New FCC Rules May Prevent Installing OpenWRT on WiFi Routers

Many cheap WiFi routers are sold with the vendor firmware, but the most popular ones likely also support OpenWRT, which some users may prefer as it is much more customizable. However, this may soon become more difficult according to a talk at the upcoming “Wireless Battle of the Mesh” which will take place on August 3-8 in Maribor, Slovenia.

tp-link_no_openwrtThe talk scheduled for August 6 at 15:00 is entitled “openWRT vs. FCC – forced firmware lockdown?” and Simon Wunderlich, the speaker, provided the following abstract:

The new FCC rules are in effect in the United States from June 2nd 2015 for WiFi devices such as Access Points. They require to have the firmware locked down so End-Users can’t operate with non-compliant parameters (channels/frequencies, transmit power, DFS, …). In response, WiFi access point vendors start to lock down firmwares to prevent custom firmwares (such as OpenWRT) to be installed, using code signing, etc. Since the same type of devices are often sold world wide, this change does not only affect routers in the US, but also Europe, and this will also effect wireless communities.
We would like to discuss:

  • What are your experiences with recently certified WiFi Hardware?
  • How can we still keep OpenWRT on these devices?
  • What can we suggest to Hardware vendors so that they keep their firmware open for community projects while still compliant with the FCC?

The rule in question is listed on the FCC website with the question “What are the software security requirements for non-SDR devices and what limitations apply to software configuration control for such devices?” and the critical part of the answer being “require all devices to implement software security to ensure that the devices operate as authorized and cannot be modified“.

It will be interesting to see how all this develops, and whether it will have some real consequences on the hackability of access points.

Thanks to Zoobab for the tip.

Support CNX Software - Donate via PayPal or become a Patron on Patreon

48
Leave a Reply

avatar
48 Comment threads
0 Thread replies
1 Followers
 
Most reacted comment
Hottest comment thread
28 Comment authors
mikemike kimCould This be the End of BBHN/HSMM? - Everything HamradioOpen source firmware (e.g. OpenWRT) supporting manufacturers? [closed] newsmw Recent comment authors
  Subscribe  
newest oldest most voted
Notify of
pm7
Guest
pm7

Seems to be same situation as bootloader lock in Android phones/tablets.
It’s something that GPLv2 allow. GPLv3 requires producers to allow to modify software in the device they sell.
Unfortunately, Linux is GPLv2 licensed. http://www.linuxtoday.com/developer/2010092000435OPKNMO
But if the include any GPLv3 software, like gzip, they can be sued if user is unable to modify firmware in device he/she bought. Maybe 🙂

anon
Guest
anon

Everyone in US starts to use Chinese devices which give a f%ck, and only a f%ck, about FCC rules? Rainbow WiFi campaign? Supreme Court gives a ruling, love wins again?

trackback

[…] The war against general-purpose computing and being able to modify the devices you own continues. […]

trackback

[…] Comments …read more […]

Bibi
Guest
Bibi

So am I to use the faulty stock ROMs of routers in the future? This seems very unreasonable to me. Currently I’m using a router from TP-Link which had Remote Management over HTTP only and other issues. Stock ROM? No thanks. DD-WRT was the way to go.

Isaac Rabinovitch
Guest

@anon It doesn’t matter where they’re made. Devices that don’t comply with FCC rules can’t be sold in the U.S.

dharari
Guest
dharari

Who are the FCC kidding? If Apple and Google have not been able to lock down their devices putting much investment trying to do so, why do they think that commodity hardware WiFi router vendors would be more successful? And even if they do lock the device, is the FCC going to demand the vendor to supply timely fixes for horrible security breaches they used to have in their boxes and will surely have going forward?

This is a clear case of an over-zealous federal agency acting against the good of the people, trying to fix a problem by creating a much bigger one.

JIV
Guest
JIV

When I am buying router i always check for openWrt compatibility. If its not there they can keep it. But i dont think this will be a big deal, vendor FW have some many backdoor so hacking it would be easy 😀

user
Guest
user

Good example is Ubiquiti products. Once so great products are now ruin by FCC. Anyhow if US wants give all wifi business to china it is fine for me also. Naturally china must make us export versions where firmwares are locked but nice thing at china manufacturing is that they usual make also clones for free marker.

trackback

[…] オープンソースの無線ルーターOS、米FCCが禁止する可能性   http://www.cnx-software.com/2015/07/27/new-fcc-rules-may-prevent-installing-openwrt-on-wifi-routers/ […]

Kelly
Guest
Kelly

Alternate solution – everyone go take the $15 test and get your Technician level amateur radio license.

DrScriptt
Guest

The FCC is only wanting to control VERY SPECIFIC things, like transmission power and frequency. The FCC has zero interest in any other aspect of the devices. The FCC ONLY cares about the settings that have any (direct) impact on the RF transmissions.

Think how cell phones have the main app processor that runs iOS or Android or … -and- the base band processor that runs the cellular radio. The FCC wanting to lock down ONLY the cellular component, not the rest of the system.

This can very likely be accomplished by a binary driver for the RF portion of the equipment, NOT the rest of the software that provides all the other features.

