WiFi routers: from lockdown to lock-open [LWN.net]

By Jonathan Corbet
October 14, 2015

There has been a lot of concern recently that a new set of rules [PDF] from the US Federal Communications Commission (FCC) could lead to locking-down of home router devices. It appears that the worst-case scenario feared by many will not come to pass, but that has not stopped a large, high-profile group of developers from putting together a detailed counter-proposal to the FCC that could change the game entirely. Not content with fending off the lockdown threat, this group seeks to push the pendulum the other way by forcing router software to be open. The result, it is said, would be an Internet that performs better and which is much more secure.

Lockdown worries

The FCC's concern in this area relates to spectrum use, of course. WiFi routers are radio transmitters, so they must abide by the rules on how they can transmit; these include limits on allowable frequencies, maximum power, and more. To gain the required FCC certification, a vendor must demonstrate that a router cannot be operated in ways that violate those rules. Regulatory compliance was used as an excuse for years by WiFi chipset manufacturers that did not want to release drivers or hardware documentation. That excuse has broken down over the years, but, for a while recently, it seemed that the FCC was contemplating a required lockdown of router firmware as a way of ensuring compliance. By some readings of the proposed rules, the installation of distributions like OpenWrt on home routers would no longer be allowed.

Blocking third-party firmware installation would be a clear step backward for a number of reasons. Routers as shipped by vendors are often insecure from the outset and, given that almost none of them ever receive software updates, they all become more insecure over time. Independent router distributions, instead, can be updated to fix security problems; they can also enable all kinds of functionality that was not envisioned or enabled by the original vendor. And free-software distributions, in particular, have been the platform on which a great deal of networking development has been done. Improvements in IPv6 functionality, bufferbloat reduction, and more have been implemented by the free-software community on open routers.

In an attempt to head off a router lockdown, a group of influential developers has filed a letter to the FCC [PDF] calling for the proposed rules to not be implemented. Since the filing of the letter, the FCC has stated that it does not intend to block third-party firmware installation. But the letter goes far beyond simply asking the FCC not to lock down routers; indeed, the FCC has been asked to open them up radically.

New mandates requested

The letter asks the FCC to change its certification requirements for WiFi routers and add a new set of mandates. The first of those is that the source code for the router's "device driver and radio firmware" must be made freely available in a "buildable" form so that this code could be reviewed by outsiders. There is no mention of requiring that this code be made available under a free license, though the rest of the document makes it clear that this is what the authors would prefer. It also does not require that users be able to install modified versions of the software; this was, your editor has been informed, an oversight during the drafting process.

Requiring the release of this code would clearly change the situation for router developers and users. It would bring about an end to binary-blob WiFi drivers, which would be a welcome change indeed. Even if a given driver were to be made available under an incompatible license, clean-room techniques could be used by others to develop a free driver. Opening up the radio software would shine a light into a dark corner of these systems, teaching us a lot about how they work, even if the software could not be replaced. A crucial piece of consumer-level infrastructure would become more open.

The advantages of this openness would be many, starting with the ability to audit the software for security issues and to fix them when they are found. Given the record of vendors in this area, improving the community's ability to provide security support can only be a good thing. The letter, though, asks the FCC to go further and to require the provision of security updates. In particular, any vulnerability with a CVE number that affects a router must be fixed by an update within 45 days of disclosure during the warranted lifetime of the router.

Finally, the FCC is asked to make it clear that lockdown of router devices is not required by its regulations:

Additionally, we ask the FCC to review and rescind any rules for anything that conflict with open source best practices, produce unmaintainable hardware, or cause vendors to believe they must only ship undocumented “binary blobs” of compiled code or use lockdown mechanisms that forbid user patching.

The letter appears over a large number of well-known names, including Dave Täht and Vint Cerf (the principal authors) along with Jim Gettys, David P. Reed, Bruce Schneier, Daniel Geer, Kathleen Nichols, David Farber, Steven Bellovin, Linus Torvalds, Paul Vixie, and many more, including an obscure LWN editor. As a whole, it makes an impassioned case for free-software development as the best path toward high-quality and secure networking software.

