FCC Says Foreign-Made Routers Can Get Updates Until 2029 (darkreading.com) 75
The FCC has softened its ban on foreign-made consumer routers, allowing vendors to keep issuing broader software and firmware updates for devices already in use in the U.S. through at least January 2029. Dark Reading reports: Under the original FCC ruling, foreign manufacturers were permitted to provide only limited maintenance and security patches to US customers through March 2027. In a public note (PDF) on May 8, the FCC extended that deadline to at least January 2029 and also expanded the scope of permissible updates. The FCC will now allow foreign manufacturers to provide not just minor security fixes and changes, but also more major software and firmware updates that could affect router functionality, which previously required additional FCC review. The agency described the revisions as intended to ensure the continued safety of already deployed foreign-made consumer routers in the US. "The FCC likely issued this revision in response to the operational realities of network security and the slow pace of equipment replacement," says Jason Soroko, senior fellow at Sectigo. "Replacing millions of embedded devices across national infrastructure requires immense time and capital, and abandoning existing systems to a completely unpatched state would create an immediate vulnerability."
"This waiver significantly alleviates the most pressing fears tied to the initial ban by preventing a sudden and dangerous security vacuum," added Soroko.
"This waiver significantly alleviates the most pressing fears tied to the initial ban by preventing a sudden and dangerous security vacuum," added Soroko.
Time (Score:5, Insightful)
That leaves plenty of time to change their mind yet again when they realize that the people least likely to replace their 3+ year old router are also the people most likely to own a foreign router.
Throw in a a little corporate lobbying and a FCC leadership change after a presidential election, that'll be just about the right amount of time to pass the buck off to someone else.
Re:Time (Score:4, Interesting)
My fiber ISP places TP-Link routers in the home. Millions of routers installed by ISPs are going to need replaced too.
Re: Time (Score:5, Insightful)
Not after the bribes are paid.
Re: (Score:2)
What to do with all of that Trump coin?
Re: (Score:3)
Re: (Score:2)
Which American made routers are those? Which American made router should I recommend for my elderly mother?
Re: (Score:2)
Obviously she needs to get Starlink, it's the American way. Heil Musk!
Re: (Score:2)
Re: (Score:3)
Perhaps installing OpenWRT is the answer here? I just checked their table of hardware and see that in TP-Link's case almost 200 routers are supported.
Re: (Score:2)
Re: (Score:2)
ISP Routers are typically locked such that the end user update the firware. And if they could the process is often extremely difficult for even technically minded people.
In some cases the ISP installs very specific software to do other things.
Example: In Australia Telstra issues routers that create and entire second network on the router. Which allows them to setup roaming wifi connections that the ISP subscriber can use. So a subscriber can walk around town and never lose their wifi. As the simply a
Re: (Score:2)
Spectrum tried that crap with me about 10 years ago. The first thing I do when a new router is installed by an ISP is to go in and change the default password. From there I may go through settings and change other things as I see fit. The last time Spectrum installed a new router I could not access it (they changed the login credentials but did not supply me with them). When I called to get access they told me I was not allowed. I informed them that I would be reporting this behavior to my state's AG and wa
Re: Time (Score:2)
Re: (Score:3)
If you set your edge device up in a layer 2 bridging state, is it still a "router"?
I have always reconfigured my ISP provided equipment into this state so that my equipment can do the actual routing.
Re: (Score:1)
If you set your edge device up in a layer 2 bridging state, is it still a "router"?
I have always reconfigured my ISP provided equipment into this state so that my equipment can do the actual routing.
The FCC's asserted authority is contingent on certifications for the wireless radios. They can't do shit if there is no radio.
Re: (Score:2)
Re: Time (Score:2)
This will get kicked down the road again, just like RealID (so important to airline security after all) was kicked down the road 20+ years.
Re: Time (Score:5, Informative)
Re: (Score:2)
I was about to make a comment that you had to prove you are a US citizen to get a RealID, but then found that it is for identity only, not citizenship.
https://factually.co/fact-chec... [factually.co]
"The REAL ID regime sets federal minimum standards for state-issued driver’s licenses and ID cards and requires applicants to present documentary proof of identity and lawful status, but the card itself does not definitively prove U.S. citizenship because compliant REAL IDs may be issued to noncitizens with lawful presen
Re: (Score:2)
Here's a fun fact, there's a clearing house colloquially known as the "federal hub" where your name, DOB, SSN, and ID numbers can be rubbed together and your citizenship verified in seconds if you're well-documented. It takes longer to verify noncitizen status, but citizenship is stupidly easy to verify once identity has been verified, and registered noncitizens are required to carry their citizenship documents anyway... authorization to work, legal permanent resident card, passport, etc etc. Those are also
Re: (Score:2)
Don't most people just use the router that their ISP provides them? This seems like this is more of a issue for the ISP's to resolve than an issue for your average consumer to resolve. They'll just buy the latest Netgear from Amazon, or from whatever other companies decided to pay the new FCC certification bribes.
