ESR On Why the FCC Shouldn't Lock Down Device Firmware

An anonymous reader writes: We've discussed some proposed FCC rules that could restrict modification of wireless routers in such a way that open source firmware would become banned. Eric S. Raymond has published the comment he sent to the FCC about this. He argues, "The present state of router and wireless-access-point firmware is nothing short of a disaster with grave national-security implications. ... The effect of locking down router and WiFi firmware as these rules contemplate would be to lock irreparably in place the bugs and security vulnerabilities we now have. To those like myself who know or can guess the true extent of those vulnerabilities, this is a terrifying possibility. I believe there is only one way to avoid a debacle: mandated device upgradeability and mandated open-source licensing for device firmware so that the security and reliability problems can be swarmed over by all the volunteer hands we can recruit. This is an approach proven to work by the Internet ubiquity and high reliability of the Linux operating system."

Why not just lock down the radio portion?

[ZorinLynx]

If they're going to mandate locking down, lock down the WiFi radio, as that's the part that uses the radio waves. The WiFi radio can be a "black box" with it own firmware, much like on cellular phones, where the cellular radio is a similar black box.

This keeps the FCC happy, because people won't be able to violate FCC rules, and it keeps users happy because they can keep running custom software. The WiFi firmware isn't typically something you want to mess with anyway.

Re:Why not just lock down the radio portion?

If they're going to mandate locking down, lock down the WiFi radio, as that's the part that uses the radio waves. The WiFi radio can be a "black box" with it own firmware, much like on cellular phones, where the cellular radio is a similar black box.

This keeps the FCC happy, because people won't be able to violate FCC rules, and it keeps users happy because they can keep running custom software. The WiFi firmware isn't typically something you want to mess with anyway.

How else could they ensure that the NSA's backdoors continue to function?

Re:Why not just lock down the radio portion?

[davecb]

That can be done in some phones, but the normal approach in embedded systems like home routers is to build and run the entire system from a single system-on-a-chip and it's eprom. The latter is sometime part of the chip. That make separation physically impossible with existing products, and means future products would have to switch to a new hardware architecture with no extra profit from the change.

Re:Why not just lock down the radio portion?

[NotInHere]

WiFi routers aren't like mobile phones with separate application processor and baseband. Instead, they only have one chip, mostly due to more cost involved in having two chips. Thats why this new rule is so bad: it doesn't mandate that there is a part that has to remain free, so the vendors do what companies always do, take the cheapest solution (this isn't wrong by itself), and lock down the only processor which does both application and baseband.

The FCC should either mandate that there is a second, fully flashable part of the chip, or simply solve the problem itself, and this is installing proper tracking down hardware at airports where WiFi devices could interfere the wheather radar. Then they could find, stop, and make accountable for, those who abuse the freedom of their WiFi devices. As this costs money, they rather chose to limit freedom, and still remain vulnerable like before. Those who want to attack airports still can get illegal devices.

Re:Why not just lock down the radio portion?

[_xeno_]

If they're going to mandate locking down, lock down the WiFi radio, as that's the part that uses the radio waves. The WiFi radio can be a "black box" with it own firmware, much like on cellular phones, where the cellular radio is a similar black box.

As I understand it, that is what the FCC wants to mandate. The problem is that in order to keep costs down, a lot of the wifi hardware in the routers doesn't have separate radio firmware, everything is controlled by a single system-on-chip, sort of like those old "winmodems" that didn't contain any firmware and instead offloaded everything to the CPU via their Windows driver.

So the FCC's rules locking down the radio firmware turn out to mean that manufacturers would have to lock down the entire software stack, not because that's what the FCC really wants, but because in order to save costs the radio firmware is instead done as part of the "main" firmware.

Re:Why not just lock down the radio portion?

It's really worse than this. Locking down radio firmware is also *really bad*. It opens up vulnerabilities that can't be fixed and others bugs. I'm one of the people working on fixing these problems and it's a *huge* issue. There are a lot of 802.11n USB N wifi cards that don't work right for instance- scratch that. Didn't work right. In order to fix the problem we needed access to the sources for the firmware that ran on the device itself. Fortunately we had that. However this *same* thing applies to routers, laptops, and other other devices.