Toward a better Internet

As a defense against further lockdown-oriented rules, it is likely to be effective, especially since the FCC is claiming that it does not intend to impose such rules. The mandates may find a more difficult reception, though. There seems to be no doubt that there would be fierce resistance from vendors and manufacturers; overcoming such resistance could be hard in the absence of wider public understanding of the nature of the problem.

To some, an open-routers mandate might actually look like a step backward for security, and for the security of the wireless spectrum in particular. But most users have no desire to run their routers out of compliance; there does not appear to be anything resembling a widespread interference problem caused by modified devices. On the other hand, routers with security vulnerabilities and even deliberate back doors are widespread indeed. Rules that address the latter problem will do far more to ensure that our routers behave themselves than anything aimed at locking down access to the radio hardware.

It would be surprising if this letter to the FCC were to convince them of that point on its own. But one has to start somewhere, and this is a strong start with a lot of big names behind it. With luck, it may just push us toward a world where our networks work better, our hardware is more secure, and routers serve the interests of their owners. That seems like an outcome worth going for.

(Log in to post comments)

WiFi routers: from lockdown to lock-open

Posted Oct 14, 2015 16:37 UTC (Wed) by fhuberts (subscriber, #64683) [Link]

So I gather you sent your better proposal to the FCC? </sarcasm>

At least these people took action and I applaud them for it.
So much so that I signed the letter as OLSRd mesh protocol maintainer.

WiFi routers: from lockdown to lock-open

Posted Oct 14, 2015 16:51 UTC (Wed) by jg (subscriber, #17537) [Link]

We have here a classic market failure, that has continued for more than a decade. FOSS software is a "tragedy of the commons", and end users like all of us and the Internet as a whole, rather than manufacturers bear the costs of rotting firmware. So relying on "the market" to fix it is insanity; somehow vendors must be held to a higher standard than "the market", or it the race to the bottom will continue. At the scale of hundreds of millions of devices, these become a global threat, rather than an individual problem.

WiFi routers: from lockdown to lock-open

Posted Oct 14, 2015 17:51 UTC (Wed) by rahvin (subscriber, #16953) [Link]

Regardless of how you feel about it his main point was the FCC probably doesn't have the legal authority to do so, after which he added his opinion about the matter. He's right, FCC has broad rule making authority on a very strict subset of activities and they have no authority whatsoever outside those carefully delineated responsibilities. Every time they try to exceed their authority they are smacked down in court and it ends up costing the taxpayers. I'd suggest the FCC stick to what it can regulate and ignore the rest unless someone can convince our hugely dysfunctional congress to intervene.

WiFi routers: from lockdown to lock-open

Posted Oct 14, 2015 19:57 UTC (Wed) by smurf (subscriber, #17840) [Link]

There's ample precedence for rulings about L4 through L8 content. Just ask any ham radio operator. No encryption, no commercial traffic, no profanity etc..

WiFi routers: from lockdown to lock-open

Posted Oct 14, 2015 20:12 UTC (Wed) by rahvin (subscriber, #16953) [Link]

The precedence you are referring to is broadcast restrictions which the FCC holds additional authority for, congress has allowed them to regulate content on broadcast mediums to "protect the children" from offensive content.

WiFi isn't going to fall under a broadcast medium any time soon. Wifi has also been exempted from many of the restrictions by the very nature of being under part 15, but also because the FCC considers it point to point not broadcast. Any attempt to regulate it like they do broadcast is going to get the FCC stomped in court.

WiFi routers: from lockdown to lock-open

Posted Oct 14, 2015 18:05 UTC (Wed) by xtifr (subscriber, #143) [Link]

We have here a classic market failure, [...]

A reasonable complaint for the Federal Trade Commission (FTC), perhaps, but this was addressed to the Federal Communications Commission (FCC).