Re: Time (Score:2)
Re: (Score:2)
Throw in a a little corporate lobbying and a FCC leadership change after a presidential election
I have a feeling this is the goal. Declare a policy that will take effect right after it is anticipated the next guy will reverse a policy. Pander to the current leadership while making sure this braindead fucking idea doesn't get off the ground.
Re: (Score:2)
There is a shitload of extraordinarily nasty things in the big beautiful bill that are going to hit lik
Re: (Score:2)
It's also conveniently into the next President's term, who can cancel this nonsense.
Ban on updates?! And more distinctions without ... (Score:3)
... a difference. What's the fear here, that they might be using your router maliciously? They might introduce some payload to attack your internal network or something similar? Aren't these already illegal, like in federal pound-me-in-the-ass illegal (well, to the extent you can prosecute some foreign state-backed actors)?
What's this going to do, the ones doing the update already have a backdoor (or a front door if you wish). This is just potentially leaving other doors open.
Also, all this small and big and feature versus bug fix ... why all the bother? Of course they can say any update is of any kind they'd like to say. I've got from much bigger vendors update after update with some nondescript (paraphrasing here) "fixing some issues" that it makes everything just for show.
Re: (Score:1)
Re: (Score:2)
How many of these companies will bother making updates for US models after they get banned from sale anyway?
Re: (Score:2)
I had a TP-Link device up until around 2019 but then stopped using DSL and had to buy something new, this means I have no idea about their products nowadays.
A couple of questions: are US models different to - say - Canadian or Mexican models? If they are the same, is there going to be a "Greatest wall of MAGAland" to block updates and enforce geo-fencing?
Re: (Score:2)
Often the hardware is the same, but they have software locks in place to e.g. stop you using WiFi bands that are not legal in the US. On top of that they have to provide support for new firmware, and TP Link often replace devices that are out of warranty but which were bricked by a firmware update.
maybe next time (Score:4, Insightful)
Re: (Score:1, Troll)
well yeah; but lets look at where we are now. Nobody is make domestic routers because you CAN'T for structural reasons complete with foreign ones.
There are exactly two ways to make domestic router production happen.
1) Defense production act, go all command economy compel some company with domestic electronics manufacturing plant they are going to produce routers. Good luck because it isnt just you with a PCB layout kit, and you there with the injection molding machine, hop to it. It is also design the th
Re:maybe next time (Score:5, Insightful)
Which one of these is the Ayn Rand laissez-faire capitalism choice? #3, right? Certainly can't be #1 or #2. Funny how free markets get abandoned the moment nationalism is the priority.
"While were at it, the public till can get raided to inject cash into some American chip makers so they can design but not actually make any chips..."
So #3 is also the communism choice?
"...do fuck all about supply chain risk and the national security and sovereignty implications..."
What are those, other than current administration talking points? Racism against the Chinese sure is complicated.
"...pretend we did not just sell out our grandchildren at the same time."
Like you did in the last election?
Re: (Score:2)
...
What are those, other than current administration talking points? Racism against the Chinese sure is complicated.
"...pretend we did not just sell out our grandchildren at the same time."
Like you did in the last election?
Stop with the racism crap. In the particular case of electronics and routers, whether they're designed and made in the US, in the PRC, or in Taiwan probably 50%+ of the humans involved in the design end development work will be Han Chinese people (or married to Han Chinese people)
Re: (Score:2)
Lots of words to say "I disagree" without offering a single argument for why the analysis is wrong.
Re: (Score:2)
Fascism, command economics or capitalism... choices, choices. Apparently #3 is the anti-American one. Huh.
Re: maybe next time (Score:3)
OpenWRT (Score:2)
Re:OpenWRT (Score:4)
The FCC should probably require open firmware. That would take out a lot of the hassle of securing network devices.
Re: (Score:2)
c.f. the GNU Libre kernel that 'cripples' hardware relying on binary blobs with the intent that any training data ought to be supplied in human readable source code before being compiled into said binary firmware.
If we want to go all in tinfoil-hat, harmless initialization data or something nefarious? The idea that you're uploading undocumented bootstrap code into hardware registers to unlock secret modes or redirect your traffic to hostile actors...
Re: (Score:2)
Security is not the goal. Control is the goal.
Re: (Score:2)
If that were the case, the NSA could provide their own firmware. They could easily fork OpenWRT and force people to use it.
These agencies have only gotten worse (Score:5, Insightful)
20 years ago I thought these agencies were incompetent. Now I know that it was actually their peak. The FCC of prior administrations would document their goals, send out a notice for public comment, write a proposed rule set, hold a hearing, the make a rule. Now they make a rule, and everyone goes "That doesn't even make sense" then they switch it. It's not just the FCC: It's the DOJ, DHS, EPA, etc.
