Slashdot Mirror

← Back to Stories (view on slashdot.org)

TP-Link Blocks Open Source Router Firmware To Comply With FCC Rules

Posted by msmash on from the government-vs-open-source dept.

An anonymous reader points to an official announcement made by TP-Link, which confirms a report from last month that it is blocking open source firmware: The FCC requires all manufacturers to prevent users from having any direct ability to change RF parameters (frequency limits, output power, country codes, etc.) In order to keep our products compliant with these implemented regulations, TP-LINK is distributing devices that feature country-specific firmware. Devices sold in the United States will have firmware and wireless settings that ensure compliance with local laws and regulations related to transmission power. As a result of these necessary changes, users are not able to flash the current generation of open-source, third-party firmware. We are excited to see the creative ways members of the open-source community update the new firmware to meet their needs. However, TP-LINK does not offer any guarantees or technical support for customers attempting to flash any third-party firmware to their devices. Don't lose all your hopes yet. Developer Sebastian Gottschall, who works on DD-WRT Linux-based firmware, believes that TP-Link hasn't blocked third-party firmware. He adds, "Just the firmware header has been a little bit changed and a region code has been added. This has been introduced in September 2015. DD-WRT for instance does still provide compatible images... in fact it's no lock." Furthermore, Cisco insists that FCC's existing or proposed rules doesn't limit or eliminate the ability of a developer to use open source software.

36 comments

  1. require markings for region locking by RichMan · · Score: 2

    There needs to be a requirement that all products that are country/region locked have that fact clearly displayed on any product advertising and packaging. The public needs to be aware that something they buy will become unusable if they travel or move with it.

    I am sorry you laptop/phone does not work while you are in mexico/canada/......

    1. Re:require markings for region locking by snowgirl · · Score: 1

      One should be aware that different countries have different regulations. Often those regulations concern RF transmitters and the like.

      Unless someone or something tells you that your RF transmitting device will work in a foreign country, you should presume that it either a) won't. or b) would be against their regulations.

      --
      WARNING! This girl exceeds the MAXIMUM SAFE standards established by the FDA for BRATTINESS
  2. So when there's a security hole in an old box by Z00L00K · · Score: 3, Insightful

    So when there's a security hole in an old box - will TP-Link fix that or will they just say "buy a new box"?

    --
    If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
    1. Re:So when there's a security hole in an old box by fuzzyf · · Score: 2

      I got myself a TP link earlier that included a backdoor, mentioned earlier on slashdot.
      http://tech.slashdot.org/story...

      So I asked support when they would fix it. The reply I got told me to just make sure nobody got into my LAN and things would be ok.

      Never bying anything TP again. Ever.

  3. So long, suckers by Anonymous Coward · · Score: 0

    TP-Link Blocks Open Source Router Firmware To Comply With FCC Rules

    I will then block TP-Link to comply with my rules of software freedom. Closed source software is usually filled with backdoors and cannot be used.

  4. Wink Wink by mpoulton · · Score: 4, Insightful

    "As a result of these necessary changes, users are not able to flash the current generation of open-source, third-party firmware. We are excited to see the creative ways members of the open-source community update the new firmware to meet their needs." That's a pretty obvious wink and nod there. "We are required to make it look like we're actually trying to stop you from doing this. We look forward to seeing all the new ways you figure out how to do it anyway."

    --
    I am a geek attorney, but not your geek attorney unless you've already retained me. This is not legal advice.
    1. Re:Wink Wink by snowgirl · · Score: 3, Informative

      Eh... this is more of a “we look forward to F/OSS developers developing ways of ensuring region coding matches the installing firmware.”

      They're not really locking anything, they're just adding a region-locking value that must match before the image is flashed. Honestly, you could just work around this by providing the same image with all the different region-codes.

      But I think they're hoping that the F/OSS community will develop a way of ensuring that specific region-codes get a specific firmware that ensures it complies with the RF transmission regulations of that region.

      --
      WARNING! This girl exceeds the MAXIMUM SAFE standards established by the FDA for BRATTINESS
    2. Re:Wink Wink by Anonymous Coward · · Score: 1

      But I think they're hoping that the F/OSS community will develop a way of ensuring that specific region-codes get a specific firmware that ensures it complies with the RF transmission regulations of that region.

      While I agree with your sentiment, I don't think TP-Link is hoping for anything. They need to comply to be allowed to sell devices in the region, the US in this case. The "F/OSS community" as a whole isn't a big enough market to care about compared to the alternative of being forbidden to sell anything.

      Even the FCC doesn't really care about modders not strictly following the rules... until they cause interference to somebody that does care. Now a little WiFi box doesn't usually have enough power to do much, but with external amps and high gain antennas it can be noticed far away enough to matter. That sort of problem isn't really solved by firmware locks anyway.