This will end up being like running any PC with your distro of choice running HostAP (et al) talking to a wireless NIC driven by a binary driver. It is the binary driver that controls the pieces that the FCC cares about. Everything else on the system will be free to be changed as desired.

DrScriptt
Guest

@Kelly
Kelly,

Even licensed HAMs will have to comply with FCC requirements. Lest you get the pink tickle.

Granted, under some situations licensed HAMs can receive (some) additional operating privileges. I believe that the only thing that -might- apply to licensed HAMs is _some_ additional operating power.

But as HAMs know, power is not everything. – In fact, as a licensed HAM, you are REQUIRED to use the minimum power necessary to reliably communicate.

73

KD0OBJ

me
Guest
me

If the firmware can be user-updated, then it can be user-modified. The FCC must be stoned if it thinks programmers can’t circumvent such a “lockdown”.

me
Guest
me

@Kelly
How would that solve anything?

me
Guest
me

Isaac Rabinovitch :
@anon It doesn’t matter where they’re made. Devices that don’t comply with FCC rules can’t be sold in the U.S.

But the producers get to self-certify compliance.

Ken Felder
Guest
Ken Felder

Technician license doesn’t let you play in the 2.4GHz unregulated band and doesn’t solve the problem in this article one whit. While the self-satisfaction of achieving the license is priceless, most of the equipment that would let you set up wifi equivalent in the amateur bands is way more expensive than consumer devices and not “stupid simple.”

wb
Guest
wb

@Isaac Rabinovitch
“Devices that don’t comply with FCC rules can’t be sold in the U.S.” In stores or US based retailers… people will buy things online. If you outlaw something, then people will find a way to break the “law” – Cuban cigars.

Joe
Guest
Joe

This issue is more than just a nusance for technical people. It’s an act of war against the people. If you put up with it they will come for you eventually. Arguably they already have. They’ve instuted many government programs (regardless of what tyou think of them) that have created taxes and those taxes are taken by any means necessarily including violant force. If you don’t agree stop contributing. Start participating in and funding rational projects that are fighting back.

The recent governments (ie all parties and terms of office) and the democratic system as a hole (not suggesting democracy is bad, just this system of it has failed) has shown its incapable of stopping these agreesions against the people. There is only one way out of this and it’s to step up to the plate. These are issues worth risking life and limb over. The government will use violence against us even if we do not use violence against them. That’s OK. We just need to be more careful.

The people need to organize taking aggressive non-violent action to disrupt government and economic interests in major ways. There are people beginning to do this. One of them is the Free State Project in New Hampshire: https://freestateproject.org/. While not directly aggressive many of its participants are involved in non-violent revolutionary action which is bringing tens of thousands of people to the state who desire liberty over all else. I’m moving and I hope you’ll join us. We need more technical people if we are going to defeat the oppression of our national governments.

deets
Guest
deets

Is this really that big of a problem? Surely adding unapproved antennas and external amplifiers is more problematic than this? Most consumer chipsets/designs are probably not even capable of exceeding the limits by very much if at all. Is there that much of a problem with interference on channels 12-14? Or is this just a handy way to keep factory firmware installed with government approved backdoors?

Razor512
Guest
Razor512

Those things are already limited, even with 3rd party firmware since people seem to not be able to figure out all that is going on in the wireless drivers, thus the FCC limits cannot be bypassed. The drivers for a WiFi radio are extremely complex and require a very specialized set of skills to understand, and that is when you have source code. Without it, it is nearly impossible to effectively modify the drivers. (For example, even firmware that allows for transmit power control, none of them allow you to go beyond 1000mw, even if the transmitter has a datasheet claiming to support it)

(PS, there are valid and legal reasons for wanting to transmit as more than 1 watt, for example, to combat certain line losses and inefficiencies in the signal path)

malted rhubarb
Guest
malted rhubarb

There are a few ways to “comply” with this: A unpopulated write-protect override header, making reflashes only possible via an unpopulated serial port or a socketed ROM chip.

Joe
Guest
Joe

@DrScriptt

What your suggesting is still extremely dangerous. Your taking away control from the user and opening up space to hide malicious features and other backdoors (which is something we know is going on as EVERY android device had malicious spyware hidden in those proprietary components). While its not impossible to sneak in malicious features in other ways it certainly makes it more difficult. None of what the FCC is suggesting is going to increase security. It’ll only have the opposite impact. Users should be able to upgrade router firmware and they shouldn’t be relying on whomever made the router. Companies do not care about security fixes and the like beyond what is utterly necessary (and even then) will leave there customers hanging.

Vladimir Botka
Guest
Vladimir Botka

@DrScriptt
Recent wifi drivers use “mac80211 framework” https://en.wikipedia.org/wiki/Wireless_network_interface_controller#FullMAC_and_SoftMAC_devices. Moreover these drivers are designed to be dynamically configured to comply with the regulatory rules https://wireless.wiki.kernel.org/en/developers/regulatory/crda . It will be very tricky to comply with the new FCC rules.

