Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Solution To the Security Guidelines Proposed By FCC For Home Routers (imgtec.com)

Posted by msmash on from the within-the-law dept.

An anonymous reader writes: Back in March 2015, the United States Federal Communications Commission (FCC) issued a security document that included a series of provisions related to the use of wireless devices. In order to comply with these security guidelines, some manufacturers of home routers and other networking equipment decided to lock down the software powering these devices. This caused an outcry from the open source community who demanded that the FCC and manufacturers would not restrict the free use of the operating system and associated software running on their devices. Now Imagination Technologies is presenting a proof of concept demonstration that addresses the next-generation security requirements mandated by the FCC and other similar agencies. The demo makes use of a feature of MIPS Warrior CPUs called multi-domain, secure hardware virtualization. This technology allows developers to create system-wide, hardware-enforced trusted environments that are much secure compared to current solutions. The platform used for the demonstration runs three virtual machines (VMs) on a MIPS P-class CPU integrated in a router-type evaluation kit; this approach securely separates the OpenWrt operating system from the Wi-Fi driver, allowing them to co-exist in isolation and thus comply with the FCC guidelines.Ars Technica has more details.

55 comments

  1. That makes it impossible to use open wifi-drivers by Anonymous Coward · · Score: 5, Insightful

    As I see it, this non-solution is incompatible with open source. How about just simply shipping them with an OS that complies with the FCC rules and let it be the user's responsibility not to put software on it that doesn't comply with the FCC rules?

  2. I'll say it again: by Anonymous Coward · · Score: 0

    Take a leaf out the CB / Ham radio guidebook.

    Manufacture the boards with a wire link on them that disables whatever feature it is you're not permitted to have, along with a note saying "hey guys, please don't cut this wire link, we need it to legally sell this equipment in this jurisdiction. Seriously now promise you wont cut it, it's the black one marked J2 next to the LCD driver IC"

    1. Re:I'll say it again: by Anonymous Coward · · Score: 0

      Seriously, this. Are jumper blocks really that expensive nowadays?

    2. Re:I'll say it again: by Anonymous Coward · · Score: 0

      Companies tend to be wanting to save every single cent.

      To the point your router might MELT on a particularly hot day and you have some torrents running.
      Some say it is a feature.

    3. Re:I'll say it again: by Immerman · · Score: 1

      The problem I imagine (being only minimally aware of the field), is that the entire point of software-defined radio (SDR) is that you save tons of money by letting a cheap commodity computer handle all the signal processing instead of having hardware do it. Looking at this image as reference:
      https://en.wikipedia.org/wiki/...
      It appears that the software is probably completely responsible for generating a digitally encoded waveform that's then fed to the hardware - a simple D-to-A converter and amplifier driving the antenna. Not unlike the final steps of playing a digital audio file - essentially you've reduced the hardware to little more than a simple amplifier driving an antenna "speaker", and there's no way to then filter the allowed output without reintroducing a lot of the costly hardware you just managed to remove.

      You could conceivably host the SDR in a separate CPU that implements whatever restrictions the jumpers indicate, but that's probably almost as expensive. The big draw of SDR is that you already have a high-power CPU doing all the "router" stuff, and can get the "radio" stuff done essentially for free by the same hardware.

      --
      --- Most topics have many sides worth arguing, allow me to take one opposite you.
  3. Re: That makes it impossible to use open wifi-driv by Anonymous Coward · · Score: 0

    +1!!!
    Really poor editorial choice on Slashdot's part for posting this without commenting on this highly apparent contradiction.

  4. VMs need to be able to talk to each other by Anonymous Coward · · Score: 0

    This technology allows developers to create system-wide, hardware-enforced trusted environments that are much secure compared to current solutions.

    The communication between the VM running the Slashdot-posting subsystem and the VM running the grammar-checking subsystem malfunctioned. Again.

    1. Re:VMs need to be able to talk to each other by desdinova+216 · · Score: 1

      you think there's a grammar and spell checking subsystem? You must be new here?

