|
|
Subscribe / Log in / New account

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

[Posted March 12, 2016 by corbet]

Ars technica reports that TP-Link will block the loading of third-party firmware on its routers, citing new US Federal Communications Commission rules. "The FCC says it doesn't intend to ban the use of third-party firmware such as DD-WRT and OpenWRT; in theory, router makers can still allow loading of open source firmware as long as they also deploy controls that prevent devices from operating outside their allowed frequencies, types of modulation, power levels, and so on. But open source users feared that hardware makers would lock third-party firmware out entirely, since that would be the easiest way to comply with the FCC requirements."
to post comments

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 12, 2016 10:48 UTC (Sat) by Wol (subscriber, #4433) [Link] (5 responses)

And then someone writes a worm that turns a "stock firmware" router into a doorstop ...

and TP-link won't provide updates and the user can't provide updates ...

Not advocating that somebody actually does that, but it would be a quick-n-easy demonstration of the insanity of this approach.

Cheers,
Wol

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 12, 2016 11:11 UTC (Sat) by ledow (guest, #11753) [Link] (4 responses)

But...

If the manufacturer isn't supporting it
and
You can't do anything to modify it.
and
There's a critical problem with it.

Doesn't that just mean people will throw it in the bin and buy better next time? From a manufacturer that allows third-party updates, or one that gives updates long after the product is dead? I'm not at all sure why you'd want to be using a device that's out of support, and has a critical problem, anyway, never mind if you can't modify it yourself. Into the bin with it.

This is the reason that I much prefer the "modem + home built-router + separate wireless AP" setup that I've been using for years. They are each running only the necessary parts so rarely have such critical flaws (they spend their lives mostly just passing packets between different physical layers!). When something breaks, gets old, goes out of support, you can buy just the upgraded/replacement part cheaply and easily. Nothing on the user-end changes.

And you can do all the important stuff (i.e. complex protocol and security handling, VPN, TLS, etc.) on an actual, physical machine under your control (I used Linux desktops for this for many years, nowadays a VM will do just as well).

I don't see this as a big deal. TP-Link sell lots of good hardware. By the time the wireless protocol is out of date, you're dead in the water anyway. By the time it needs an upgrade to support more local LAN links at Gigabit, same. By the time the WPA, or VPN, or even just IPv6 support has a serious bug, the thing is old junk and probably doesn't keep up with your ISP's latest offerings any more.

I don't see it as a huge deal, to be honest. Anyone with concerns can replace functions with hardware that can be updated and under their control whenever they like.

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 12, 2016 23:36 UTC (Sat) by job (guest, #670) [Link] (2 responses)

The more people that throws them away and buys a new one, the more money for the manufacturers. They only make money at the moment of purchase. The worse crap they peddle the better off they are. Even if everyone would switch manufacturer every time, which they don't, that's not a problem as long as you stick to the established brands.

(A few tips on top of that: put a sticker that advertises some high number in megabits, and put it is a plastic shell that looks like sci fi movie toy. That sells.) It's a game theoretic problem. You'd be pretty stupid to stay out of this loop and sell quality gear to the cost-conscious market. It would be really hard and you wouldn't make any money long term.

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 13, 2016 21:12 UTC (Sun) by Wol (subscriber, #4433) [Link]

> The more people that throws them away and buys a new one, the more money for the manufacturers. They only make money at the moment of purchase. The worse crap they peddle the better off they are. Even if everyone would switch manufacturer every time, which they don't, that's not a problem as long as you stick to the established brands.

Question is, how fast does the worm appear :-) If the product is replaced every six months, and wormed shortly after, it's still in warranty ...

Cheers,
Wol

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 15, 2016 7:50 UTC (Tue) by oldtomas (guest, #72579) [Link]

> The more people that throws them away and buys a new one, the more money for the manufacturers.

Exactly. This is a worrying trend: there's a collusion[1] between regulators and manufacturers which can only be to the detriment of the user.

Ledow says "people will buy another, better one" -- but at that point in time there possibly won't be a "better one". Why should a router manufacturer read the FCC in a different way than "lock down the firmware and throw away the keys"?
It's the path of least resistance and it goes with (most) manufacturer's culture.

