ESR On Why the FCC Shouldn't Lock Down Device Firmware

An anonymous reader writes: We've discussed some proposed FCC rules that could restrict modification of wireless routers in such a way that open source firmware would become banned. Eric S. Raymond has published the comment he sent to the FCC about this. He argues, "The present state of router and wireless-access-point firmware is nothing short of a disaster with grave national-security implications. ... The effect of locking down router and WiFi firmware as these rules contemplate would be to lock irreparably in place the bugs and security vulnerabilities we now have. To those like myself who know or can guess the true extent of those vulnerabilities, this is a terrifying possibility. I believe there is only one way to avoid a debacle: mandated device upgradeability and mandated open-source licensing for device firmware so that the security and reliability problems can be swarmed over by all the volunteer hands we can recruit. This is an approach proven to work by the Internet ubiquity and high reliability of the Linux operating system."

Re:Why not just lock down the radio portion?

[davecb]

That can be done in some phones, but the normal approach in embedded systems like home routers is to build and run the entire system from a single system-on-a-chip and it's eprom. The latter is sometime part of the chip. That make separation physically impossible with existing products, and means future products would have to switch to a new hardware architecture with no extra profit from the change.

Re:Why not just lock down the radio portion?

[NotInHere]

WiFi routers aren't like mobile phones with separate application processor and baseband. Instead, they only have one chip, mostly due to more cost involved in having two chips. Thats why this new rule is so bad: it doesn't mandate that there is a part that has to remain free, so the vendors do what companies always do, take the cheapest solution (this isn't wrong by itself), and lock down the only processor which does both application and baseband.

The FCC should either mandate that there is a second, fully flashable part of the chip, or simply solve the problem itself, and this is installing proper tracking down hardware at airports where WiFi devices could interfere the wheather radar. Then they could find, stop, and make accountable for, those who abuse the freedom of their WiFi devices. As this costs money, they rather chose to limit freedom, and still remain vulnerable like before. Those who want to attack airports still can get illegal devices.

Information

[Solandri]

So based on a few vague comments, I managed to track down what the issue is since neither this nor the previous /. article nor the sites opposed to it (who seem to want to portray it as a Big Evil Government conspiracy to take away your freedom) delve into it.

Several airports use Terminal Doppler Weather Radar for high-resolution maps of storms, rainfall, and most importantly (for airports) microbursts. TDWR operates at frequencies from 5.60 - 5.64 GHz. That's smack dab in the middle of the 5 GHz band used by 802.11a, n, and ac. You'll notice use of those specific frequencies (channels 120, 124, 128) are prohibited in the U.S. and Canada for this reason.

Based on that, it sounds like the issue is that you can buy a 5 GHz device off the shelf, then hack the firmware to re-enable those frequencies. And the FCC is proposing this action because people have been doing exactly that and the FCC has received reports from the airports of such interference on those frequencies.

Re:Why not just lock down the radio portion?

It's really worse than this. Locking down radio firmware is also *really bad*. It opens up vulnerabilities that can't be fixed and others bugs. I'm one of the people working on fixing these problems and it's a *huge* issue. There are a lot of 802.11n USB N wifi cards that don't work right for instance- scratch that. Didn't work right. In order to fix the problem we needed access to the sources for the firmware that ran on the device itself. Fortunately we had that. However this *same* thing applies to routers, laptops, and other other devices.

There is no solution that is going to satisfy the FCC because the FCC is trying to skirt around doing its job of tracking down violators and fining them by locking up all of our devices. It doesn't matter that it'll be completely ineffective at stopping the problem they're supposedly trying to stop. The reason it won't work is that those violating the rules only require $50 worth of specialized parts (ie a Raspberry Pi, BeagleBone Black, etc) and chip clip to bypass the locks being required. However $50 is a lot of money for the average user and its totally worthless as a security measure as its not average users who are causing the problem. It's commercial entities and the FCC has *already* taken steps to stop these entities from misbehaving through serious fines.

Re:Why not just lock down the radio portion?

[tlhIngan]

If they're going to mandate locking down, lock down the WiFi radio, as that's the part that uses the radio waves. The WiFi radio can be a "black box" with it own firmware, much like on cellular phones, where the cellular radio is a similar black box.

This keeps the FCC happy, because people won't be able to violate FCC rules, and it keeps users happy because they can keep running custom software. The WiFi firmware isn't typically something you want to mess with anyway.

And that's what the FCC really wants The problem the FCC is seeing right now is the modified firmware allows access to frequencies that aren't allowed to be used for WiFI in the US. This is more than just channels 12 and 13 on 2.4GHz, but also on the complex 5GHz band.

The FCC has many complaints already from airports and other entities whose radar is being interfered with by 5GHz WiFi (the band plan is complex enough that channels are "locked out" because they're used by higher priority services like radar).

And you really can't blame the open firmware guys either - mostly because they don't know any better and they only build one binary that works for all devices worldwide. (the available channels on 5GHz vary per country - depending on the radar in use).

All the FCC really wants (and they've clarified it in the Notice of Proposed Rulemaking) is the steps wifi manufacturers are taking to prevent people from loading on firmware that does not comply with FCC regulations - i.e., allows transmissions on frequencies they are not allowed to transmit on.

It can either take place as hardware (filters blocking out the frequencies), or software that cannot be modified by the open firmware (e.g., firmware on wifi chip reads a EEPROM or something and locks out those frequencies).

The thing it cannot be is rely on "goodwill" or firmware that respects the band plan - i.e., you cannot rely on "blessed" open firmware that only uses the right frequencies (because anyone can modify it to interfere).

The FCC has all the powers to enforce compliance right now - users of open firmware who are caught creating interference with higher priority services can already be fined, equipment seized and all that stuff (and that would not include just the WiFi router - any WiFi device like PCs can be seized if they attach to that network). That's the heavy handed legal approach they have. However, they don't want to do that, because most users probably don't realize the problem, and the FCC really doesn't want to destroy all that stuff. So instead, the FCC is working with manufacturers to fix the issue at the source.

The problem lies in the fact that most manufacturers are cheap and will not spend a penny more, so instead of locking out the radio from interfering, they'll lock out the entire firmware.

The FCC mentions DD-WRT and all that by name because their investigations revealed that when they investigate interference, the offending routers run that firmware (and which doesn't lock out frequencies that they aren't supposed to transmit on).