  5. Price premium by QuietLagoon · · Score: 1
    How much of a price premium will Imagination Technologies place upon their product? Will the price be what-the-market-will-bear-based, or cost-based?

    .

    "...system-wide, hardware-enforced trusted environments..."

    Sounds expensive already...

  6. Much by Anonymous Coward · · Score: 0

    "This technology allows developers to create system-wide, hardware-enforced trusted environments that are much secure compared to current solutions."

    Your technology may be secure, but it's not *much secure*.

    1. Re:Much by Anonymous Coward · · Score: 0

      "This technology allows developers to create system-wide, hardware-enforced trusted environments that are much secure compared to current solutions."

      Your technology may be secure, but it's not *much secure*.

      Much secure, so solutions. Wow.

  7. Re: That makes it impossible to use open wifi-driv by Yvan256 · · Score: 1

    Really? I thought reporting news was supposed to be unbiased.

  8. Not the solution by Anonymous Coward · · Score: 0

    The problem was never that it couldn't be done. The problem is that its simpler to not do it. This 'solution' doesn't change that.

  9. Re:That makes it impossible to use open wifi-drive by Anonymous Coward · · Score: 0

    HAHA. Yeah, freedom, hows that going for you. The state says as such, and you will obey

  10. Re:That makes it impossible to use open wifi-drive by suutar · · Score: 1

    since the summary explicitly mentions that one of the VMs is running OpenWRT, I'm unsure quite how you mean this. Can you explain?

  11. Much secure by Anonymous Coward · · Score: 0

    Such doge.

  12. Re: That makes it impossible to use open wifi-driv by ArmoredDragon · · Score: 5, Interesting

    The FCC rules mandate that the end user isn't able to, in any practical manner, use Wi-Fi channels that aren't part of the unlicensed spectrum in the US. This whole thing came about precisely because people running open source software on their routers were using channels that are only legal in Europe and Japan, thus causing interference with other equipment that's licensed to use that spectrum in the US.

    Essentially, they just need a way to make it so that radios shipped in the US aren't capable of hitting licensed spectrum, but that's not practical from an economies of scale perspective (I.e manufacturers save on cost by making the same chips for all markets, and then using software to disable different channels on a regional basis.)

    In principle, I like the idea of making the radio subsystem be virtualized, and just have a software interface that controls the radio. This could actually improve open source compatibility because you don't even need to worry about i.e closed source broadcom drivers. Kind of like how running Linux or BSD in a virtual machine means you don't have to worry about whether or not your physical hardware is compatible with your chosen OS.

  13. OR!!! by Anonymous Coward · · Score: 0

    Rather than shipping with a radio which can broadcast on any frequency, you make an american model with a radio that broadcasts on the American frequencies and cannot be tuned outside that range in software?

  14. Regulatory stupidity... by Anonymous Coward · · Score: 0

    ... really needs no encouragement through hardware support. Just retract that turd already, FCC.

    The open source community clearly needs to lobby the FCC harder. Of course, this is bad, but not doing it is worse. Try and see if, like the EU, the US gov't would be willing to subsidise "grass roots" movements that lobby itself.

  15. Re: That makes it impossible to use open wifi-driv by Anonymous Coward · · Score: 0

    Being unbiased doesn't mean just blindly repeating press releases, in fact, that's one of the most common sources of bias in reporting. To be unbiased you have to be critical as well.

  16. FCC isn't doing this for us... by bored · · Score: 1

    It seems a huge part of what the FCC doesn't like are people setting their radios to other regulatory areas and using the nice "clean" spectrum allocated for commercial/government use. None of their proposed solutions really solve the problem, as motivated individuals can just pick up a device next time they are out of the country and put it in their apartment building anyway. Given how low power wifi is already, its likely they would never catch you.

    But all this is just BS, because running an out of spec wifi AP doesn't really solve anything. Its not like anyone is going to go to the trouble of modifying all their devices to talk to an AP using a licensed band, or can communicate back to a wifi device attached to an amplifier.

    The FCC/congress though is the real problem. Their corprate first attitude, has basically sold/given all the spectrum to organizations which hate the idea of individuals not having to be locked into paying monthly extortion..

