FCC Clarifies: It's Legal To Hack Your Router (betanews.com) 85
Mark Wilson writes with an update to an earlier report that the wording of new FCC regulations could mean that it would be illegal to modfiy the software running on wireless routers by installing alternative firmwares. Instead, The commission has now acknowledged that there was more than a little confusion from people who believed that manufacturers would be encouraged to prevent router modifications. The FCC wants to make it clear that most router hacking is fine and will remain fine. With a few exceptions, that is. In a blog post entitled Clearing the Air on Wi-Fi Software Updates, Julius Knapp from the FCC tries to clear up any misunderstandings that may exist.
Does this really change anything? (Score:5, Insightful)
Re: (Score:1, Offtopic)
How many Americans are prisoners in Gitmo?
Re: (Score:1)
Sure. I'm glad to know what the intention of the rule is, but isn't it still likely that the easiest way for manufacturers to comply will be total lockdown?
Sure it is... path of least resistance and all that grey area crap.
Re:Does this really change anything? (Score:4, Interesting)
There is no reason for an extra OS, because any additional microcontroller will only be managing the radio, and there is no reason to use an OS for that; you can just program the firmware to run directly.
All they really have to do though is compile the max gain into the existing firmware instead of letting the OS set it on boot. They have to cut/paste a couple lines from one .h file to another. Horrors. The rules on the max output wattage don't change very often; historically, I don't think it has ever been increased. The total net benefit of that being configurable has been zilch.
People handwaving about things getting "locked down" are a bit breathless. There is no reason companies are going to spend extra money on engineering hours to lock down stuff other than the radio gain and modulation settings.
The router stuff isn't being prevented or restricted in any way, those are simply the devices where some models were not following the rules. Basically, they moved too much of the radio init code into software out of laziness. The radio is a hardware radio, though, not software; so we're just talking about moving OS driver code into firmware, and all that gets moved is the init. There is no way they're going to save money by trying to "lock down" the OS, which is not really doable anyways.
Remember, software defined radio is more expensive than hardware radios, because of the processing requirements. So the radios were already all hardware. That is why the FCC engineers are a bit surprised and disappointed in the public and the doomsday speculation.
Re: (Score:2)
What will mostly matter is how the SoC manufactures deal with it. If they put checking at the bootloaded only that's what companies will be forced to do. If the radio can only used signed firmware blobs then that's what they will do. At the end of the day netgear etc are not making chips they are buying them from broadcom etc and will have to use what security is available on those soc's to comply with the fcc.
Re: (Score:2)
You're just speculating on some unknown that you worry they might be "forced" to do one thing or another, whereas the story, and the analysis such as that you responded to, is telling you the answers. The unknowns you are speculating about are not unknowns, they are known knowns. They are not being forced to use any particular implementation.
You seem to entirely discount that DRM is very hard to do, and even harder to do in a way that successfully inconveniences anybody. They're not going to spend millions
Re: (Score:2)
It's all speculation till the short term confidentiality comes off for the post ruling chips like the BCM4366 gear that's shipping later this month.
DRM is very hard to do on tiny microcontroller, it's always hard to do well. So this very much depends on how Broadcom and the likes implements the FCC requirement since they will be the ones most probably picking the path with the least amount of additional silicon/effort to meet that fcc requirement.
It only makes it worse... (Score:3)
Regrettably, routers are designed to be extremely cheap, and have only one cpu and OS. Specific vendors (as noted in the IETF submission) have publicly claimed that the FCC rules require them to prevent any modification to the device, and lock it down.
IMHO, that gives them "forced obsolescence", and sales at full list price for newer models with bug-fixes.
Re: (Score:2)
Existing SoC designs already have more than one processor; it is just all squished together on one die. It is one chip, but it would be the whole normal nest of chips if it wasn't in an integrated package.
Vendors will say anything, never believe that breathless crap. They hate rules, even when they have more influence over the rules than the consumers who the rules supposedly protect.
They won't still be saying that later if you're trying to buy a chip from them that includes DRM. It turns out that is hard,
Re: (Score:2)
I think we're in violent agreement (;-))
Like you, I expect that cost-averse vendors will be reluctant to add anything pricey to the board. I was thinking of an independent radio chipset that could be locked down separately form the general-purpose processor, you were thinking of DRM. I understand this is what some cell phones have, and that there is a push toward getting rid of the extra expense...
Re:Does this really change anything? (Score:5, Insightful)
People handwaving about things getting "locked down" are a bit breathless. There is no reason companies are going to spend extra money on engineering hours to lock down stuff other than the radio gain and modulation settings.
You're half right. Companies are not going to spend extra engineering hours on this stuff. So rather than going through and locking down specifics they'll likely just disable write and JTAG interfaces after shipping and you get a read-only device for your pleasure.
Oh but what about official firmware updates you ask?
