New FCC Rules May Prevent Installing OpenWRT on WiFi Routers

Many cheap WiFi routers are sold with the vendor firmware, but the most popular ones likely also support OpenWRT, which some users may prefer as it is much more customizable. However, this may soon become more difficult according to a talk at the upcoming “Wireless Battle of the Mesh” which will take place on August 3-8 in Maribor, Slovenia.

tp-link_no_openwrtThe talk scheduled for August 6 at 15:00 is entitled “openWRT vs. FCC – forced firmware lockdown?” and Simon Wunderlich, the speaker, provided the following abstract:

The new FCC rules are in effect in the United States from June 2nd 2015 for WiFi devices such as Access Points. They require to have the firmware locked down so End-Users can’t operate with non-compliant parameters (channels/frequencies, transmit power, DFS, …). In response, WiFi access point vendors start to lock down firmwares to prevent custom firmwares (such as OpenWRT) to be installed, using code signing, etc. Since the same type of devices are often sold world wide, this change does not only affect routers in the US, but also Europe, and this will also effect wireless communities.
We would like to discuss:

  • What are your experiences with recently certified WiFi Hardware?
  • How can we still keep OpenWRT on these devices?
  • What can we suggest to Hardware vendors so that they keep their firmware open for community projects while still compliant with the FCC?

The rule in question is listed on the FCC website with the question “What are the software security requirements for non-SDR devices and what limitations apply to software configuration control for such devices?” and the critical part of the answer being “require all devices to implement software security to ensure that the devices operate as authorized and cannot be modified“.

It will be interesting to see how all this develops, and whether it will have some real consequences on the hackability of access points.

Thanks to Zoobab for the tip.

Support CNX Software - Donate via PayPal or become a Patron on Patreon
Subscribe
Notify of
guest
45 Comments
oldest
newest most voted
pm7
pm7
5 years ago

Seems to be same situation as bootloader lock in Android phones/tablets.
It’s something that GPLv2 allow. GPLv3 requires producers to allow to modify software in the device they sell.
Unfortunately, Linux is GPLv2 licensed. http://www.linuxtoday.com/developer/2010092000435OPKNMO
But if the include any GPLv3 software, like gzip, they can be sued if user is unable to modify firmware in device he/she bought. Maybe 🙂

anon
anon
5 years ago

Everyone in US starts to use Chinese devices which give a f%ck, and only a f%ck, about FCC rules? Rainbow WiFi campaign? Supreme Court gives a ruling, love wins again?

Bibi
Bibi
5 years ago

So am I to use the faulty stock ROMs of routers in the future? This seems very unreasonable to me. Currently I’m using a router from TP-Link which had Remote Management over HTTP only and other issues. Stock ROM? No thanks. DD-WRT was the way to go.

Isaac Rabinovitch
5 years ago

@anon It doesn’t matter where they’re made. Devices that don’t comply with FCC rules can’t be sold in the U.S.

dharari
dharari
5 years ago

Who are the FCC kidding? If Apple and Google have not been able to lock down their devices putting much investment trying to do so, why do they think that commodity hardware WiFi router vendors would be more successful? And even if they do lock the device, is the FCC going to demand the vendor to supply timely fixes for horrible security breaches they used to have in their boxes and will surely have going forward? This is a clear case of an over-zealous federal agency acting against the good of the people, trying to fix a problem by creating… Read more »

JIV
JIV
5 years ago

When I am buying router i always check for openWrt compatibility. If its not there they can keep it. But i dont think this will be a big deal, vendor FW have some many backdoor so hacking it would be easy 😀

user
user
5 years ago

Good example is Ubiquiti products. Once so great products are now ruin by FCC. Anyhow if US wants give all wifi business to china it is fine for me also. Naturally china must make us export versions where firmwares are locked but nice thing at china manufacturing is that they usual make also clones for free marker.

Kelly
Kelly
5 years ago

Alternate solution – everyone go take the $15 test and get your Technician level amateur radio license.