There is no solution that is going to satisfy the FCC because the FCC is trying to skirt around doing its job of tracking down violators and fining them by locking up all of our devices. It doesn't matter that it'll be completely ineffective at stopping the problem they're supposedly trying to stop. The reason it won't work is that those violating the rules only require $50 worth of specialized parts (ie a Raspberry Pi, BeagleBone Black, etc) and chip clip to bypass the locks being required. However $50 is a lot of money for the average user and its totally worthless as a security measure as its not average users who are causing the problem. It's commercial entities and the FCC has *already* taken steps to stop these entities from misbehaving through serious fines.

Re:Why not just lock down the radio portion?

[tlhIngan]

If they're going to mandate locking down, lock down the WiFi radio, as that's the part that uses the radio waves. The WiFi radio can be a "black box" with it own firmware, much like on cellular phones, where the cellular radio is a similar black box.

This keeps the FCC happy, because people won't be able to violate FCC rules, and it keeps users happy because they can keep running custom software. The WiFi firmware isn't typically something you want to mess with anyway.

And that's what the FCC really wants The problem the FCC is seeing right now is the modified firmware allows access to frequencies that aren't allowed to be used for WiFI in the US. This is more than just channels 12 and 13 on 2.4GHz, but also on the complex 5GHz band.

The FCC has many complaints already from airports and other entities whose radar is being interfered with by 5GHz WiFi (the band plan is complex enough that channels are "locked out" because they're used by higher priority services like radar).

And you really can't blame the open firmware guys either - mostly because they don't know any better and they only build one binary that works for all devices worldwide. (the available channels on 5GHz vary per country - depending on the radar in use).

All the FCC really wants (and they've clarified it in the Notice of Proposed Rulemaking) is the steps wifi manufacturers are taking to prevent people from loading on firmware that does not comply with FCC regulations - i.e., allows transmissions on frequencies they are not allowed to transmit on.

It can either take place as hardware (filters blocking out the frequencies), or software that cannot be modified by the open firmware (e.g., firmware on wifi chip reads a EEPROM or something and locks out those frequencies).

The thing it cannot be is rely on "goodwill" or firmware that respects the band plan - i.e., you cannot rely on "blessed" open firmware that only uses the right frequencies (because anyone can modify it to interfere).

The FCC has all the powers to enforce compliance right now - users of open firmware who are caught creating interference with higher priority services can already be fined, equipment seized and all that stuff (and that would not include just the WiFi router - any WiFi device like PCs can be seized if they attach to that network). That's the heavy handed legal approach they have. However, they don't want to do that, because most users probably don't realize the problem, and the FCC really doesn't want to destroy all that stuff. So instead, the FCC is working with manufacturers to fix the issue at the source.

The problem lies in the fact that most manufacturers are cheap and will not spend a penny more, so instead of locking out the radio from interfering, they'll lock out the entire firmware.

The FCC mentions DD-WRT and all that by name because their investigations revealed that when they investigate interference, the offending routers run that firmware (and which doesn't lock out frequencies that they aren't supposed to transmit on).

Re:Why not just lock down the radio portion?

[Bengie]

One of their main concerns is an out of spec antenna power. There is nothing stopping a SoC from having a hardware limit on the power output. There is also nothing stopping someone from hooking up an AMP and relaying the signal a much higher power. Of course anyone trying to disrupt wireless signals can easily do so. What the FCC wants to stop is the ability for the home user to change their router to run out of spec. some opensource projects open up the ability for the end user to select much higher signal strengths. Since they can't run a law stopping opensource from doing this, they want to write a law to stop router manufactures from allowing opensource to work on their devices.

One of a number of critical comments

[davecb]

Dave Taht (best known for "bufferbloat") is working on one, as are others.
To make your own comment, go to https://libreplanet.org/wiki/S...

Re:One of a number of critical comments

[TechyImmigrant]

Who?

Dave Taht

Best known for what?

Bufferbloat

Open Source should go all the way

Assuming that the routers require signed firmware images (or will in the near future), the law should require that everything needed to load new images into the router by the user should be made available (including any signing keys). Of course there should be safeguards in place to prevent malefactors from using the same information...maybe physical presence should be required for firmware re-loads?

Re:Open Source should go all the way

[davecb]

That's worthwhile: please make that comment to the FCC

Re:Wrong

[amalcolm]

In the same way that modern man is a 'copy' of Mr and Mrs Neanderthal's happy child: we've come a long way since then.

Re:Wrong

[amalcolm]

So it's no longer a copy - it's a distant reation, much evolved.

what does that even mean?

[NostalgiaForInfinity]

Any computer with a WiFi card can become a "router" and have the ability to exceed FCC power requirements. Furthermore, the violations of FCC policy possible with standard router hardware are pretty limited and innocuous, no matter what you do with the firmware; I can't imagine that they have ever even detected this in the wild.

