Slashdot Mirror
Why Cybersecurity Experts Want Open Source Routers (vice.com)
derekmead writes: A coalition of 260 cybersecurity experts is taking advantage of a Federal Communications Commission (FCC) public comment period to push for open source Wi-Fi router firmware.
The cybersecurity experts asked the FCC on Wednesday to require router makers to open-source their firmware, or the basic software that controls its core functionality, as a condition for it being licensed for use in the US. The request comes amid a wider debate on how the FCC should ensure that Wi-Fi routers' wireless signals don't "go outside stated regulatory rules" and cause harmful interference to other devices like cordless phones, radar, and satellite dishes.
The cybersecurity experts asked the FCC on Wednesday to require router makers to open-source their firmware, or the basic software that controls its core functionality, as a condition for it being licensed for use in the US. The request comes amid a wider debate on how the FCC should ensure that Wi-Fi routers' wireless signals don't "go outside stated regulatory rules" and cause harmful interference to other devices like cordless phones, radar, and satellite dishes.
good luck! check out this provision in the TPP: http://www.international.gc.ca... Prevents governments in TPP countries from demanding access to an enterprise’s software source code.
Firmware can be extremely messy, low-level code. It may not even be written in any sort of recognizable programming language. It is frequently the digital equivalent of a set of jumper switches, just a binary blob which is meaningless if you don't have deep knowledge of the hardware it is controlling. Firmware can directly control low-level electronics and an incorrect setting can lead to physical damage to the device and potential harm to nearby humans.
It is dangerously stupid to insist that firmware be open-sourced and to allow developers to modify the firmware on devices.
The two functions get shoved into one box for consumer purposes(often with a DSL or cable modem as well, maybe even a SIP ATA for some 'triple play' nonsense); but logically speaking there usually is a router, though an anemic one, present inside something you'd call a "Wifi router" with an AP connected internally to it. There isn't quite the same neat logical separation that you'd see with enterprise APs, the AP and the router usually share an OS, lousy HTTP configuration interface, etc. but both functions are included.
Dedicated APs are pretty thin on the ground in cheap-consumer-shit land, even compared to discrete DSL and cable modems.
You, however, seem to be confused about what firmware is because you are comparing it to "complicated software". And this has been my experience with software engineers--it is impossible to convince them that there is knowledge in this world which is not directly mappable to some sort of software.
There are parts of firmware that are just not understandable unless you have deep knowledge the specific hardware device sitting in front of you, in some cases down to the circuit level (or below, even). It is unreasonable to insist that hardware vendors document their devices down to that level and it is dangerous to allow random idiots to muck about with that firmware.