While the self-satisfaction of achieving the license is priceless, most of the equipment that would let you set up wifi equivalent in the amateur bands is way more expensive than consumer devices and not “stupid simple.”

  15. wb
    July 28th, 2015 at 22:11 | #15

    @Isaac Rabinovitch
    “Devices that don’t comply with FCC rules can’t be sold in the U.S.” In stores or US based retailers… people will buy things online. If you outlaw something, then people will find a way to break the “law” – Cuban cigars.

  16. Joe
    July 28th, 2015 at 22:48 | #16

    This issue is more than just a nusance for technical people. It’s an act of war against the people. If you put up with it they will come for you eventually. Arguably they already have. They’ve instuted many government programs (regardless of what tyou think of them) that have created taxes and those taxes are taken by any means necessarily including violant force. If you don’t agree stop contributing. Start participating in and funding rational projects that are fighting back.

    The recent governments (ie all parties and terms of office) and the democratic system as a hole (not suggesting democracy is bad, just this system of it has failed) has shown its incapable of stopping these agreesions against the people. There is only one way out of this and it’s to step up to the plate. These are issues worth risking life and limb over. The government will use violence against us even if we do not use violence against them. That’s OK. We just need to be more careful.

    The people need to organize taking aggressive non-violent action to disrupt government and economic interests in major ways. There are people beginning to do this. One of them is the Free State Project in New Hampshire: https://freestateproject.org/. While not directly aggressive many of its participants are involved in non-violent revolutionary action which is bringing tens of thousands of people to the state who desire liberty over all else. I’m moving and I hope you’ll join us. We need more technical people if we are going to defeat the oppression of our national governments.

  17. deets
    July 29th, 2015 at 01:51 | #17

    Is this really that big of a problem? Surely adding unapproved antennas and external amplifiers is more problematic than this? Most consumer chipsets/designs are probably not even capable of exceeding the limits by very much if at all. Is there that much of a problem with interference on channels 12-14? Or is this just a handy way to keep factory firmware installed with government approved backdoors?

  18. Razor512
    July 29th, 2015 at 02:52 | #18

    Those things are already limited, even with 3rd party firmware since people seem to not be able to figure out all that is going on in the wireless drivers, thus the FCC limits cannot be bypassed. The drivers for a WiFi radio are extremely complex and require a very specialized set of skills to understand, and that is when you have source code. Without it, it is nearly impossible to effectively modify the drivers. (For example, even firmware that allows for transmit power control, none of them allow you to go beyond 1000mw, even if the transmitter has a datasheet claiming to support it)

    (PS, there are valid and legal reasons for wanting to transmit as more than 1 watt, for example, to combat certain line losses and inefficiencies in the signal path)

  19. malted rhubarb
    July 29th, 2015 at 06:59 | #19

    There are a few ways to “comply” with this: A unpopulated write-protect override header, making reflashes only possible via an unpopulated serial port or a socketed ROM chip.

  20. Joe
    July 29th, 2015 at 07:30 | #20

    @DrScriptt

    What your suggesting is still extremely dangerous. Your taking away control from the user and opening up space to hide malicious features and other backdoors (which is something we know is going on as EVERY android device had malicious spyware hidden in those proprietary components). While its not impossible to sneak in malicious features in other ways it certainly makes it more difficult. None of what the FCC is suggesting is going to increase security. It’ll only have the opposite impact. Users should be able to upgrade router firmware and they shouldn’t be relying on whomever made the router. Companies do not care about security fixes and the like beyond what is utterly necessary (and even then) will leave there customers hanging.

  21. Vladimir Botka
    July 29th, 2015 at 07:39 | #21

    @DrScriptt
    Recent wifi drivers use “mac80211 framework” https://en.wikipedia.org/wiki/Wireless_network_interface_controller#FullMAC_and_SoftMAC_devices. Moreover these drivers are designed to be dynamically configured to comply with the regulatory rules https://wireless.wiki.kernel.org/en/developers/regulatory/crda . It will be very tricky to comply with the new FCC rules.

  22. DrScriptt
    July 29th, 2015 at 10:30 | #22

    @Joe
    I can see why you say what I’m saying is dangerous.

    What I’m trying to convey is that having a binary driver with an otherwise open and replaceable firmware is better than having a firmware that you can’t replace.

    I don’t think what the FCC is talking about has anything to do with security per say. I think it does have to do with enforcing some already well defined boundaries on the WiFi radio spectrum.

    I’m suggesting that we take a few minutes and see how we can legally work within the bounds that the FCC is proposing while still allowing us to do (most of) what we want.

    Without putting on my conspiracy hat, I think it would behoove us to be willing to give up some (20%) to get most of what we want (80%).

    Also, keep in mind that you are choosing to run the small multi-function platform. There is nothing that prevents you from dropping a wireless NIC in a regular PC with any distro you want on it. Even if said wireless NIC requires a binary driver from the manufacturer, you still have control over all the other aspects of the system. – You have the choice to run the small SOHO router platform vs a low power atom based PC with a wireless NIC. – I’ll even bet that you would have MORE features with the latter.

