This site may earn affiliate commissions from the links on this page. Terms of use.

Commissioners of the FCC (2014)

For more than than a decade, consumers accept been downloading and installing open-source firmware packages for various popular routers. New rules proposed by the FCC could sharply curtail or eliminate that freedom thanks to a serial of provisions that mandate locking down the device's radio and preventing any modifications to its pre-approved settings.

Users may flash to open-source firmware for whatever number of reasons. Sometimes a router has a previously-unknown bug or security flaw, and the manufacturer has either abased the device or refuses to issue a gear up in a timely manner. Sometimes users may want additional settings and capabilities that aren't provided by whatever options the manufacturer has chosen to install. In some cases, these features are restricted because the visitor wants to sell them as part of a high-terminate router, even if the underlying hardware betwixt the two models is completely identical. Either way, modifying radio settings like transmit power or using unauthorized channels is just one affair that users' do.

The FCC's proposed rules governing software requirements for U-NII (Unlicensed National Information Infrastructure) 5GHz band, withal, could end these options altogether. Hither's why: In a contempo revision to its rules governing the 5GHz spectrum, the FCC ordered that 5GHz devices "exist secured to preclude its modification to ensure that the device operates equally authorized thus reducing the potential for harmful interference to authorized users."

The certificate goes on to note that applicants must demonstrate that just authenticated software is loaded and operating the device and that "the device is non hands modified to operate with RF parameters exterior of the authorization." So far, none of this is actually big news. The concept of authenticating or validating software isn't intrinsically anti-consumer.

The problem, in this instance, is in the footnotes. The FCC'southward document notes that many devices rely on unacceptably weak security, including "those that rely solely on the distribution of firmware in compiled binary course without whatsoever form authentication or verification between the device and entity sending the firmware. These implementations are typically susceptible to device ' flashing' with tertiary-party firmware or software capable of operating the device exterior of its authorization."

Then, a little later on, in that location's this gem:

FCC

Past specifically calling out DD-WRT equally an example of an unacceptable security chance, the FCC has effectively put modders on notice. Many in the customs are concerned that while the FCC's security rules technically simply apply to radios, they'll be used to lock downwards entire devices. Modernistic routers are congenital around SoCs, not discrete chips or separate operating systems. It may be possible to lock out certain radio controllers while allowing the router firmware to exist modified in other means, but it's non the unproblematic solution — and if router manufacturers are known for annihilation, it's for choosing the unproblematic solution. This could cause huge problems for other firmware packages as well, such as Tomato or OpenWRT.

The flaw in the FCC's reasoning is thinking that the ability to modify the modem settings in a manner which may cause express, short-range interference (5GHz wireless signals attenuate rapidly, which makes long-altitude problems much less of an issue) is the primary goal of most modders. I've flashed every router I've e'er owned, mostly for security updates, but occasionally to gain better firewall control, more wireless settings, or better administrative options. The FCC's proposed rules need to be changed to adapt these valid uses.