The FCC is currently inviting open comments on its plan to require router manufacturers to lock down device firmware as a means of ensuring that consumer devices can’t operate in certain frequency bands or at power levels that violate FCC guidelines. While these requirements are made to guarantee that limited spectrum is allocated fairly and in a manner that minimizes interference, many have raised concerns that locking down devices in this way will prevent open source firmware projects from continuing as well as hampering critical security research.
Now, a group of more than 250 researchers and developers, including the Internet’s grandpa, Vint Cerf, have sent the FCC a letter proposing an altogether different set of rules that would actually mandate open-source firmware while simultaneously protecting the FCCs original goals. There are multiple reasons, the letter argues, why open-source firmware updates are a necessary part of securing the Internet against attack.
The first problem is that existing router models are incredibly insecure. Hundreds of router models shipped insecure out-of-the-box and fundamental hacks continued to be found in devices that ship today. While it’s true that this is partly a problem of update policies (it’s relatively rare for consumers to update their router’s firmware), shipping locked-down firmware would prevent research into router bugs and hamper efforts to create secure networks. Today, open-source firmware like DD-WRT provides at least some additional security to users knowledgeable enough to seek it out. If the FCC stops allowing firmware updates, that route will close.