  5. Seams that a separate region limiting chip... by Anonymous Coward · · Score: 0

    I think the correct but slightly costly method to this is for an extra flash chip or a few resistors that control the region locks for the device or build way to lock it down into the WIFI chipset. Basically, so you can flash the firmware but still have the device enforce the region lock. And no it doesn't have to too resistant towards hackers.
    But then again what TP-Link has done is they've move the responsibility over to firmware developers. Who now have to release firmwares that are region specific. It isn't TP-LINKs fault if an after market firmware doesn't enforce region rules.

  6. Wasn't this just posted a few weeks ago? by siuengr · · Score: 0, Redundant

    http://yro.slashdot.org/story/...

    1. Re:Wasn't this just posted a few weeks ago? by Sarten-X · · Score: 0

      It's almost like this is confirming "a report from last month that it is blocking open source firmware."

      Maybe the submitter or editors should put a link to the old story in the new one's summary... probably even in the first sentence, so we know it's a continuation of something we've already heard something about.

      How about it, whipslash?

      --
      You do not have a moral or legal right to do absolutely anything you want.
  7. Translation... by Frosty+Piss · · Score: 2

    TP-LINK: "We really don't want to have to deal with the FCC on this, so we're going to huff and puff a little for show, and add this little piece of easily bypassable code to cover our asses..."

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:Translation... by Applehu+Akbar · · Score: 1

      This is the same approach Netflix is taking. Hollywood is trying to force it to geoblock movie and TV content by preventing people from using VPNs, but everyone knows that any day now, some simple workaround will be published online, and Netflix will just respond "Gee, we tried, didn't we?"

    2. Re:Translation... by Sarten-X · · Score: 1

      ...but it will still do the job. TP-Link is covered, because you can't install a Japanese firmware image (which would include Japanese radio parameters) onto a North American device. Everything TP-Link produces will be in compliance with the rules.

      If an open-source project like DD-WRT wants to produce firmware images that can break FCC rules, by offering the user full control of the radio, for example, that's not TP-Link's problem. That's the third-party vendor breaking the rules, not TP-Link. Similarly if a user modifies another region's firmware image, that user made a conscious decision to violate regulations, and should be held responsible for it.

      --
      You do not have a moral or legal right to do absolutely anything you want.
    3. Re:Translation... by Anonymous Coward · · Score: 0

      Except that the bit of FCC rules in question is:

      Describe, if the device permits third-party software or firmware installation, what mechanisms are provided by the manufacturer to permit integration of such functions while ensuring that the RF parameters of the device cannot be operated outside its authorization for operation in the US. In the description include what controls and/or agreements are in place with providers of third-party functionality to ensure the devices’ underlying RF parameters are unchanged and how the manufacturer verifies the functionality.

      TP-Link had two options:
      1 - Spend money and development resources coming up with a way to do it properly.
      2 - Just block third-party firmware.

      Given that 2 was probably vastly cheaper than 1, that's what they went with.

  8. TP-Link will learn why their hardware is popular by Anonymous Coward · · Score: 0

    Hint: It's not their software. If they make it sufficiently difficult to flash the devices with Open Source firmware, their sales are going to plummet. We can always use a small ARM device with one or two Wifi USB sticks to build Open Source routers. TP-Link has nowhere to go: They're clearly not capable of competing with the big boys because they can't do software. Without OpenWRT support, their software is only going to get worse, and who wants to buy their hardware then?

  9. No tech support? Is that surprising? by wonkey_monkey · · Score: 1

    However, TP-LINK does not offer any guarantees or technical support for customers attempting to flash any third-party firmware to their devices.

    Should that be surprising in any way?

    --
    systemd is Roko's Basilisk.
  10. Country code by PPH · · Score: 1

    Devices sold in the United States will have firmware and wireless settings that ensure compliance with local laws and regulations related to transmission power.

    I bought my router the last time I visited Germany and brought it home with me. Now what?

    --
    Have gnu, will travel.
  11. This may sound unpopular, but... by Lobsang · · Score: 2

    Well yes, I gave up OpenWRT and DD-WRT a while ago. It's not that I don't like those projects -- I've used them extensively and respect their authors. The problem is that they're plagued by bugs that never get fixed and compatibility issues with all sorts of devices. For instance, just try to find the "right" version of DD-WRT to download to your wireless router and you'll see what I'm talking about.

    What we need now is an open *hardware* platform, running Linux, with a quality radio and Wireless drivers. I'd go completely crazy for a Linux powered beast like this doing AC1900 or something like that. I'd definitely pay *more* for this platform.

    And screw all the TP-assholes and NET-assholes.