    Just imagine what the US would be like if instead of selling the spectrum used for just one of the recent spectrum auctions (take wimax for starters) they had instead allowed unlicensed use... The explosion of technologies in the extremely limited ISM bands suggests at just how useful this spectrum could be, instead of sitting around mostly unused.

    1. Re:FCC isn't doing this for us... by stilwebm · · Score: 1

      The problem isn't just use of bands outside of the permissible frequencies, it's also power levels and broadcast patterns. Ultimately it all falls under limiting interference, and with both licensed and unlicensed spectrum.

    2. Re:FCC isn't doing this for us... by Obfuscant · · Score: 1

      The explosion of technologies in the extremely limited ISM bands suggests at just how useful this spectrum could be, instead of sitting around mostly unused.

      There are valid reasons to have licensed spectrum and communications systems that don't have to be at the mercy of a yahoo with an unlicensed source of interference.

      Imagine the result had that joker with the cellphone jammer in his car been stuck in a traffic jam because of and near a multi-car accident, and his jammer was happily disrupting the emergency service providers trying to handle the situation. Is that how you want all communication systems to operate?

      Imagine an "open airwaves" white-space network your neighbor installs next door when you have an OTA antenna trying to pick up the distant broadcast station. The FCC won't catch him, it will be YOUR problem to find him and get him to stop. How nice for everyone.

    3. Re:FCC isn't doing this for us... by AHuxley · · Score: 1

      Re "Their corprate first attitude, has basically sold/given all the spectrum to organizations which hate the idea of individuals not having to be locked into paying monthly extortion.."
      The idea is just to stay with local gov approved provider(s) no matter the low speed or lack of any local network investment. With ever more gov regulations its back to POTS, costly last mile partial networks of optical or coax from your gov approved monopoly or cozy duopoly network provider.

      How a group of neighbors created their own Internet service (Nov 2, 2015) http://arstechnica.com/informa...

      --
      Domestic spying is now "Benign Information Gathering"
    4. Re:FCC isn't doing this for us... by Agripa · · Score: 1

      Just imagine what the US would be like if instead of selling the spectrum used for just one of the recent spectrum auctions (take wimax for starters) they had instead allowed unlicensed use... The explosion of technologies in the extremely limited ISM bands suggests at just how useful this spectrum could be, instead of sitting around mostly unused.

      Any solution which does not include rent seeking is not a solution.

    5. Re:FCC isn't doing this for us... by Agripa · · Score: 1

      With ever more gov regulations its back to POTS, costly last mile partial networks of optical or coax from your gov approved monopoly or cozy duopoly network provider.

      I have AT&T U-Verse and it is already slower and more expensive than the 768/768 SDSL that I had 10+ years ago.

    6. Re:FCC isn't doing this for us... by bored · · Score: 1

      Wifi is 2 way, you need a way to be able to receive signals from the other wifi devices on the network. Boosting the power through the sky on the AP, and attaching large MMIO antennas won't really get you that far picking up signals from someones cheap cellphone. Yah, you will boost your range, but not by much.

    7. Re:FCC isn't doing this for us... by bored · · Score: 1

      There are valid reasons to have licensed spectrum and communications systems that don't have to be at the mercy of a yahoo with an unlicensed source of interference.

      Sure there are, but by percentage what portion of all the spectrum the FCC allocates is open? There are what the ISM bands and CB. The ham guys have a little more, but we aren't really talking a complete free for all. Licensed devices != licensed operators.

  17. Or... by thegarbz · · Score: 1

    Maybe we should just stop looking for solutions and legislation to fix things that aren't a problem?

    I mean it's not like the FCC is very good in enforcing the rules they have.

  18. Licensed amateur operation by Larry_Dillon · · Score: 2

    Does this address the problem of FCC licensed amateur operators that can legally operate on adjacent frequencies and higher power levels?