I don't ask FCC to "allow" me anything (Score:4)
My router's hardware [protectli.com]'s parts were made in China. Its software [opnsense.org] was made as a worldwide effort but the team seems to be officially based in the Netherlands. And I'm not asking my government's permission for updating either one. Trumptards and their micromanaging far-left centralized-economic-planners can go fuck themselves. Keep your damn dirty ape hands off my computers, comrade.
Re: (Score:2)
The FCC has been interfering with our ability to use communications gear for many many years. You'd think you'd be used to it by now.
Re: (Score:2)
Re: (Score:2)
Curious (Score:5, Interesting)
How the FCC is powerless to enforce net neutrality while at the same time enforcing bans under the guise of software security.
Re:Curious (Score:4, Informative)
How the FCC is powerless to enforce net neutrality while at the same time enforcing bans under the guise of software security.
The FCC isn't making these decisions. They are made by the DoD and the DHS, per the initial announcement.
This is batshit crazy (Score:4, Interesting)
The FCC will now allow foreign manufacturers to provide not just minor security fixes and changes, but also more major software and firmware updates that could affect router functionality, which previously required additional FCC review.
The FCC has no authority to do any of this. The mechanism they were using to ban foreign routers is withholding FCC certification. If the device is already sold that horse has left the stable. The cited references are explicitly about the hardware (e.g. radio and radio firmware) not software changes.
"A new application for an equipment authorization shall be filed whenever there is a change in the design, circuitry or construction of an equipment or device for which an equipment authorization has been issued,"
"Changes to the software installed in a transmitter that do not affect the radio frequency emissions do not require any additional filings and may be made by parties other than the holder of the grant of certification."
Re: (Score:2)
Are you saying the FCC can't withdraw certification of a device at a later date?
Re: (Score:2)
I found this little tidbit of information here: https://industrialcyber.co/cri... [industrialcyber.co]
"Currently, the FCC has the authority to revoke existing equipment authorizations under specific circumstances, but lacks a clear mechanism to rescind authorization solely because the vendor has been designated on the Covered List. This authority is limited to cases involving technical non-compliance, false statements or misrepresentation in the application, failure to meet technical requirements following subsequent testing or
Re: (Score:3)
I like how the discussion centers on what government organizations can do as if that's how the Trump executive branch works. Respect for the law has really sorted the tariffs out and stopped the war in Iran.
Re: (Score:3)
Are you saying the FCC can't withdraw certification of a device at a later date?
There needs to be an enabling authority to do so. I merely quoted relevant bits of legislation the FCC itself cited and neither impose any recertification requirements for software updates. The only nexus is software changes (e.g. radio firmware) that impact characteristics of the transmitter.
Re: (Score:2)
This sounds like your first encounter with the orange jesus administration. Allow me to educate you.
1) Stephen Miller whispers something into the fully healed orange leader's ear
2) Orange leader makes a decree
3) Loyalists praise dear leader and his wise words
4) Lackeys carry out dear leader's wishes regardless of legality
5) Courts intervene
6) Many appeals later the supreme court (6/3 ruling) rubber stamps orange leaders plans
How GENEROUS to allow (Score:2)
something they have no authority to forbid!
There is absolutely no way the FCC (or any government agency) has legal power to block firmware updates on already-purchased hardware.
Re: (Score:2)
Forget legal power ... HOW? What technical mechanism does the FCC have that can block firmware updates over the public internet? Are we proposing a China-style "Great Firewall" for U.S. consumers?
Re:How GENEROUS to allow (Score:4, Interesting)
Re: (Score:3)
Never, since SCOTUS declared the president immune from the constitution and all other law. The OP's question is a good one, the only thing that prevents the Trump administration from doing anything is competence / ability to do it.
You can't update firmware unless you can get firmware. That's what alligator Alcatraz is for, anyone who imagines they can provide firmware. Threats is how they do it, just like how they do everything else.
Re: (Score:2)
Fortunate, then, that Trump is immune from law. What's this "legal power" stuff? Does ICE have the "legal power" to murder US citizens in the streets?
Re: (Score:1)
The one thing that ruffles their feathers is that dumb bitch who got shot in the neck on Jan 6th. That shooting would be clean if she was doing that in my home.
I watched her bleed out while draped in a Trump flag.
Re: How GENEROUS to allow (Score:2)
A ban made by idiots... (Score:2)
full of sound and fury, signifying nothing.
Wasted time and energy over stupid, misguided fears.
rogue patching (Score:2)
How long until some grey-hat hacks all of these routers and updates them with OpenWRT?
Odd risk assessment (Score:3)
ha (Score:2)
How do they ban them? (Score:2)
How exactly do they ban updates? If they publish an update for Canadian owners, nothing stops Americans from installing it.
Re: (Score:2)
But no, this is some ostensible supply chain security theater that won't do a damn thing for anyone. If NanoKVM or TP-Link were sending LAN metadata or reverse shells to malicious actors, I think it would've already been discovered by now. There are semi-malicious tablets, IP cameras, and similar gear
They won't be in power then, hopefully (Score:2)