    1. Re:This may sound unpopular, but... by Anonymous Coward · · Score: 0

      https://omnia.turris.cz/en/

    2. Re:This may sound unpopular, but... by Anonymous Coward · · Score: 0

      1. OpenWRT and DD-WRT are not to blame, blame the hardware manufacturers/vendors for not providing (decent) drivers
      2. OpenWRT WORKSFORME (in older hardware, though).

    3. Re:This may sound unpopular, but... by Anonymous Coward · · Score: 0

      Which exact version (exact file name would be helpful) of dd-wrt did you run and which exact version of router did you run it on?

      I hate to be the 'works for me' asshole, but I've had good luck with it on an asus rt-n16 that runs in AP mode while my pfsense box handles routing duties.

    4. Re:This may sound unpopular, but... by Anonymous Coward · · Score: 0

      For instance, just try to find the "right" version of DD-WRT to download to your wireless router and you'll see what I'm talking about.

      OK, see, right there, DD-WRT is your problem. As evidenced by DD-WRT's source control you can see that only one guy mostly works on it: BrainSlayer - with occasional contributions from Kong: http://svn.dd-wrt.com/timeline?from=Jan+1%2C+2016&daysback=10&authors=&changeset=on&sfp_email=&sfph_mail=&update=Update

      The last official release of this product was in 2008. 2008!!!

      To contrast, OpenWrt has several people working on it: https://dev.openwrt.org/timeline?from=2016-03-13&daysback=90&authors=&changeset=on&mail_addr=&mail_addr_confirm=&update=Update

      And an index with a whole pile of OpenWrt devs: https://dev.openwrt.org/wiki/people

      And they regularly release versions every couple years: https://downloads.openwrt.org/

      Also, DD-WRT is why the FCC is cracking down on all this, because DD-WRT markets their product EXPLICITLY TO FLOUT FCC REGULATIONS. https://www.dd-wrt.com/demo/SuperChannel.asp .... the proper way to handle this is that the wifi drivers have a regulatory database containing country-specific frequency information, and the user inputs their country without allowing them to tamper with the database. Anything else just invited the FCC's ire, and rightfully so, which is apparently WHY WE CAN'T HAVE NICE THINGS. Especially DD-WRT because they are CHARGING MONEY for this too!

  12. I'm not an expert but... by Anonymous Coward · · Score: 0

    Could you just not go to your local electronic shop and buy some components to generate noise on any frequency? Messing around with router firmware seems a bit overkill compared to that.

    1. Re:I'm not an expert but... by Anonymous Coward · · Score: 0

      Could you just not go to your local electronic shop and buy some components to generate noise on any frequency? Messing around with router firmware seems a bit overkill compared to that.

      Essentially, yes. But willful interference carries penalties. And unless you are very smart and very careful, you will be caught. There is a subset of amateur radio operators that enjoy mobile direction finding, and while this activity is normally done as a game or contest, nearly all are very cooperative with the FCC and jump at the chance to help locate and catch asshats that do things like this. As an example, if this interference happens to affect a ham during normal operation it will take a matter of minutes to recruit help on some other band and triangulation isn't that hard. All that effort to intentionally be a dick, and your location is known within minutes, even if you are mobile.

      Normally when a ham approaches a neighbor causing unintentional interference it's a friendly conversation and the matter is resolved without the FCC even knowing about it. If said dick refuses to stop intentionally causing interference, the FCC will be notified and in some cases the local police will even get involved. There may not be an arrest, but I have seen them confiscate property. This can be amusing since the cops know the hams help them during emergencies and are generally honest upstanding people. If the ham indicates interfering items a little "over zealously" they tend to err on the side of just taking more stuff away from said dick.

      There's really nothing I can do to prevent people from choosing asshattery as their daily lifestyle, but I certainly can choose to act in a way that brings down the mighty hammer of the FCC a little faster than otherwise when so richly deserved.

  13. I'm not worried by Anonymous Coward · · Score: 0

    If they block it, I'll just never buy that brand again. These days there are plenty of options for routers with third party software or lower power x86 routers which I'd prefer anyway because i have no real desire to work with all the software limitations of RISC currently. Things will keep improving, but personally I only need a RISC platform for ultra low power devices.. like a phone. x86 is good enough for tablets now and will be good enough for phones soon.

    Stock router firmware has also improved a lot, but if they really want to fix the problem they'd stop limiting routers with software or not auditing their code and leaving in backdoors put in by WHO THE FUCK KNOWS. Imagine the cake money you can make on the side as a core developers who slips in a bit of backdoor code. It's a very tempting option for some people and that's why all this code has to be properly audited and monitored for changes... but ... even the big boys aren't doing that well enough so we know the little SOHO routers aren't.

    We already have good lower powered x86 options to build routers or even ones pre-built with DD-WRT or such installed. The FCC isn't trying to stop that, just stop the average joe from cranking up their wifi to 11 so they can get MORE SPEED.. more likely they get lots of interference and then leave it cranked up anyway.