    --
    Competition Good, Monopoly Bad.
  19. I thought that the solution.... by mark-t · · Score: 1

    ... was to lock down the radio while still allowing user-updates to the firmware? I seem to recall a recent slashdot article (don't have a link handy sorry) that announced that this is exactly what Linksys was choosing to do.

    --
    File under 'M' for 'Manic ranting'
  20. Re:That makes it impossible to use open wifi-drive by Anonymous Coward · · Score: 0

    the easier solution would be for the regulatory transmit power limits to be baked into the *radio* itself, leave the router software completely alone. the drives NEED to be able to be updated along with the rest of the firmware, and without hoop jumping. if you lock parts of the firmware, who's to say there isn't something else in that inaccessible area besides "just" the radio driver.

  21. Secure?? by NotInHere · · Score: 1

    So one of the VMs can nicely include the NSA backdoor? How convenient.

  22. A Government of The People? by Anonymous Coward · · Score: 0

    HAHAHAHAH

  23. Re:That makes it impossible to use open wifi-drive by Anonymous Coward · · Score: 0

    That's NOT a solution. I want to LOWER my power output. If they (FCC) take away that ability, I will be really pissed off!
    Get your grubby hands off my router!

  24. Re:That makes it impossible to use open wifi-drive by Anonymous Coward · · Score: 0

    Then move to a remote island. In the civilized world, you do not own the public airwaves and your rights do not allow you to cause interference for others.

  25. Not a solution by Bruce+Perens · · Score: 1

    Having a WiFi driver that the developer is locked out of repairing is no kind of solution. Having a WiFi driver that can't handle new features developed after the user gets the product is no solution either. And locking hams, who can legally use different frequencies and more power, out of the system is no solution either.

    --
    Bruce Perens.
  26. Or we could just keep ignoring the FCC by Anonymous Coward · · Score: 0

    Consumers are free to build their own unregulated routers. I can see while the specialized open router markets should be concerned, but I suspect it will not really be hard to find 'unlocked' routers.

    There is a real problem with the security of millions of routers. Those a fairly key devices in the average persons home AND they are pretty powerful if used in a cyberattack.The security for these devices is horrible and code auditing should really be the focus, not firmware lockdowns.

  27. Alternate solution by joemck · · Score: 1

    Stop buying routers. Instead get a Raspi and USB wifi adapter capable of master mode. Put together a preconfigured "router" distro for it that can simply be loaded onto an SD card and configured via a web interface like a normal router.

    1. Re:Alternate solution by klapaucjusz · · Score: 1

      Stop buying routers. Instead get a Raspi and USB wifi adapter capable of master mode.

      The Pi has a single 100Mbit Ethernet hooked off the USB 2.0 bus. You're putting both the Ethernet and the wifi on the USB, which is going to get congested.

      A typical home router has one or two gigabit Ethernet ports hooked directly to the SoC, with one of the interfaces connected to an internal manageable switch. It has one or two WiFi interfaces connected to a high-speed, low-latency bus. The WNDR3700 is a good example of the type of hardware people like to run OpenWRT on.

      As far as I am aware, there is no cheap, hackable board that has the kind of connectivity you need for decent WiFi router.

    2. Re:Alternate solution by Anonymous Coward · · Score: 0

      Great. Now we'll have to figure out how to 3D print our routers.

    3. Re:Alternate solution by Anonymous Coward · · Score: 0

      There's a new beagleboard imminent with dual gigE and 3 x USB ports, which should allow fairly decent connectivity. Maybe not perfect for games needing ultra-low latency, but why would you be playing those over wifi anyway....

  28. Re: That makes it impossible to use open wifi-driv by klapaucjusz · · Score: 1

    This whole thing came about precisely because people running open source software on their routers were using channels that are only legal in Europe and Japan, thus causing interference with other equipment that's licensed to use that spectrum in the US.

    The report originally cited by the FCC doesn't say anything about open source firmware. As far as we can tell, the interference was caused by devices running proprietary software that either was buggy or had been modified to not comply with the local regulation. If you know otherwise, please share your sources.