And when competing in price it's most probably an advantage too.

[1] It may be a "collateral collusion" or a downright conspiracy, it doesn't matter. The fact is, it's there, be it DRM, be it "customer control" be it, as above, making hardware disposable when it shouldn't be.

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 21, 2016 5:08 UTC (Mon) by cas (guest, #52554) [Link]

This is exactly why i have my ADSL modem in bridged mode and use pppoe on my linux gateway/firewall to handle the connection to my ISP, as well as iptables, fail2ban, dhcp, DNS, NAT, postfix, squid, apache, ipxe and tftp (for netbooting debian installers and rescue images like clonezilla) and many other services accessible to either my LAN or the internet or both.

It's also why I have a wifi card in the same box and run hostapd to act as a wifi access-point.

It's more work than buying and using an off-the-shelf modem or router as-is, but it's a lot more secure, it will keep on getting updates for as long as debian exists, and it doesn't have any backdoors installed by the modem manufacturer or the ISP (or the NSA or the Chinese government etc). Even if debian disappears one day (extremely unlikely) there will be other linux distros to use....or whatever replaces linux.

It is, however, much less work than installing and maintaining OpenWRT or DD-WRT etc on some tiny little under-powered, under-resourced modem/router box...very few (none or almost none) of which have ADSL interfaces supported by the linux kernel, anyway.

If I could find a PCI or PCI-e ADSL card at a reasonable price (i.e. $50 or so rather than the $600-ish that they were last time I looked), I'd get rid of the modem too. When/if FTTP becomes available to my area, I will get rid of it and just use an ethernet connection to the FTTP port, instead of an ethernet connection to my adsl modem (eth1, dedicated to just that connection, with pppoe running over it).

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 12, 2016 11:03 UTC (Sat) by callegar (guest, #16148) [Link] (6 responses)

Doesn' t this also imply that it must be forbidden to bring this kind of devices across borders? Because, as is, if one brings an EU device to the US or vice versa there is nothing he/she can do to tune the device to the local regulations.

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 12, 2016 13:04 UTC (Sat) by jeff@uclinux.org (guest, #8024) [Link] (5 responses)

And, as it turns out, yes it is actually illegal to use a router that transmits on frequencies not allowed in your country, but legal elsewhere. The 'channels' which are legal do vary slightly, and more generally regulatory approvals of all sorts are not applicable outside of the region that they are issued for, as a rule.

If you attempted import, and it was inspected, likely to happen if you import commercially, since they will check it is registered (with the FCC, if you are a USAian), you would indeed be stopped from doing so. Imagine that.

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 12, 2016 16:11 UTC (Sat) by callegar (guest, #16148) [Link] (4 responses)

In fact, I am using in the EU a wifi router that was bought in the US. By being able to tweak the wireless params, I can assure that the device operates in full agreement with my national regulations. Otherwise, this would be impossible.

I wonder what is going to happen with laptops or mobile phones. Almost any mobile phone or laptop can now work as a WIFI AP. If one brings a phone to the US from abroad, it may well be possible that it works in AP mode using frequencies/power combinations that are illegal in the US and the same goes with a laptop.

Hence, either:

- the manufacturer makes the user able to tweak the region code. This assumes that it is the user responsibility and not the manufacturer responsibility to be in compliance with the local regulations, making the firmware locking completely unnecessary. Yet it does not seem acceptable under the current FCC rules;

- the manufacturer restricts all devices that may move across borders to only operate in the common subset of all world regulations, taking a hit in performance; or

- the manufacturer tries to implement some automatic resolution of the region the device is in. This may be possible in some cases. E.g., a mobile could decide based on its GPS or phone roaming state. However, it may be problematic for a laptop.

Does anyone has some clue about what is going to happen with these devices?

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 12, 2016 19:11 UTC (Sat) by Sesse (subscriber, #53779) [Link] (3 responses)

The access point broadcasts what regulatory domain it is in (so-called 802.11d world mode). Almost all clients support it.

Now, I have seen plenty of access points that send out the wrong values in that field, of course...