A multi-pronged attack might be a useful thing to pursue in the future, though.

WiFi routers: from lockdown to lock-open

Posted Oct 14, 2015 22:19 UTC (Wed) by smckay (subscriber, #103253) [Link]

Not true. Maybe the FCC doesn't have authority to set prices (except they do, for POTS, so...) but billion-dollar industries exist at its sufferance. Cell phones, broadcast TV, satellite TV, satellite Internet are all directly reliant on the FCC for authorization to exist, in the form of spectrum licenses. Cable is also somewhat under the FCC's purview.

The FCC is charged with managing the EM spectrum for the public good, and often that means commercial use, which means a market. If the use of a particular band isn't benefiting the public, or isn't benefiting the public as much as it could, that's the FCC's business. Whether the cause is market failure or not isn't super relevant.

WiFi routers: from lockdown to lock-open

Posted Oct 23, 2015 4:26 UTC (Fri) by marcH (subscriber, #57642) [Link]

> but billion-dollar industries exist at its sufferance. Cell phones, broadcast TV, satellite TV, satellite Internet are all directly reliant on the FCC for authorization to exist...

... in the US.

WiFi routers: from lockdown to lock-open

Posted Oct 24, 2015 18:15 UTC (Sat) by mathstuf (subscriber, #69389) [Link]

This is probably going to be similar to the US textbook market. California and Texas are such large markets that their education policies have a heavy influence on what is available in the rest of the states since they basically control the templates for the textbooks which get printed. I suspect the US either hosts or is a large enough portion of companies' target markets to influence products available elsewhere.

WiFi routers: from lockdown to lock-open

Posted Oct 24, 2015 20:59 UTC (Sat) by marcH (subscriber, #57642) [Link]

The US won the WiFi standards fight. Cellular/mobile was a very different story.

WiFi routers: from lockdown to lock-open

Posted Oct 14, 2015 18:48 UTC (Wed) by wahern (subscriber, #37304) [Link]

There's no such thing as a tragedy of the commons except on paper. In the real world there are _always_ counterveiling forces against pure, self-interested, coldly rational behavior.

And the question here is not whether there _are_ sufficient such forces at play here to fix the problem[1], but whether there _could_ be within a reasonable time frame. We should try to answer those questions before enlisting the power of the state--at the very least it informs us how we should enlist the state, and how successful the state could be.

It seems to me the reasons firmware rots are 1) upgrading firmware on older hardware is currently quite risky and thus costly, and 2) there's little financial incentive for vendors to invest in the problem. Hypothetically, the former could be addressed by the FOSS community making it easier to upgrade the most at-risk components, and the latter by making upgradeability a marketable feature.

I believe the FOSS community could accomplish #1--doubtless the solutions already exist, they just need some polish. The hard part is #2. But there are models. Contemporary organic food[2] preferences of most consumers are largely based on non-sense promulgated by small groups of activists; and yet those activists and the preferences they've crafted are transforming the largest industries in society. So if we want to be coldly rational about it, we should try learn from successful activists, especially how they appeal to and shape public preferences. Not just activists, but corporations. Look at Apple--while I like Apple hardware and think OS X is pretty neat, most Apple customers' preferences aren't substantiated by knowledge--it's all branding. We need to move beyond the EFF and similar organizations technical arguments, which have had checkered success, and examine how the public makes value judgments in general.

[1] The problem being the general social cost of insecure routers. But let's not forget that for the most part my neighbor's insecure wi-fi router doesn't directly effect me, and the indirect cost is negligible--mostly because his preferences will effect the quality of COTS solutions available to others. Where it does strongly effect me is when a handful of entities--gov't, financial institutions, etc--use insecure infrastructure. So partial solutions might be almost as advantageous as global solutions. For example, it might be more efficient to enlist privacy law to increase the the cost of insecure infrastructure and thus drive demand for better solutions that way, rather than simply mandating particular technical solutions. (I'm not a fan of European-style privacy rights--like most Americans I happen to place more value on free speech and transparency--but I'm cynical enough to accept leveraging the debate for other benefits.) We should always remember that many technical mandates can and will be worked around, especially when there's a strong financial incentive to do so, diminishing the benefit of the mandate.