    1. Re:I'm not worried by Ash-Fox · · Score: 1

      These days there are plenty of options for routers with third party software or lower power x86 routers which I'd prefer anyway

      Such as?

      I'd like to see what's just as affordable alternatives that does what you say.

      --
      Change is certain; progress is not obligatory.
    2. Re:I'm not worried by Anonymous Coward · · Score: 0

      http://www.amazon.com/Mikrotik-RB-750-Mini-Router/dp/B004EI0EG4

      There are MANY different configs for Mikrotik. ALL run the same OS. Not the easiest to program (but easier than Cisco's). They're cheapest is about $30 and they go into the hundreds. Can also get bare boards to put in your own enclosures. Work off wide range of DC in voltages which is nice for running in solar installations. We've abandoned just about everything else and use these. NOT a dealer, partner, etc. Just happy customer.

    3. Re:I'm not worried by Ash-Fox · · Score: 1

      I've used Mikrotik, but the reason why I use TP-link is because of cost. Buying the board, case, the relevant cards for the boards etc. racks up a price quickly. It is unfortunately more expensive than TP-link here.

      --
      Change is certain; progress is not obligatory.
  14. TP link is now on my do not buy list by Anonymous Coward · · Score: 0

    Screw them. Honestly they decided to be dicks about it instead of doing it the right way.

    Although they cant block it completely JTAG cant be blocked.

  15. Other radio equipment. by Anonymous Coward · · Score: 0

    A lot of CB / entry level HAM gear also comes with country specific configurations, and a list of which wire links you really should NEVER EVER cut because they happen to configure the region specific features. Cutting such links could lead to disastrous consequences such as being able to transmit on the 10m band or fancy pants modulations which aren't technically permitted on CB channels.

    I think TP-Link should follow this model with a "seriously you guys don't cut this because it will enable flashing custom firmware" wire.

  16. Dupe!! by Anonymous Coward · · Score: 0

    Seriously?? This was done about a month ago as well.

    http://yro.slashdot.org/story/16/02/18/1423216/tp-link-begins-lockdown-of-firmware-in-response-to-fcc

    And ddwrt has a workaround for this, I have a wdr3600 for instance. The recommended firmware for now is ftp://ftp.dd-wrt.com/betas/2016/03-07-2016-r29218/tplink_tl-wdr3600v1/factory-to-ddwrt-us.bin (of course it is a beta version, but nevertheless).

  17. Out of control by Vlijmen+Fileer · · Score: 1

    This out of control US organisation "FCC" should really refrain from meddling what owners "are allowed" to do with their devices.
    Their silly interference [sic] in this field is only supporting artificial business models by router and phone makers, and preventing solid security to be implemented.

  18. Cisco's opinion is worthless in this context by soccerisgod · · Score: 1

    Cisco basically says you can use Open Source software on your device (the one you're manufacturing) as long as it's not something like GPL3-licensed. Because that would require you to make the software updatable for the user. Their opinion has no bearing on using the likes of OpenWRT or derived AP offerings. None at all.

    Anyone who's actually taken a closer look at the relevant FCC regulation (or its equally restrictive ETSI counterpart) will struggle to come up with ways to fully comply with this regulation without locking down the firmware. If you have a WLAN chip that has efuses/internal EEPROM that contain country settings, and if the chip reads them instead of the driver, then all is good. In every other case, it's very difficult.

    Of course, neither FCC nor ETSI care about that at all. And manufacturers will probably come up with intentionally lousy ways to lock down their firmware because they still want to sell their products and nobody really wants the default firmware :p

    --
    If a train station is a place where a train stops, what's a workstation?
    1. Re:Cisco's opinion is worthless in this context by tlhIngan · · Score: 1

      Anyone who's actually taken a closer look at the relevant FCC regulation (or its equally restrictive ETSI counterpart) will struggle to come up with ways to fully comply with this regulation without locking down the firmware. If you have a WLAN chip that has efuses/internal EEPROM that contain country settings, and if the chip reads them instead of the driver, then all is good. In every other case, it's very difficult.

      Of course, neither FCC nor ETSI care about that at all. And manufacturers will probably come up with intentionally lousy ways to lock down their firmware because they still want to sell their products and nobody really wants the default firmware :p

      It's not difficult. All WLAN chips so far require firmware to operate, and practically none are open source. So all that needs to happen is the firmware reads the channel settings/country settings fuses from the OTP area and act accordingly. Add in a little firmware signing and you're done.

      One firmware, all regions. What it does is based on what it reads from the chips.

      About the only trick would be that probably most of the chipsets out there don't support this, something that will probably be resolved in a future chip revision.