FCC Allows Wifi Router Hacking

Access Padlock

After strong public push-back to proposed FCC rule changes that would have banned the installation of open-source firmware to improve WiFi router security, the FCC flipped and decided the U.S. public can hack their own WiFi routers. They just can’t make changes that might cause harmful interference.

The firmware supplied with nearly all commercially-available WiFi routers has serious security flaws. Almost of it is uses years-old Linux kernels with well-known vulnerabilities and/or old versions of open-source router code with well-known security flaws. Most router manufacturers scab their own poorly written user interface code on top of that and create additional security vulnerabilities in the process.

These problems are further exacerbated by quick model changes to keep up with or ahead of competitors and very poor security patch support for the multitude of old models. The end result of all of this is a WiFi router in most U.S. homes and many U.S. businesses that can be easily hacked from anywhere in the world.

Most people aren’t aware of this and wouldn’t know what to do about it if they were, but security-conscious techies upgrade kernels and/or install more recent versions of open source firmware such as Tomato or DD-WRT to at least reduce the vulnerabilities.  If the rule changes proposed by the FCC had been implemented, security enhancements like that would have been prohibited in the United States.

Fortunately in October of 2015 the FCC modified its proposal to allow users to hack their own firmware.  See Clearing the Air on Wi-Fi Software Updates and SOFTWARE SECURITY REQUIREMENTS FOR U-NII DEVICES.

So, was their true concern about harmful interference or easy Government access to home and business networks?

1 Comment

  1. It is especially important for users to be able to fix UPnP vulnerabilities in wifi routers. Despite all the warnings about that over the years, manufacturers have continued to supply routers that leave user LANs easily accessible by hackers. UPnP usually defaults to being enabled in routers and can’t disabled in some models. It was irresponsible for the FCC to propose making the fixing of such a serious security risk illegal.

Leave a Reply

Your email address will not be published.