DrScriptt
5 years ago

The FCC is only wanting to control VERY SPECIFIC things, like transmission power and frequency. The FCC has zero interest in any other aspect of the devices. The FCC ONLY cares about the settings that have any (direct) impact on the RF transmissions. Think how cell phones have the main app processor that runs iOS or Android or … -and- the base band processor that runs the cellular radio. The FCC wanting to lock down ONLY the cellular component, not the rest of the system. This can very likely be accomplished by a binary driver for the RF portion of… Read more »

DrScriptt
5 years ago

@Kelly
Kelly,

Even licensed HAMs will have to comply with FCC requirements. Lest you get the pink tickle.

Granted, under some situations licensed HAMs can receive (some) additional operating privileges. I believe that the only thing that -might- apply to licensed HAMs is _some_ additional operating power.

But as HAMs know, power is not everything. – In fact, as a licensed HAM, you are REQUIRED to use the minimum power necessary to reliably communicate.

73

KD0OBJ

me
me
5 years ago

If the firmware can be user-updated, then it can be user-modified. The FCC must be stoned if it thinks programmers can’t circumvent such a “lockdown”.

me
me
5 years ago

@Kelly
How would that solve anything?

me
me
5 years ago

Isaac Rabinovitch :
@anon It doesn’t matter where they’re made. Devices that don’t comply with FCC rules can’t be sold in the U.S.

But the producers get to self-certify compliance.

Ken Felder
Ken Felder
5 years ago

Technician license doesn’t let you play in the 2.4GHz unregulated band and doesn’t solve the problem in this article one whit. While the self-satisfaction of achieving the license is priceless, most of the equipment that would let you set up wifi equivalent in the amateur bands is way more expensive than consumer devices and not “stupid simple.”

wb
wb
5 years ago

@Isaac Rabinovitch
“Devices that don’t comply with FCC rules can’t be sold in the U.S.” In stores or US based retailers… people will buy things online. If you outlaw something, then people will find a way to break the “law” – Cuban cigars.

Joe
Joe
5 years ago

This issue is more than just a nusance for technical people. It’s an act of war against the people. If you put up with it they will come for you eventually. Arguably they already have. They’ve instuted many government programs (regardless of what tyou think of them) that have created taxes and those taxes are taken by any means necessarily including violant force. If you don’t agree stop contributing. Start participating in and funding rational projects that are fighting back. The recent governments (ie all parties and terms of office) and the democratic system as a hole (not suggesting democracy… Read more »

deets
deets
5 years ago

Is this really that big of a problem? Surely adding unapproved antennas and external amplifiers is more problematic than this? Most consumer chipsets/designs are probably not even capable of exceeding the limits by very much if at all. Is there that much of a problem with interference on channels 12-14? Or is this just a handy way to keep factory firmware installed with government approved backdoors?

Razor512
Razor512
5 years ago

Those things are already limited, even with 3rd party firmware since people seem to not be able to figure out all that is going on in the wireless drivers, thus the FCC limits cannot be bypassed. The drivers for a WiFi radio are extremely complex and require a very specialized set of skills to understand, and that is when you have source code. Without it, it is nearly impossible to effectively modify the drivers. (For example, even firmware that allows for transmit power control, none of them allow you to go beyond 1000mw, even if the transmitter has a datasheet… Read more »

malted rhubarb
malted rhubarb
5 years ago

There are a few ways to “comply” with this: A unpopulated write-protect override header, making reflashes only possible via an unpopulated serial port or a socketed ROM chip.

Joe
Joe
5 years ago

@DrScriptt What your suggesting is still extremely dangerous. Your taking away control from the user and opening up space to hide malicious features and other backdoors (which is something we know is going on as EVERY android device had malicious spyware hidden in those proprietary components). While its not impossible to sneak in malicious features in other ways it certainly makes it more difficult. None of what the FCC is suggesting is going to increase security. It’ll only have the opposite impact. Users should be able to upgrade router firmware and they shouldn’t be relying on whomever made the router.… Read more »

Vladimir Botka
Vladimir Botka
5 years ago

@DrScriptt
Recent wifi drivers use “mac80211 framework” https://en.wikipedia.org/wiki/Wireless_network_interface_controller#FullMAC_and_SoftMAC_devices. Moreover these drivers are designed to be dynamically configured to comply with the regulatory rules https://wireless.wiki.kernel.org/en/developers/regulatory/crda . It will be very tricky to comply with the new FCC rules.