DrScriptt
Guest
DrScriptt

@Joe
I can see why you say what I’m saying is dangerous.

What I’m trying to convey is that having a binary driver with an otherwise open and replaceable firmware is better than having a firmware that you can’t replace.

I don’t think what the FCC is talking about has anything to do with security per say. I think it does have to do with enforcing some already well defined boundaries on the WiFi radio spectrum.

I’m suggesting that we take a few minutes and see how we can legally work within the bounds that the FCC is proposing while still allowing us to do (most of) what we want.

Without putting on my conspiracy hat, I think it would behoove us to be willing to give up some (20%) to get most of what we want (80%).

Also, keep in mind that you are choosing to run the small multi-function platform. There is nothing that prevents you from dropping a wireless NIC in a regular PC with any distro you want on it. Even if said wireless NIC requires a binary driver from the manufacturer, you still have control over all the other aspects of the system. – You have the choice to run the small SOHO router platform vs a low power atom based PC with a wireless NIC. – I’ll even bet that you would have MORE features with the latter.

Adem
Guest
Adem

i am having a very big problem with my cable router at the moment and i cannot do anything to fix it because there is no firmware update or firmware rollback option. there is no firmware to download at all because my isp telstra pushed the firmware into my modem without me knowing about it and now i cannot stream video content without getting freeze.
youtube and all the google stuff is ok i can download a video from youtube at 4 mbps and yet when want to watch iptv nearly everything freeze. and yet i can watch all that on my smartphone using the data internet connection with no problems. i called my isp severel times asking them if iam being throttled and they acting like they dont know anything and my service should be working good.

Aditya
Guest
Aditya

WHY CANT THE FCC LEAVE 2.4GHZ/5GHZ ALONE!!!

trackback

[…] New FCC Rules May Prevent Installing OpenWRT on WiFi Routers […]

wzc0x0
Guest
wzc0x0

NSA wants to monitor everyone by router!OpenWrt is open source which is NOT back door!

Wacko1876
Guest
Wacko1876

@me

If the upload has to be signed, then the only way to modify a device is to hack the manufacturing company and steal the private key. This has NSA snooping written all over it, because only an NSL or NSA hack can get a copy of router modification codes so they can control your router.

Watchingtheweasels
Guest
Watchingtheweasels

>This has NSA snooping written all over it,

Precisely.

zoobab
Guest
trackback

[…] article about the new FCC rules that may prevent installing OpenWRT, DD-WRT or other third party firmware on Wi-Fi routers and access-point generated quite a buzz at the end […]

trackback

[…] New FCC Rules May Prevent Installing OpenWRT on WiFi Routers – http://www.cnx-software.com Many cheap WiFi routers are sold with the vendor firmware, but the most popular ones likely also support OpenWRT, which some users may prefer as it is much more customizable. […]

Alex
Guest
Alex

Manufacturers could as well sell two versions: one for the US market and one for non-us markets. While this may sound like a lot of work it’s not totally unrealistic as it’s handled in software.
Microsoft – for example – had to provide – N – versions of Windows for European customers and that didn’t even remotely affect the US market.

For router manufacturers this might even be a specific selling point, I for once bought an Asus Router for ~ 200 Bucks, because they specifically let me flash whatever I want on it and they also release the source code, which led Merlin to create *super* firmware versions.

Tiny
Guest
Tiny

OpenWRT project should actively and officially support open hardware like Arduino and Raspberry Pi and maybe even start to focus on those. While you can get the cheapo routers for free from your telco or basic models for a low price the open hardware is becoming more and more powerful and WiFi-adapters also exist, maybe even too many. They are the better platform for homebrew routing anyway.

mw
Guest
mw

I don’t think its because of maybe “non-compliant parameters”. It’s because end users should not replace the NSA trojaned firmware from the manufacturer to a safe firmware.

trackback

[…] You can read the whole article here: New FCC Rules May Prevent Installing OpenWRT on WiFi Routers […]

trackback

[…] reading—they are technical and dense. And so it wasn’t until last month that Wi-Fi hobbyistspointed out some regulatory language that might affect the open source […]

mike kim
Guest
mike kim

Though a little late it may be,, i am all for strict fcc regulations in anticipation of future disaster to our life. . Now this is wireless business evolvingrous, prosperos, they tend to only pay attention to making money, not potential health problems. The future dangers of the RF as result of exposure from use of wireless devices will be latent and soon shed light on the issue in matter of causing illness, cancer, brain damages. Like cigarlet industry. there will occure class actions against a big firm I firmly believe from injured people. After long, the public regconition is matter of time.

mike
Guest
mike

Using WiFi router is like smoking cigarettes. People are enjoying smoking, feeling good, amusing at first time. Planters, vendors, Cigalettee manufactures feels good too. Business is good and the Government feels good for their taxes and civil services get a great salaries for stupid works. Later they found a little by little complaints from users and they are addicted and problems in public health. Likewide the same in WiFi producrts and rousers producing invisible harmful waves to people. It seems that FCC realized what they should do to protect their sons and daughters. Absurd World we live in. stopping importing paper-products imported thru overseas thru amazon ebay etc.