  23. Adem
    July 29th, 2015 at 11:11 | #23

    i am having a very big problem with my cable router at the moment and i cannot do anything to fix it because there is no firmware update or firmware rollback option. there is no firmware to download at all because my isp telstra pushed the firmware into my modem without me knowing about it and now i cannot stream video content without getting freeze.
    youtube and all the google stuff is ok i can download a video from youtube at 4 mbps and yet when want to watch iptv nearly everything freeze. and yet i can watch all that on my smartphone using the data internet connection with no problems. i called my isp severel times asking them if iam being throttled and they acting like they dont know anything and my service should be working good.

  24. Aditya
    July 29th, 2015 at 17:15 | #24

    WHY CANT THE FCC LEAVE 2.4GHZ/5GHZ ALONE!!!

  25. wzc0x0
    July 30th, 2015 at 12:02 | #25

    NSA wants to monitor everyone by router!OpenWrt is open source which is NOT back door!

  26. Wacko1876
    July 31st, 2015 at 05:26 | #26

    @me

    If the upload has to be signed, then the only way to modify a device is to hack the manufacturing company and steal the private key. This has NSA snooping written all over it, because only an NSL or NSA hack can get a copy of router modification codes so they can control your router.

  27. Watchingtheweasels
    August 6th, 2015 at 12:02 | #27

    >This has NSA snooping written all over it,

    Precisely.

  28. August 7th, 2015 at 14:27 | #28
  29. August 7th, 2015 at 15:25 | #29

    @zoobab
    Thanks. I don’t seem to find slides however, and they don’t show them in the video.

  30. August 27th, 2015 at 20:54 | #31

    Tessel 2 may be one of the first victims http://makezine.com/2015/08/27/new-fcc-rules-tessel-2/

  31. August 29th, 2015 at 10:49 | #32

    @cnxsoft
    Finally false alerts. See issue on github: https://github.com/tessel/project/issues/79

    “Tessel 2 is seeking FCC approval. Tessel 2 runs OpenWRT, a distribution of Linux designed as open firmware for routers with very granular control over wireless capabilities. Currently Tessel 2 is stuck in FCC approval pending its demonstration of being able to generate packets in the 802.11n range.”

    Unrelated to the new rules.

  32. Alex
    August 29th, 2015 at 18:01 | #33

    Manufacturers could as well sell two versions: one for the US market and one for non-us markets. While this may sound like a lot of work it’s not totally unrealistic as it’s handled in software.
    Microsoft – for example – had to provide – N – versions of Windows for European customers and that didn’t even remotely affect the US market.

    For router manufacturers this might even be a specific selling point, I for once bought an Asus Router for ~ 200 Bucks, because they specifically let me flash whatever I want on it and they also release the source code, which led Merlin to create *super* firmware versions.

  33. Tiny
    August 29th, 2015 at 22:26 | #34

    OpenWRT project should actively and officially support open hardware like Arduino and Raspberry Pi and maybe even start to focus on those. While you can get the cheapo routers for free from your telco or basic models for a low price the open hardware is becoming more and more powerful and WiFi-adapters also exist, maybe even too many. They are the better platform for homebrew routing anyway.

  34. mw
    August 30th, 2015 at 00:46 | #35

    I don’t think its because of maybe “non-compliant parameters”. It’s because end users should not replace the NSA trojaned firmware from the manufacturer to a safe firmware.

  35. mike kim
    November 9th, 2015 at 09:18 | #36

    Though a little late it may be,, i am all for strict fcc regulations in anticipation of future disaster to our life. . Now this is wireless business evolvingrous, prosperos, they tend to only pay attention to making money, not potential health problems. The future dangers of the RF as result of exposure from use of wireless devices will be latent and soon shed light on the issue in matter of causing illness, cancer, brain damages. Like cigarlet industry. there will occure class actions against a big firm I firmly believe from injured people. After long, the public regconition is matter of time.

  36. November 16th, 2015 at 18:44 | #37
  37. mike
    August 14th, 2016 at 01:21 | #38

    Using WiFi router is like smoking cigarettes. People are enjoying smoking, feeling good, amusing at first time. Planters, vendors, Cigalettee manufactures feels good too. Business is good and the Government feels good for their taxes and civil services get a great salaries for stupid works. Later they found a little by little complaints from users and they are addicted and problems in public health. Likewide the same in WiFi producrts and rousers producing invisible harmful waves to people. It seems that FCC realized what they should do to protect their sons and daughters. Absurd World we live in. stopping importing paper-products imported thru overseas thru amazon ebay etc.

  1. July 28th, 2015 at 11:29 | #1
  2. July 28th, 2015 at 11:36 | #2
  3. July 28th, 2015 at 13:07 | #3
  4. July 28th, 2015 at 17:18 | #4
  5. July 29th, 2015 at 19:23 | #5
  6. July 31st, 2015 at 20:58 | #6
  7. August 7th, 2015 at 16:10 | #7
  8. August 24th, 2015 at 15:01 | #8
  9. September 14th, 2015 at 00:42 | #9
  10. September 27th, 2015 at 04:56 | #10