DrScriptt
5 years ago

@Joe I can see why you say what I’m saying is dangerous. What I’m trying to convey is that having a binary driver with an otherwise open and replaceable firmware is better than having a firmware that you can’t replace. I don’t think what the FCC is talking about has anything to do with security per say. I think it does have to do with enforcing some already well defined boundaries on the WiFi radio spectrum. I’m suggesting that we take a few minutes and see how we can legally work within the bounds that the FCC is proposing while… Read more »

Adem
Adem
5 years ago

i am having a very big problem with my cable router at the moment and i cannot do anything to fix it because there is no firmware update or firmware rollback option. there is no firmware to download at all because my isp telstra pushed the firmware into my modem without me knowing about it and now i cannot stream video content without getting freeze. youtube and all the google stuff is ok i can download a video from youtube at 4 mbps and yet when want to watch iptv nearly everything freeze. and yet i can watch all that… Read more »

Aditya
Aditya
5 years ago

WHY CANT THE FCC LEAVE 2.4GHZ/5GHZ ALONE!!!

wzc0x0
wzc0x0
5 years ago

NSA wants to monitor everyone by router!OpenWrt is open source which is NOT back door!

Wacko1876
Wacko1876
5 years ago

@me

If the upload has to be signed, then the only way to modify a device is to hack the manufacturing company and steal the private key. This has NSA snooping written all over it, because only an NSL or NSA hack can get a copy of router modification codes so they can control your router.

Watchingtheweasels
Watchingtheweasels
5 years ago

>This has NSA snooping written all over it,

Precisely.

zoobab
5 years ago
Alex
Alex
4 years ago

Manufacturers could as well sell two versions: one for the US market and one for non-us markets. While this may sound like a lot of work it’s not totally unrealistic as it’s handled in software. Microsoft – for example – had to provide – N – versions of Windows for European customers and that didn’t even remotely affect the US market. For router manufacturers this might even be a specific selling point, I for once bought an Asus Router for ~ 200 Bucks, because they specifically let me flash whatever I want on it and they also release the source… Read more »

Tiny
Tiny
4 years ago

OpenWRT project should actively and officially support open hardware like Arduino and Raspberry Pi and maybe even start to focus on those. While you can get the cheapo routers for free from your telco or basic models for a low price the open hardware is becoming more and more powerful and WiFi-adapters also exist, maybe even too many. They are the better platform for homebrew routing anyway.

mw
mw
4 years ago

I don’t think its because of maybe “non-compliant parameters”. It’s because end users should not replace the NSA trojaned firmware from the manufacturer to a safe firmware.

mike kim
mike kim
4 years ago

Though a little late it may be,, i am all for strict fcc regulations in anticipation of future disaster to our life. . Now this is wireless business evolvingrous, prosperos, they tend to only pay attention to making money, not potential health problems. The future dangers of the RF as result of exposure from use of wireless devices will be latent and soon shed light on the issue in matter of causing illness, cancer, brain damages. Like cigarlet industry. there will occure class actions against a big firm I firmly believe from injured people. After long, the public regconition is… Read more »

mike
mike
3 years ago

Using WiFi router is like smoking cigarettes. People are enjoying smoking, feeling good, amusing at first time. Planters, vendors, Cigalettee manufactures feels good too. Business is good and the Government feels good for their taxes and civil services get a great salaries for stupid works. Later they found a little by little complaints from users and they are addicted and problems in public health. Likewide the same in WiFi producrts and rousers producing invisible harmful waves to people. It seems that FCC realized what they should do to protect their sons and daughters. Absurd World we live in. stopping importing… Read more »

Advertisements