[2] To be clear some organic preferences are sound, and some debatable. But if we're being honest, most of the preferences that have been internalized and expressed by the public are pretty much irrational on their face.

WiFi routers: from lockdown to lock-open

Posted Oct 14, 2015 19:04 UTC (Wed) by pizza (subscriber, #46) [Link]

> There's no such thing as a tragedy of the commons except on paper.

The real world would strongly disagree with your assertion.

> In the real world there are _always_ counterveiling forces against pure, self-interested, coldly rational behavior.

If by "counterveiling forces" you mean "something else comes along and renders the whole thing moot", I might agree with you. Microsoft won the BSD wars, after all.

WiFi routers: from lockdown to lock-open

Posted Oct 22, 2015 9:11 UTC (Thu) by Wol (guest, #4433) [Link]

> > There's no such thing as a tragedy of the commons except on paper.

> The real world would strongly disagree with your assertion.

Actually, as it is commonly understood, there really is no "tragedy of the commons". In a LOCAL market, the LOCALS manage resources very successfully. Yet as commonly understood, the tragedy of the commons is when the commons is destroyed by insiders for short term gains.

The term comes from the enclosure of the English commons. As London grew and food needed to be brought in, the local gentry realised that if they could get more land, they could make big profits shipping food. So, contrary to naive expectation, enclosure started CLOSE to London and spread outwards.

Likewise, the Scottish Lairds realised they could make more money raising and selling sheep, than by charging rent to the peasants on the land.

In both cases, the tragedy was driven by EXTERNAL forces.

Like in Africa too - the big city politicians saw all these nomadic people and thought "this should be farmland". So they enclosed it, gave some of to the nomads, and most of it to their cronies - who promptly overfarmed and desertified it! Again, EXTERNAL forces.

The tragedy of the commons is just a normal power-play, where outsiders come in, think they know best, impose their version of how things should be, and it almost invariably goes badly wrong because they don't have a clue ...

Cheers,
Wol

WiFi routers: from lockdown to lock-open

Posted Oct 28, 2015 9:12 UTC (Wed) by pjm (subscriber, #2080) [Link]

> where outsiders come in, think they know best, impose their version of how things should be, and it almost invariably goes badly wrong because they don't have a clue ...

Can we get back to discussing what to tell the FCC to tell router manufacturers what they should be doing?

WiFi routers: from lockdown to lock-open

Posted Oct 14, 2015 19:44 UTC (Wed) by klbrun (subscriber, #45083) [Link]

One reason organic food activists are able to get the public's attention is that they wave a big stick called "cancer." I'm not sure we can use that with routers.

WiFi routers: from lockdown to lock-open

Posted Oct 14, 2015 20:16 UTC (Wed) by Cyberax (✭ supporter ✭, #52523) [Link]

Just tell public that closed software causes "toxins". No need to explain what it is.

Hey, it worked for organic food!

WiFi routers: from lockdown to lock-open

Posted Oct 28, 2015 18:52 UTC (Wed) by markhahn (subscriber, #32393) [Link]

"toxins" also gave us colon cleansing ;)

WiFi routers: from lockdown to lock-open

Posted Oct 14, 2015 21:10 UTC (Wed) by dskoll (subscriber, #1630) [Link]

In the real world there are _always_ counterveiling [sic] forces against pure, self-interested, coldly rational behavior.

Yes, but in the real world a lot of those countervailing forces are government regulations---at least those countervailing forces that have any effectiveness.