  29. Re:That makes it impossible to use open wifi-drive by DRJlaw · · Score: 1

    How about just simply shipping them with an OS that complies with the FCC rules and let it be the user's responsibility not to put software on it that doesn't comply with the FCC rules?

    We tried that. Too many open source users can't be arsed to comply with the FCC rules, or expose every option possible and damn the rules (not their responsibility, as you suggest), so that now open source as a whole will pay the price.

    Now you've lost open source access to Wi-Fi radios. Police your community or you can bet that software defined radios will go the same way.

  30. Re:That makes it impossible to use open wifi-drive by currently_awake · · Score: 1

    The router is running a closed source unchangeable OS, that is running some VM's on it. A true open source solution would have all the software running on the router chosen by the owner, not just a subset.

  31. open source like open wrt etc are fine by Anonymous Coward · · Score: 0

    nobody except government loons want to hack your wifi any more. there are billions of pornos already. what would you be snooping a wifi for? world of warcraft passwords?

    silly fantasy concerns. the true concern is the Google/YouTube-Facebook-Twitter-Microsoft-CIA surveillance. the entirety of Windows and Microsoft devices are spyware. android and chrome are google. spyware. google tracks everywhere you surf with many different servers like google-analytics and gstatic. facebook.net and twitter too. pinky and the brain fantasies.

  32. Or just make your own router by the_humeister · · Score: 1

    Cheapo Mini-itx system that has on-board ethernet with a wireless card adaptor. That's what I have at my house.

  33. Re:That makes it impossible to use open wifi-drive by dgatwood · · Score: 1

    Then move to a remote island. In the civilized world, you do not own the public airwaves and your rights do not allow you to not cause interference for others.

    FTFY.

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.

  34. Re:That makes it impossible to use open wifi-drive by Anonymous Coward · · Score: 0

    100 years ago: "MMAALLEESS: Police your community or we won't let you marry young girls any longer"

    50 years ago: "MMAALLEESS: Police your community or we won't let you have automatic weapons any longer"

    etc.

    How about we overthrow the state and do as we will, or die trying.

  35. Re:That makes it impossible to use open wifi-drive by Anonymous Coward · · Score: 0

    It's from the same company that publishes a tiny crap of a shim for closed GPU drivers and calls it "open source GPU driver".

    Take no stock in them.

  36. Re:That makes it impossible to use open wifi-drive by BitZtream · · Score: 0

    Or ... just STOP USING SHITTY SOFTWARE DEFINED RADIOS THAT CAN BE MODIFIED AT RUNTIME.

    There is absolutely no need for that. Make your chips not suck, get the god damn firmware right the first fucking time, embedded it in ROM and leave it the fuck alone. Don't allow changes to functions/parameters that allow non-legal settings.

    THE REST OF THE SYSTEM THEN CAN'T DO ANYTHING THE FCC PREVENTS EVEN IF IT IS RUNNING OSS SOFTWARE.

    This isn't difficult in the least, its that no one cares about the handful of people using an OSS version of the software. The mind blowing part is that you guys think there are enough of you that the manufactures give a shit about your silly little side projects :)

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  37. Re:That makes it impossible to use open wifi-drive by suutar · · Score: 1

    Ah, gotcha. I had interpreted it as meaning "you can't put any open software on it". Barring hardware-only enforcement of the radio restrictions (unlikely for economic reasons) I don't see a solution that doesn't have some proprietary unchangeable software, but I see your point.

  38. Re:That makes it impossible to use open wifi-drive by Anonymous Coward · · Score: 0

    It's bitztream, the angry, yelling, penis-envying, autism-hating Slashdot troll!

  39. Re:That makes it impossible to use open wifi-drive by Anonymous Coward · · Score: 0

    OMG why do you use all caps all the time you fucking fucktard!
    OMG WHY DO YOU USE ALL CAPS ALL THE TIME YOU FUCKING FUCKTARD!

    why do you use all caps all the time you fucking fucktard!

  40. Re: That makes it impossible to use open wifi-driv by ArmoredDragon · · Score: 1

    or had been modified to not comply with the local regulation.

    And how, pray tell, was it modified? Be specific.