I've yet to own a device that's ever received one.
Re: (Score:2)
What shitty unsupported devices are you buying? Every wifi AP and DSL modem I've bought has had at least one official firmware update after purchase, including an old Netgear DG632 (still in use), three generations of Apple AirPort Express, some shitty Billion DSL router, and an AVM FritzBox.
Re: (Score:2)
Oh you know just the run of the mill garbage from Netgear and Cisco (Linksys).
Re: (Score:2)
Most of my routers have had firmware updates available from the vendor. Not all, but most. The cheapo routers that I've inherited, like Actiontec, have never been updated at all. Zoom has been updated. I think Zhone had an update availabe, can't remember for certain. But, the better quality routers have all had official updates available. I'm partial to Netgear, and my newest told me that a firmware update was available, just before I upgraded it to DD-WRT.
Re: (Score:2)
My experience with Linksys was that they update their hardware more often than their firmware, and their firmwares are tied to the hardware revision.
Yes firmware is available, but I've yet to see an "update"
Actually the only devices I've ever seen get an update were those pre-n or pre-ac models and from what I can tell all the firmware update did was remove the warning on the webpage that the WiFi formats hadn't been ratified yet.
Re: (Score:2)
Re: (Score:2)
If it is a generic router with a fly-by-night brand that was slapped onto an unaltered OEM whitebox, OK, I'll believe your story.
But anything from a name brand they're going to want to be able to do a firmware update because otherwise they'd have to exchange or replace every unit sold in a giant recall if there turns out to be a security bug. Huge hit compared to issuing a firmware update and it being up to the consumer to install it.
I might still be more than half right after all. ;)
Re: (Score:2)
have to exchange or replace every unit sold in a giant recall if there turns out to be a security bug.
Really? Didn't we just run a story only recently on Slashdot about how manufacturers are just generally not fixing the security bugs found in routers?
I'm still waiting for someone in any country to force a manufacturer to actually keep their product secure and up to date. The big problem with routers is that they seemingly last forever, but right now we can't even keep 1 year old phones up to date.
Re: (Score:2)
It only requires a very simple analysis to understand that the way it is now only critical security holes that were the manufacturer's fault are guaranteed to get a firmware update, and other security holes are ignored by many manufacturers.
However, that in no way contradicts my point. They have to be able to update firmware. Not all bugs and problems are equal. I mean think about it, they'd have to at least try to fix the worst bugs before shipping the units in your universe! The one I live in, shit shows
Re: (Score:2)
I know where you're coming from but, if I may, how many router bugs have you fixed over the years? I ask because, a long time ago - in the tech dark ages, I had a router building (modification, really) project which enabled us to connect a plotter to a network. Now, it was mostly a spare time project, I admit, but by the time we were done, such was commercially available. If I counted the man-hours that went into this, well... I'm not doing that math. Let's just say it was a pointless exercise that was almo
Re: (Score:2)
"moving OS driver code into firmware"
Change of OS requires that driver be recompiled though. A Linux 3.1 kernel can't use a driver from Linux 2.6. If/when my kernel is upgraded to 4.x that driver will have to be recompiled again. That means, updating the firmware of the radio. And, while I'm recompiling that driver, I can set the parameters under which the radio will operate.
Sorry, it's all or nothing. Either I have access to all the hardware, or I have access to none of the hardware. Anything else is
Re: (Score:2)
You failed to understand my comment, and just sortof waved your hands.
The company making the router can make what you do in the driver to tell the radio firmware how much gain to use into a NOOP. You'll still recompile your driver and try to do it, but the output gain simply won't change.
There is absolutely no reason at all that your OS would see any difference at all.
And no it isn't "all or nothing." You can flash the OS already, but the only reason that the OS driver can tell the radio to do x is because
Re: (Score:2)
It is configurable for good reason.
Take a look at the table available at: http://www.afar.net/tutorials/... [afar.net]
The dB values should not be static, as the inclusion of a directional high gain antenna can make you need to adjust the dB value to match the antenna to prevent overrunning the max allowed radiation (EIRP).
Also, not every country has the same rules as the US, there are actually many countries on this planet, and they don't all use the same set of EM rules.
Re:Does this really change anything? (Score:5, Informative)
And the easiest way for users to give it the finger is not to buy that broken boxes and instead return to what we did in the 90s, using old computers as routers.
It's not like you can't build computers that have similar power consumption levels as those routers, with the added bonus that you can actually remove all the parts you don't need that only pose a security risk by their mere existence.
Re: (Score:3)
This applies to less than 1 percent of the public. I'd bet if you build your own router the day will come that will make you automatically a candidate for closer monitoring.
Re: (Score:2)
Re: (Score:3)
And the easiest way for users to give it the finger is not to buy that broken boxes and instead return to what we did in the 90s, using old computers as routers.