WiFi routers: from lockdown to lock-open

Posted Oct 15, 2015 9:39 UTC (Thu) by NAR (subscriber, #1313) [Link]

The problem is: making firmware open source doesn't make the devices magically more secure. Even making them easier to upgrade doesn't make them more secure. These devices are "setup once, forget that it even exists" type from most consumer's point of view. I don't upgrade my refrigerator or microwave oven on patch Tuesdays, similarly I don't want to upgrade my router or cable modem. What could increase security is automatic updates - however, those who want open source firmware for control over the device would detest the automatic upgrades...

WiFi routers: from lockdown to lock-open

Posted Oct 15, 2015 13:00 UTC (Thu) by dskoll (subscriber, #1630) [Link]

Automatic updates that you can opt out of would be a reasonable compromise. Most consumers wouldn't know or care about opting out and the few who do care because they want custom firmware presumably are more savvy than average and are more likely to keep on top of security fixes. Even if they don't keep on top of things, there will be far fewer of them to damage the ecosystem than if no-one had automatic updates.

WiFi routers: from lockdown to lock-open

Posted Oct 20, 2015 19:08 UTC (Tue) by erwbgy (subscriber, #4104) [Link]

The problem with automatic upgrades is that if the keys to push the upgrades were to be stolen then it would be possible to push out malicious software to a large number of devices. And if it were not possible to somehow update these devices then users would have no other option but to switch them off, if they even noticed that there was an issue.

WiFi routers: from lockdown to lock-open

Posted Oct 20, 2015 19:12 UTC (Tue) by mjg59 (subscriber, #23239) [Link]

If your keys aren't in an HSM then you're doing it very wrong

WiFi routers: from lockdown to lock-open

Posted Oct 22, 2015 9:15 UTC (Thu) by Wol (guest, #4433) [Link]

The problem is that it is currently very easy for a malicious actor to push out updates to a large number of devices RIGHT NOW.

So no change there, then.

At least if we have updates, the ISPs can then block routers which have been compromised or not updated and we have some sort of stick to make people care (not that that's what we want to do, it's what we may have to do). Oh - and many people have their routers supplied by their ISPs, so they can do bulk updates and/or replaces, as required.

Cheers,
Wol

WiFi routers: from lockdown to lock-open

Posted Oct 23, 2015 4:49 UTC (Fri) by marcH (subscriber, #57642) [Link]

> Contemporary organic food[2] preferences of most consumers are largely based on non-sense promulgated by small groups of activists;

Organic food preferences are driven by recurrent food scandals. Whether such scandals are blown out of proportion or not (and unlike you I won't pretend I know either way[*]) they're effective anyway because human beings react to emotions and not to proportions or any other kind of number. Numbers are just too abstract. One interesting exception: money. Money is about numbers... and about emotions even more.

Whether some important change happens through regulation or free market forces, it's always rooted in people's emotions either way. In other words, in democracies not much will change as long as John Doe doesn't give a sh*t about his Wifi router. Try some scandal?

[*] except for induced sugar addiction and obesity; this scandal doesn't even need to be blown out of proportion.

WiFi routers: from lockdown to lock-open

Posted Oct 19, 2015 3:01 UTC (Mon) by zblaxell (subscriber, #26385) [Link]

> Of concern to the FCC, by statute, are all things L1/L2 involving RF: binary blobs for SDR, binary blobs for MAC, etc.

Very little purpose-built AP hardware in the field today is this clean.

L1/L2 binary blobs are stored on flash in a filesystem, loaded into RAM and validated by the host CPU running way above L2. To regulate L2 is to regulate all of the layers above L2 that touch code on its way from persistent storage into the CPU of L2 hardware. Open source people don't want the higher layers locked to protect L2, but if the higher layers are not locked then L2 is (in theory) accessible to unqualified users.

L2 CPUs sometimes have unfettered read/write access to all the RAM in the system. Why hack a two-month-old Linux kernel running all the latest CVE mitigations when there's a five-year-old binary RF blob that can read out all the secret keys and install implants? This is probably where the request for mandatory CVE updates is coming from. Open source upper-layer people want L2 to protect the higher layers from attacks from below, and if the vendors won't do it (which they won't), then the open source people want to handle L2 themselves.