Anybody who seriously wants to boost power will just stick a hardware amplifier on their router. A 2W amplifier will cost you about $25, and an 8W amplifier about $60.

Re:what does that even mean?

[davecb]

Yes, the rulemaking applies to all wi-fi devices, not just COTS home routers, so it will affect wi-fi cards.

LOTs of missing information

[davecb]

The problem seems to be that some few airport weather radars are interfered with by existing home routers on the same frequency. They supposedly fail to detect the channel is busy doing safety-critical radar stuff, and sit there creating interference.

However, we can't confirm that. We don't know the brand of router, the specific frequency in question, the number of airports that have the radars or the prevalence of the problem: we just got a proposed mandate that the vendor “describe in detail how the device is protected from flashing and the installation of third-party firmware such as DD-WRT.”

Make it a choice

[c]

Give them the choice; perpetual security updates or open source. You want to keep your stuff closed source, you make sure it stays secure. You don't want to maintain it indefinitely, you open source it. You're welcome to migrate between those options at your convenience, but those are the only acceptable states.

Won't happen, of course, but it's got better odds than "force everyone to open source".

Follow the Money

I want to know who is really lobbying for this and why. I suspect the cell phone carriers who, desparetely clinging to their cell data plan cash cows, are trying to make sure wifi falls into line when their next generation of 'G' comes out and stomps all over it. Wifi access is becoming more and more widespread, to the point I think the carriers are worried about its (mostly free) usage as an alternative to (wildly overpriced) cellular data causing people to abandon cellular companies outright in favor of wifi-only devices. I live in a rural area in the middle of all the green on a map of Pennsylvania and the only place I don't have some sort of wifi coverage is during my 20 mile commute to work.

Information

[Solandri]

So based on a few vague comments, I managed to track down what the issue is since neither this nor the previous /. article nor the sites opposed to it (who seem to want to portray it as a Big Evil Government conspiracy to take away your freedom) delve into it.

Several airports use Terminal Doppler Weather Radar for high-resolution maps of storms, rainfall, and most importantly (for airports) microbursts. TDWR operates at frequencies from 5.60 - 5.64 GHz. That's smack dab in the middle of the 5 GHz band used by 802.11a, n, and ac. You'll notice use of those specific frequencies (channels 120, 124, 128) are prohibited in the U.S. and Canada for this reason.

Based on that, it sounds like the issue is that you can buy a 5 GHz device off the shelf, then hack the firmware to re-enable those frequencies. And the FCC is proposing this action because people have been doing exactly that and the FCC has received reports from the airports of such interference on those frequencies.

Jumpers aren't necessarily costly

[fyngyrz]

Engineer here.

Adding a chip, or even a jumper, would be prohibitively expensive in terms of losing the market share.

Chip: yes (adding to assembly complexity typically incurs additional manufacturing costs, reliability costs, and inventory costs), jumper: not necessarily.

And it's going to get worse, because they way they get lower cost (driving to IoT models) is by increasing the level of integration.

This is where the jumper comes in, more or less for free. This is because a "jumper" can be nothing but a trace on the board that can be cut (closed jumper), or conversely (open jumper), a couple extra through-holes in the PCB where a wire or a pin rack can be soldered in later. Which doesn't have to come WITH a pin rack, nor, really, does it have to have pins at all, although that tends to imply a bit more commitment about adding the jumper, especially on modern PCBs. And if this a logic input to an SOC, it makes no difference if you choose open or closed -- the software can see it as true or false in either physical state with no penalty at all.

The only question is, at the time of "increasing the level of integration", will they have an input available on the SOC (or wherever) that can read the state of the jumper and respond accordingly?

That's harder to say, but it is probably safe to say that if the SOC has been respun for any reason, odds are excellent that this can also be added for an extremely low, one-time cost. This is because as integration climbs, more is inside the chip as opposed to outside it, and so pins that were in use can be repurposed, presuming more-or-less the same SOC/pinout configuration, which is also a somewhat reasonable assumption if we are actually talking about "lower cost (driving to IoT models) ... by increasing the level of integration."

In any case, it's definitely not a given that a jumper is a high-cost change when implemented as part of a re-design that's happening anyway.

I thought these bands were open to the public?

[nbritton]

The last time I checked 900 MHz, 2.4 GHz, and 5 GHz was open to the general public. Why is the FCC even trying to dictate what we can do on these bands?