A new Notice of Proposed Rulemaking (WC Docket No. 26-82) appeared in the Federal docket today. The FCC 'tentatively concluded' that national security risks extend to existing infrastructure. Consequently, they are seeking comment on a new process to retroactively revoke operating authority for companies already on the Covered List. This would close the 'legacy loophole,' legally barring the continued marketing and sale of previously approved hardware currently on retail shelves.
Wow this vuln must be a doozy. Usually NSA keeps this stuff for their own use, see Vault 7 and Shadow Brokers leaks. This confirms that the hardware is corrupted, otherwise it could be fixed with OpenWrt.
I would be hesitant to reach any conclusions about the hardware/software in question as a result of what the FCC is saying. There might be a real problem, but it's at least equally likely that this is all just about politics.
Not all models are supportable via OpenWrt, and besides that, I'm a bit confused on what they are trying to actually fix. I sadly seem to have before recently been unfortunate enough to have selected router models from TP-Link implemented with Broadcom processors, which OpenWRT devs can't get their hands on the specs to be able to support. But if these are implemented through IP blocks governed by Broadcom... TF is the threat here? Unless they're trying to say they're taking the Broadcom stuff in their own foundries, then adding nefarious bits outside those masks. I'd imagine if that were the case, the U.S wouldn't need to ban these, just compel Broadcom to give the gov access to the specs so they could actually measure if there was malicious divergence or not.
Unfortunately, I have the feeling this is more "vibes" based than anything else, or projection on the behalf the person proposing it, because something like this is exactly what they think they would do. Force a corporation to hot patch a malicious firmware update to cripple the Internet infra of an adversary nation. My problem with that line of thinking is that technically, even American companies have an incentive to do that once they get big enough, and picking the American manufacturers who get to be winners essentially guarantees they will become big enough to be problematic. I have a much bigger problem with that.
The side effect of causing an entire country's worth of enterprises to suddenly have to replace all of their networking gear stock is surely only a coincidence, and not beneficial to someone's portfolio, of course.
A new Notice of Proposed Rulemaking (WC Docket No. 26-82) appeared in the Federal docket today. The FCC 'tentatively concluded' that national security risks extend to existing infrastructure. Consequently, they are seeking comment on a new process to retroactively revoke operating authority for companies already on the Covered List. This would close the 'legacy loophole,' legally barring the continued marketing and sale of previously approved hardware currently on retail shelves.
Wow this vuln must be a doozy. Usually NSA keeps this stuff for their own use, see Vault 7 and Shadow Brokers leaks. This confirms that the hardware is corrupted, otherwise it could be fixed with OpenWrt.
I would be hesitant to reach any conclusions about the hardware/software in question as a result of what the FCC is saying. There might be a real problem, but it's at least equally likely that this is all just about politics.
Not all models are supportable via OpenWrt, and besides that, I'm a bit confused on what they are trying to actually fix. I sadly seem to have before recently been unfortunate enough to have selected router models from TP-Link implemented with Broadcom processors, which OpenWRT devs can't get their hands on the specs to be able to support. But if these are implemented through IP blocks governed by Broadcom... TF is the threat here? Unless they're trying to say they're taking the Broadcom stuff in their own foundries, then adding nefarious bits outside those masks. I'd imagine if that were the case, the U.S wouldn't need to ban these, just compel Broadcom to give the gov access to the specs so they could actually measure if there was malicious divergence or not.
Unfortunately, I have the feeling this is more "vibes" based than anything else, or projection on the behalf the person proposing it, because something like this is exactly what they think they would do. Force a corporation to hot patch a malicious firmware update to cripple the Internet infra of an adversary nation. My problem with that line of thinking is that technically, even American companies have an incentive to do that once they get big enough, and picking the American manufacturers who get to be winners essentially guarantees they will become big enough to be problematic. I have a much bigger problem with that.
The side effect of causing an entire country's worth of enterprises to suddenly have to replace all of their networking gear stock is surely only a coincidence, and not beneficial to someone's portfolio, of course.