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 12, 2016 22:57 UTC (Sat) by hummassa (subscriber, #307) [Link] (1 responses)

> Now, I have seen plenty of access points that send out the wrong values in that field, of course...

That's because those frequencies are almost always clean, so the "bad guys" have better wifi connections.

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 12, 2016 23:08 UTC (Sat) by Sesse (subscriber, #53779) [Link]

No, it's incompetence. I don't think I've seen a case yet where it meant they could use a different channel.

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 12, 2016 23:43 UTC (Sat) by callegar (guest, #16148) [Link]

Yes, but:

1) I think 802.11d is being discontinued in the US. I believe that the new rule is that if sold in the U.S. the client module must be configured for U.S. use only. Which makes it by definition non-compliant if taken out of the US. Will this be applied also to phones, laptops?
2) Even with 802.11d, a device taken from country A to country B, when switched on as an AP in country B could believe that it is still in country A, because it might not get data from other APs providing regdomain info (e.g. in the particular place there might not be any).
3) As noticed by other, it is frequent that APs broadcast wrong regdomain info anyway.

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 12, 2016 11:17 UTC (Sat) by magnus (subscriber, #34778) [Link] (3 responses)

What if a router was made that had an independent watchdog that checked the spectrum generated by the software radio and shut down transmission within X milliseconds if it violated. Then you could load any firmware and be sure it's always within spec.

Would have made sense also for the commercial devices, commercial software isn't exactly bug free. But I guess that adds cost and power consumption.

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 13, 2016 1:38 UTC (Sun) by rahvin (guest, #16953) [Link] (2 responses)

To comply all they need to do it run the radio in it's own separated low level process that communicates with the OS via a protocol like the old modem AT commands, just like they do on cellphones. This is a solved problem, locking users out of the OS is just stupid.

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 13, 2016 8:13 UTC (Sun) by JdGordy (subscriber, #70103) [Link] (1 responses)

So you'd be happy with a NSA sponsored binary blob (the baseband processor) with full memory access to the AP hardware (all your network traffic)?

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 13, 2016 17:15 UTC (Sun) by flussence (guest, #85566) [Link]

What makes you more happy with this current reality where they have the whole box?

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 12, 2016 21:55 UTC (Sat) by flussence (guest, #85566) [Link] (5 responses)

Does TP-Link not use CRDA like the rest of the world does? Are they inadvertently admitting that their hardware is already capable of doing illegal things by not supporting the standard Linux kernel mechanism of limiting radio output, and that they're Tivoizing it to sweep this under the rug? Hmm.

Whether or not TP-Link is guilty of gross negligence (an embedded manufacturer doing something correctly? pah!), this is still basically an announcement that their products are inferior to their competitors'. Until those make the same PR blunder.

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 12, 2016 22:32 UTC (Sat) by luto (guest, #39314) [Link] (4 responses)

> Does TP-Link not use CRDA like the rest of the world does? Are they inadvertently admitting that their hardware is already capable of doing illegal things by not supporting the standard Linux kernel mechanism of limiting radio output, and that they're Tivoizing it to sweep this under the rug?

Huh? CRDA is purely a software protection.

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 13, 2016 17:03 UTC (Sun) by flussence (guest, #85566) [Link] (3 responses)

It was my understanding that CRDA acts as a *whitelist* of allowed frequencies on top of the restrictive “worldwide” region the kernel sets by default, and that's the only robust way to do it (short of spying on users with GPS hardware to enforce region lockout).

The alternative is that TP-Link circumvents all that free regulatory compliance that's been handed to them on a platter, and has a homegrown chain of authority from some insecure HTTP/CGI crap to the hardware registers that control the frequency.

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 13, 2016 19:54 UTC (Sun) by luto (guest, #39314) [Link] (2 responses)

But it's almost entirely irrelevant. CRDA *in OpenWRT* checks compliance. OpenWRT could remove it.

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 15, 2016 19:02 UTC (Tue) by khim (subscriber, #9252) [Link] (1 responses)

And you could take screwdriver, remove shielding from some component and voila: device with violation of FCC rules.

If screws are considered robust enough protection against such abuse then why some simple checks which could be bypassed with some knowledge in firmware are not enough?

