NordVPN Promotion

Home / News

Experts Propose Plan for More Secure Wi-Fi Devices

Over 260 global network and security experts have collectively responded to the newly proposed FCC rules laid out in ET Docket No. 15-170 for RF Devices such as Wi-Fi routers by proposing a new approach to improve the security of these devices. The letter warns FCC ruling will cause more harm than good and risk a significant overreach of the Commission’s authority. More specifically, “the rules would limit the ability to upgrade or replace firmware in commercial, off­the­shelf home or small­business routers.”

To improve accountability significantly while keeping the original intent of the regulation, the signatories, including Dr. Vint Cerf, Dr. Paul Vixie, Dr. Sascha Meinrath, Dr. Nick Feamster, Jim Gettys, Dr. David P. Reed, Dr. Andreas Petlund, Jeff Osborn, and other well-known industry experts, recommend the FCC mandate the following actions:

  1. Any vendor of software-defined radio (SDR), wireless, or Wi-Fi radio must make public the full and maintained source code for the device driver and radio firmware in order to maintain FCC compliance. The source code should be in a buildable, change-controlled source code repository on the Internet, available for review and improvement by all.
  2. The vendor must assure that secure update of firmware be working at time of shipment, and that update streams be under ultimate control of the owner of the equipment. Problems with compliance can then be fixed going forward by the person legally responsible for the router being in compliance.
  3. The vendor must supply a continuous stream of source and binary updates that must respond to regulatory transgressions and Common Vulnerability and Exposure reports (CVEs) within 45 days of disclosure, for the warranted lifetime of the product, or until five years after the last customer shipment, whichever is longer.
  4. Failure to comply with these regulations should result in FCC decertification of the existing product and, in severe cases, bar new products from that vendor from being considered for certification.
  5. Additionally, we ask the FCC to review and rescind any rules for anything that conflicts with open source best practices, produce unmaintainable hardware, or cause vendors to believe they must only ship undocumented “binary blobs” of compiled code or use lockdown mechanisms that forbid user patching. This is an ongoing problem for the Internet community committed to best practice change control and error correction on safety-critical systems.

“The Internet is now effectively a battleground with end-users, our employers, our schools and our vendors on one side, and organized crime and nation-states on the other side. Our home gateways are often repurposed by our adversaries into weapons against us because these small, cheap plastic boxes are unpatchable, abandoned by their makers, and completely opaque. These devices are currently the Internet’s public enemy #1. The plan proposed would significantly decontaminate our technology supply chain,” said Dr. Paul Vixie, CEO of Farsight Security, Inc.

NORDVPN DISCOUNT - CircleID x NordVPN
Get NordVPN  [74% +3 extra months, from $2.99/month]
By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under

Comments

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

Related

Topics

New TLDs

Sponsored byRadix

IPv4 Markets

Sponsored byIPv4.Global

DNS

Sponsored byDNIB.com

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

Cybersecurity

Sponsored byVerisign

Brand Protection

Sponsored byCSC

NordVPN Promotion