It's not like you can't build computers that have similar power consumption levels as those routers,
Sadly, that rapidly gets expensive. Your computer can be as small/cheap/low-power as a router, pick two.
Re: (Score:2)
OK - good point. Now, tell me which old computers have WIFI transmitters inside of them. The nearest thing to that, was an ASUS server board that came with an optional PCI card. That card had to be installed in the last PCI slot, it wouldn't work in any other slot. Can't remember the board's part number now, but it was one of the earliest AMD Bulldozer offerings. I've still got that PCI card lying around somewhere, but it's not nearly as fast as the routers I'm using today. Wireless G is simply obsole
Re: (Score:2)
OK - good point. Now, tell me which old computers have WIFI transmitters inside of them.
You buy a wifi card and slap it in. Then the problem becomes, does my wireless chip even have MASTER mode support under Linux (etc.)? Because many of them don't.
Re: (Score:3)
Cheapest devices will continue to suck, news at 11?
Better devices will get better, because they'll have a modular design by following the actual implementation recommendations they gave. They just want the radio block not to have the gain turned up by the main processor. That is it. That is all. Honestly, this is what they should have been doing already under the old guidance. The "new" rule is just a friendlier way than saying, "You've been doing it wrong for 10 years" and leave everybody worrying about fi
Re: (Score:2)
Re: (Score:3, Insightful)
... isn't it still likely that the easiest way for manufacturers to comply will be total lockdown?...
Well, then it will be the manufacturers to blame, not the FCC.
.
If the current crop of manufacturers wimp out and lock down the devices, then I am sure some alternatives will crop up that are not locked down (besides the RF stuff). Or,you could even grab an old PC and use that as a router.
On other forums, I've read comments about how the mod'ers want to be able to change the frequency to non-WiFi channels because the WiFi channels are too busy where they live. Those same people noted that they are not
Re: (Score:2)
Most likely what will happen is the chipset manufacturers will build in a set of OTP fuses into the chipset (which already exists for stuff like MAC addresses) that set the regulatory domain. The WiFi firmware reads the fuses and locks out the frequencies it's not supposed to transmit on.
Existing hardware already has it, and really only the firmwa
No one with a clue thought it would be illegal ... (Score:3, Insightful)
No one with a clue thought it would be illegal to hack your router. There might have been a few idiots spouting that but there are always idiots spouting on the Web. The issue is that certain changes - increasing your transmission power - ARE illegal and have long been illegal. The FCC is looking at putting out rules to prevent that from being possible, or at least make it much more difficult. The easiest way to implement those rules for manufacturers is to prevent the router from running anything other than the default firmware. The FCC made some changes to their wording which may or may not reduce that likelihood a bit. But the changes are largely cosmetic and the possibility of manufactures making changes which prevents users from changing their firmware is still a real concern. It may not be illegal but if you can't do it, does that really matter?
Re: (Score:3)
Wish I had mod points, I'd bump you up. Nobody actually thought the FCC was going to make hacking your router illegal. It's outside their jurisdiction anyway as long as it doesn't change the electromagnetic emissions. The reality is that the easiest way for a manufacturer to assure compliance is to sign the firmware and lock the hardware to that signature, effectively preventing any firmware modification. If anybody thinks manufacturers are going to take the intentional hard road in the design just so a
Re: (Score:2)
Probably not manufactures in general, but is it really nuts to believe that some still might?
Re: (Score:2)
I expect you will still be able to buy some high end hardware that will be owner friendly. I doubt the cheaper stuff will though.
Re: (Score:3)
The issue is that certain changes - increasing your transmission power - ARE illegal and have long been illegal. The FCC is looking at putting out rules to prevent that from being possible, or at least make it much more difficult.
There are a few cases where increasing your power; as well as operating "out of band" are legal; well..actually....there is one. You can operate a 802.11 wifi device under Part 97 (amatuer radio) if you have an amateur radio license and comply with the other rules of what you can and can't use Part 97 for. There are hams using off-the-shelf WiFi with modified firmware to operate under PArt 97 rules to create wireless networks that can be used by emergency services or for other authorized Part 97 services. O
Re: (Score:2)
Trying to add new protections that guard the firmware is a lot harder than taking away the command that the OS sends to the radio firmware.
The problem isn't the "firmware." One problem is language; people are describing the router OS as "firmware," but it isn't; that is regular software. Being installed on flash drive doesn't turn it into "firmware." But there is a hardware radio, which in most cases has real firmware. Currently, that firmware just does whatever the processor tells it to do. All they have t
Re: (Score:2)
I don't want my router putting out a lot of power. It's more secure if it's not reachable from outside my house. I already use wire where I can.
Vint Cerf knew it would be illegal ... (Score:4, Informative)
And under the provisions of the TPP? (Score:1)
doesnt that limit firmware to authorised versions only...
Re: (Score:2)
I authorize my own firmware.
Re: (Score:2)
It is you who is being disengenuous. We see advertisements on Ebay for items worth - ohhh - fifty bucks. They are advertised for some ridiculous price like $1, plus $100 shipping. The vendor who offered that fifty dollar item gets real close to 100% markup. Are we going to argue that he didn't "sell" the item at a profit?
GP makes a valid point. DIshonest people play with words to make their dishonesty look honest.
Re: (Score:2)
I've kept ledgers. Money in, money out. Accounts receivable, etc ad nauseum.
If PP receives cash in return for body parts, then they've sold body parts. That is the bottom line.
That's like they claim that no federal tax dollars are spent on abortions. Utter bullshit - a huge part of their income comes from taxes. Without the taxes, they couldn't keep their doors open. Keeping their doors open enables them to perform abortions. Bottom line - tax dollars enable PP to perform abortions, despite what thei
What is a router? (Score:1)
So I can't install custom firmware on a piece of hardware I happen to buy. What about using old computers as routers? Running a custom version of Linux. Mostly because there is no "official" software that they could run. Is it now outlawed to use computers that way?
I honestly didn't think the FCC is staffed with people who know as little about computers as the government.
Re: (Score:2)
You can run whatever software you want on a computer, as long as any wifi cards are using official firmware to guarantee that they follow FCC rules.
By making your own computer all you are doing is changing the protocol by which you need to communicate with an FCC controlled device ( TCP/IP -> PCI/PCIE)
It's doesn't matter what kind of software you run on your home made router for the same reason it doesn't matter what software you run on the computers connected to your store bought router.
Re: (Score:2)
So... Just to be obvious, it's all fine and dandy to flash firmware into routers that don't come with WiFi?
Then I guess we should hope manufacturers realize in time that there is a market for such routers. One of the cases where having FEWER features is a feature.
Re: (Score:2)
That's basically what I said 4 postings ago in this subthread. Apparently I should have posted it anonymously to avoid being downmodded...
Re: (Score:2)
So... Just to be obvious, it's all fine and dandy to flash firmware into routers that don't come with WiFi?
I don't see why not. It's not like any firmware you can flash on to a wired-only router is going to ever cause any interference on any broadcast frequencies.
Wired routers are just little embedded computers with 5 integrated NICs
The problem is that the firmware for a wireless router is that it is monolithic. If they had split the firmware into parts (i.e. like one for the wifi controller, and one for the OS), then you should logically be able to flash the OS to whatever you want and keep the wifi controlle
Re: (Score:2)
Careful now. Don't make yourself a target.
Open Source Router Hardware (Score:1)
Re: (Score:2)
It looks like massive overkill. What OS are you using?
Re: (Score:1)
Dear FCC (Score:1)
Dear FCC,
Thanks for telling me that I can do what I'm going to do anyway, regardless of your rules.
Signed,
Router Owner
Re: (Score:2)
They are just trying to keep you safe. Quit being a spoiled child and listen to those who know better than you what's good for you.
Re: (Score:2)
One of our regulars Bruce Perens, has a good writeup on this. You can read his filing here:
http://apps.fcc.gov/ecfs/comme... [fcc.gov]
There was a Slashdot post about it but I didn't look for it. Ah - it was just a few results down so I'll include it:
http://yro.slashdot.org/story/... [slashdot.org]
You can thank him later. At least he tries and he seems to sum things up fairly well.
Re: (Score:2)
Ban Lockdown (Score:1)
Unless firmware lockdown is banned, it will be the result, regardless of what FCC says. If manufactors have to lock one part, in this case wifi power and they never designed their systems to do so, they either have to make major changes, which cost money to develop and produce. It suddenly doesn't become a question how they feel about their hardware being flashed, but more if they can justify the costs to allow it. They likely can't if the competitors just lock their devices.
By forcing the hardware to be fl
Re: (Score:2)
Laws and regulations don't really stop anyone. What they do is establish that they're punishable actions. Laws against murder do not, for example, prevent people from murdering others.
Slashdot says the author doesn't exist (Score:3)
http://hardware.slashdot.org/~Mark+Wilson says "The user you requested does not exist, no matter how much you wish this might be the case."
Vint Cerf, on the other hand, definitely exists, and his and Dave Taht's submission to the FCC pointed out that the problem existed, no matter how much you wish this might not be the case.
FCCing comments not convincing (Score:2)
These FCC comments do not dissuade me from the concern that whether or not that was the intention of the FCC rule-making, the effect will be to lock down router firmware. Locking down the firmware is one of the easiest way to address the FCC's concern. How else are router manufacturers going to prevent modification to the values place in control registers of commodity I/O devices? The processors in these devices don't have the necessary capabilities to lock these parameters down using a virtual machine mode