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 17, 2016 23:49 UTC (Thu) by magnus (subscriber, #34778) [Link]

Good point. If physical modification is "force majeure" they could just have a switch on the PCB to allow custom firmware that you need to open the device (and maybe break some "warranty void" sticker or whatever) in order to toggle. Assuming that these regulations follow the laws of logic of course, which may not be guaranteed. :)

How is a router different from any other Linux-based device or computer?

Posted Mar 13, 2016 17:32 UTC (Sun) by moxfyre (guest, #13847) [Link] (4 responses)

I thought CRDA had cleared up all this nonsense years ago... ugh.

Do the FCC rules make any distinctions between WiFi access points and WiFi client devices? Is there some other reason why home routers would be affected by these changes, but laptops and phones and other devices would not be?

How is a router different from any other Linux-based device or computer?

Posted Mar 14, 2016 1:07 UTC (Mon) by pizza (subscriber, #46) [Link] (3 responses)

The FCC doesn't care; any device capable of operating at a given frequency band needs to follow the rules.

But from an 802.11 perspective, clients simply won't transmit on any channel they don't hear a beacon on first. If they hear an access point, the presumption is that it is a valid operational channel.

How is a router different from any other Linux-based device or computer?

Posted Mar 14, 2016 6:53 UTC (Mon) by callegar (guest, #16148) [Link]

The issue is that no device wants to be a client only this days. All laptops and all mobiles can behave as access points.

How is a router different from any other Linux-based device or computer?

Posted Mar 14, 2016 8:44 UTC (Mon) by pbonzini (subscriber, #60935) [Link] (1 responses)

The problem is how an access point itself decides on which channels to broadcast.

How is a router different from any other Linux-based device or computer?

Posted Mar 15, 2016 14:54 UTC (Tue) by callegar (guest, #16148) [Link]

This is why I see the coming of laptop or phones with no AP functionality at all or with such functionality restricted to a specific country (in hardware or via firmware signatures). The ban of USB wifi dongles with AP functionality might be next, since it would be too easy to deploy a 5$ USB wifi dongle bought on from another country to circumvent the rules on a laptop or a router.

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 14, 2016 0:02 UTC (Mon) by DaleQ (subscriber, #4004) [Link] (1 responses)

It seems the left hand of the FCC doesn't know what the right hand of the FCC is doing.
How can the FCC be simultaneously worried about interference from consumer devices while at the same time allowing LTE-U?
http://arstechnica.com/information-technology/2015/08/ver...

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 14, 2016 1:28 UTC (Mon) by dps (guest, #5725) [Link]

My 802.11{b,g,n} wireless access point *was* made by TP-LInk, The out of the box firmware allowed me to tell it where I lived, which I had to set to comply with the local spectrum restrictions. If I had not told it that I lived somewhere outside america then I might have used frequencies I should not be using.

I can see why TP-Link took the approach they did. If the reason you can't use those unapproved frequencies is not a fundamental limitation of the radio then complying with FCC rule by fixing that would require a redesign (and presumably re-FCC approval, re-EU radio authority approval, etc). It might also cost slightly more to add restrictions to the radio, which would be undesirable in the highly competitive low margin consumer electronics market.

One could argue that the FCC should be focusing on people not using power levels and frequencies they should not be using, instead of the devices which they use to do that.

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 14, 2016 19:20 UTC (Mon) by cwillu (guest, #67268) [Link] (1 responses)

> UPDATE: DD-WRT developer Sebastian Gottschall doubts whether TP-Link is actually blocking third-party firmware.
>
> "TP-Link has not blocked the firmwares in any useful way," Gottschall told Ars. "Just the firmware header has been a
> little bit changed and a region code has been added. This has been introduced in September 2015. DD-WRT for instance
> does still provide compatible images... in fact it's no lock."

TP-Link blocks open source router firmware to comply with new FCC rule (ars technica)

Posted Mar 14, 2016 21:13 UTC (Mon) by edgewood (subscriber, #1123) [Link]

Yes, but the next paragraph in the update is: "But as we noted earlier, TP-Link's FAQ says the new regulation does not apply to routers produced before June 2016, so the company may be planning further restrictions."


Copyright © 2016, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds