Save WiFi: Act Now To Save WiFi From The FCC

Right now, the FCC is considering a proposal to require device manufacturers to implement security restricting the flashing of firmware. We posted something about this a few days ago, but completely missed out on a call to action. Contrary to conventional wisdom, we live under a system of participatory government, and there is still time to convince the FCC this regulation would stifle innovation, make us less secure, and set back innovation in the United States decades.

The folks at ThinkPenguin, the EFF, FSF, Software Freedom Law Center, Software Freedom Conservancy, OpenWRT, LibreCMC, Qualcomm, and other have put together the SaveWiFi campaign (archive.is capture, real link is at this overloaded server) providing you instructions on how to submit a formal complaint to the FCC regarding this proposed rule.

Under the rule proposed by the FCC, devices with radios may be required to prevent modifications to firmware. All devices operating in the 5GHz WiFi spectrum will be forced to implement security features to ensure the radios cannot be modified. While prohibiting the modification of transmitters has been a mainstay of FCC regulation for 80 years, the law of unintended consequences will inevitably show up in full force: because of the incredible integration of electronic devices, this proposed regulation may apply to everything from WiFi routers to cell phones. The proposed regulation would specifically ban router firmwares such as DD-WRT, and may go so far as to include custom firmware on your Android smartphone.

A lot is on the line. The freedom to modify devices you own is a concern, but the proposed rules prohibiting new device firmware would do much more damage. The economic impact would be dire, the security implications would be extreme, and emergency preparedness would be greatly hindered by the proposed restrictions on router firmware. The FCC is taking complaints and suggestions until September 8th.

Even if you’re not living under the jurisdiction of the FCC, consider this: manufacturers of routers and other WiFi equipment will not be selling two version of hardware, one to the US and another to the rest of the world. What the FCC regulates affects the entire world, and this proposed rule would do us all a disservice. Even if you’re not in the US, tell your second favorite websites to cover this: neither Ars Technica nor Wired have posted anything on the FCC’s proposed rule, and even boingboing is conspicuously silent on the issue. You may submit a comment until September 8th here.

152 thoughts on “Save WiFi: Act Now To Save WiFi From The FCC

  1. Is this just for finished consumer products? So things like the ESP8266 will still be fine? As long as things like the ESP exist, might not be so bad, and I’m sure the ESP is the first in a long line. As transistor densities get higher, more powerful MCUs with more complex peripherals like Wifi are just gonna come and come.

    Even if, say, the ESP and it’s brothers were locked up, you could still control it through a serial port.

    Of course, this law will stop a lot of interesting stuff. But there’s still ways of getting things done, and not too expensively. I can’t think, personally, why I’d need to hack a router anyway. There’s always a way round.

    1. You never used Open WRT or DD firmware? They often offer better features, better control and improved stability than some native firmware. If you haven’t – an awful lot of people have directly benefited from their work. Changing firmware can also be a “gateway” into becoming more familiar with your own hardware and how things work. This is just one aspect of what this regulation would mean and yet the impact would be negative and significant.

      “I can’t think, personally, why I’d need to hack a router anyway.” – maybe not now, but you never know when you might need to. And what about all those that do need this capability?

      1. [quote]“I can’t think, personally, why I’d need to hack a router anyway.” – maybe not now, but you never know when you might need to. And what about all those that do need this capability?[/quote]

        Since the Raspberry PI, it’s not necessary anymore to hack a router to run your own firmware. It might be fun to do so, but why would you if you can buy a PI?

      2. Just because you can’t think it doesn’t mean it is important.

        An example:
        I had a CISCO WAG120N that didn’t allow turning off WPS.
        WPS is a HUGE security hole. Any hacker knows it. An unpacthble one. With WPS on in a few hours or ant in maximum one day you can connect to a Wifi hotspot.
        You could in theory use MAC address filtering, but it is easy to fake an MAC address, and find it it too.
        I called CISCO where they told me they had no interest in patching firmware of an old router like that. SO they would not put an option to turn it off.
        As Stallman said in GNU manifesto: “If your problem is not shared by enough people, they will tell you to get lost”
        Now every time I enter a place with a black WAG120N in the wall I know It can be hacked, and there are many, in shops, hotels, restaurants, etc.
        The WAG120N is firmware blocked so it cant be changed to DD-WRT or Open WRT.

        Another example: I had a huge case o Wifi interference, and my PS3 didn’t support Wifi N mode. I tried to use client mode in a TPLink TL-WR941ND and use it to deliver wifi from another router to a PC and PS3 via cable. This router do not support this mode so I installed Open WRT and now my Netflix videos on PS3 are flawless.

        Do you understand now. It is not hacking. It is a necessity. It is not about need its about freedom to do it.

        1. Just because you can’t think it doesn’t mean it is NOT important.

          …my omission…

          WAG120N is Linksys (ex-CISCO)

          …my omission…

          “or ant in” means “in one day maximum”

          …my typo…

          sorry

    2. “I can’t think, personally, why I’d need to hack a router anyway. There’s always a way round.”

      Try living in Australia with a 20 year old copper line on ADSL1 with a congested exchange and tell me that there’s no reason to replace your firmware with something that is capable of QoS and actual bandwidth management instead of the fischer-price-joke QoS that’s included by default with the crap manufacturer firmware.

      I shouldn’t have to fork out thousands of dollars for a Cisco or hundreds for a Mikrotik when a sub-$100 router will do the same job.

      This could be argued to be corporate protectionism masquerading as “security” concerns.

      Then there’s the fact that it’s none of the government’s business what people choose to do with their own hardware, this is a violation of consumer rights, you have the right to seek out the best combination of software and hardware for your use case.

      1. I think what’s actually happening is the law of unintended consequences. The FCC isn’t trying to stop people from installing custom firmware, they’re trying to stop people from operating radios outside of FCC specifications. It just so happens that the firmware for the radio is the same as for everything else.

        1. Yes that’s true Peter. But they also don’t want any bad guys reverse engineering the NSA beacon implants either. The puzzle-palace is using logistic companies to interdict packages from router mfg’s en-route to surveillance targets anywhere in world including USA (i.e. nothing new about “flaps and seals”). They are not really putting in new hardware as it would stick out like a sore thumb. I think they are just re-flashing the chip which adds their deeply embedded beacon which stealthily phones home your data or allows a back-door to your router. They have some very smart cookies at Fort Meade working in unison with many cyber-subcontractors from all over the world. They also have the help of the people who helped create Stuxnet. Admiral Mike Rogers has a very deep cyber background too more-so then Kieth Alexander.

          Remember former FBI director Louis Freeh wanted something just like this in a bad way back in Clinton years but never got it approved. Well Admiral Mike Rogers is not worried about such legal technicalities when the bad guys are like the “barbarians at the gate” so to speak.Of course this is all according to Edward Snowden and indirectly Wayne Madsen.

      2. Heck, I have 50 Mbit cable (they are looking to upgrade this “base” speed to 100 Mbit soon and are looking to offer Gbit speeds at the high end), but they have a “non-capped” data cap of 300GB (exceed it 3 times and you are forced to a higher tier of service (with a 400GB “non-capped” cap).

        QoS is important when the entire family wants to watch Netfliw (but not lower the entire account to SD quality levels).

        Also, I can set time limits on my kids’ devices and can revoke access if they exceed their “alotted” data cap.

        beyond that, my old Cisco E3000 has better antennas and throughput than some newer, cheaper routers and has a USB port. The TomatoUSB firmware allow you add multiple USB devices (on a powered hub) and can even allow for some lightweight servers to be run as a kinda of slow NAS, not to mention Open VPN support.

        Sure not everyone needs this, BUT it also has a zillion connection logging options. I can analyze usage and see what devices are using extra data (or who was watching Netflix at 12am on a school night). Again, living with a capped connection means I am always looking to squeeze bandwidth as much as I can so I don’t have to tell my wife she can’t watch her shows whenever she wants (I don’t like saying no, especially to her!).

        One last thought. If you can run tomato/DDWRT/OpenWRT on multiple devices, then you only have to know 1 interfacew instead of knowing the oddities of multiple devices (even the same manufacturer can have differences within a model line due to hardware revisions).

      3. “This could be argued to be corporate protectionism masquerading as “security” concerns.”

        This was, and continues to be, the only reason I can see this being an issue. Too often “security” is used as the mask to hide true intentions, and this case is no different.

        My question is what has the FCC become? From the Net Neutrality nonsense to this? Fascism at it’s finest. World leaders desperately clinging any semblance of control they can to maintain their perch.

    3. ESP8266 uses 809.11 b/g/n at 2.4GHz so it shouldn’t be included in this regulation. I would be concerned with other devices with built-in wireless in the 5GHz band, or a 802.11 ac (5GHz band) shield for an Arduino. It could be argued that the code on the Arduino is firmware, and I think that would be affected.

        1. The processor in the WiFi chip will handle that. Hand off a packet to the WiFi chip, once the go-ahead is given it will send. Ideally, you want the WiFi chip to support reasonably modern protocols so having your projects on the wireless network doesn’t slow everything else down any more than it has to. Also, some Arduino models are faster than that.

      1. The ESP8266 may not be included as they are not on the 5Ghz band, but if they were then they would DEFINITELY be included. modules like that contain their own firmware, and would be included under the restrictions. Just because it’s not something a regular consumer would buy doesn’t mean it isn’t a manufacture product, containing a radio, with firmware loaded by the manufacturer.

        The only thing that could get past would be modules sold with absolutely NO firmware (sold totally blank) and even that might not be allowed, or blank, raw chips which are hot off the assembly line. I really don’t want to have to buy a chip for my ESP8266 separately, solder it in, then burn the firmware myself. I will, but I will etch a bloody curse to the FCC into each chip I have to solder and load.

        1. I’d hope that in a few years SoC vendors will separate radio firmware blob from the rest of the flash storage. Thus a future 5GHz-capable derivative of the ESP8266 would then require signed firmware only for the radio portion. Like having a separate baseband firmware in your mobile phone. I think there are incentives for manufacturers to take this path anyway. At least for devices classified as SDR products, technically need a new FCC approval number every time they alter SDR firmware.

          Also, unlike 2.4GHz ISM, due to the fact that the new(ish) U-NII 5GHz frequencies carved out of the spectrum aren’t ISM, technically only approved devices have any right to transmit on them.

          Technically.

    4. First they came for the router moders and I did nothing because I only play with ESPies.
      Then they came for the Android rooters but I use an iPhone.
      Last they came for me and I cried out but nobody helped because everyone else was already gone.

      1. How separate do the CPU and radio have to be? Not sure different chips on one PCB would count, I’d imagine it’d be a per-product thing. If your product has a radio, no uploading new code.

        1. Then the FCC will propose rules that obligate product makers to explain how they prevent customers from desoldering chips, i.e. welding pins instead of using solder, or perhaps forcing every digital pin to use encryption…

          1. My bet is epoxy resin potting… that way the mfg will have to send you whole new motherboard for every new firmware upgrade or send the whole router back via RMA (return merchandise auth). You could soak the thing in Fedron but that is a nasty process which stinks.

          2. @sonofthunderboanerges:
            I don’t understand why you think such rules would preclude the manufacturers from remotely installing the new firmware?
            It seems to me you think that a finished product having a certain hardness of changing the firmware by the user, implies a similar hardness for the manufacturers? Obviously the intent is in the same spirit as TrustZone & SystemMagagementMode … The processor in the radio module will have a burnt-in public key (e-fuses or other) and need the firmware to be cryptographically signed, or else refuse to continue (booting). Whenever updates are needed they will be sent from the network side (and will be signed). This makes it easy for “them” to change your firmware, but hard for the user to sign his own (the user first needs to break some cryptography). No amount of decapping chips and reverse engineering will reveal the private key, at most the public key…

          3. These rules only affect the FCC approval process. If you aren’t working with the FCC to get your devices approved by them, then this doesn’t affect you. Note that the new(ish) 5GHz U-NII bands are not the same free-for-all mess we have on 2.4GHz ISM band – only approved devices have any right to use them.

            You never had any rights to use the U-NII 5GHz frequencies however you wanted before anyway. The new FCC approval process seems to be putting that compliance burden on the manufacturer instead of hypothetically prosecuting individuals (which they never had any resources for in the first place).

            Here’s the reason for the stricter compliance requirements: https://wirednot.wordpress.com/2014/01/07/what-else-is-in-the-5-ghz-spectrum-hint-its-not-just-weather-radar/

            Here’s the FCC saying they’re just wanting manufacturers to prove that the proof of conformance test data filed with their fcc approval application documents will actually be valid no matter what settings and firmware a user might throw at it: http://arstechnica.com/information-technology/2015/09/fcc-accused-of-locking-down-wi-fi-routers-but-the-truth-is-a-bit-murkier/

  2. Is there any actual evidence that allowing user modification of, eg, device parameters has negative consequences, or real world examples of interference from such modification? I’m trying to understand where they’re coming from here. I haven’t completely read the propose rulemaking, but it seems like they’re legitimately trying to improve the certification process in the face of increasingly software-defined world.

    It would be great if someone with more knowledge than me could provide some background/context here.

    1. There at least used to be concerns with modified firmware/drivers allowing one to turn up the transmit power on 802.11b radios — I don’t know if this applies to anything more modern. The radios themselves were Part 15 compliant even at max power levels, but if they had more than a PCB trace antenna, they could exceed allowed radiated power, so they were turned down in firmware.

      In my mind, that’s still not a good reason as to why firmware modification should be banned. Even assuming people will turn up transmit power on things, if the device isn’t causing enough interference for the FCC to seek it out, what harm is being done?

      1. First of all let me say that when people start adjusting the power on equipment bad things can occur. It may work for your purpose but it can cause increased harmonics and out of band emissions. It can also cause the shoulders around the main signal to increase. All of these things interfere with other users of the radio spectrum. Effects can be as minor as shorter range or as major as total denial of service.

        People pay for the use of spectrum just like people pay for internet connections. How would you like it if someone came by and disconnected your internet access that you pay for for some period of time? I don’t think you would.

        I’ll also state that It takes a hell of a lot for the FCC to actually convince the fcc to go and seek something out. So saying just because I don’t cause enough trouble for the FCC to come after me doesn’t wash. If you emit out of band you are harming someone.

        1. I don’t think it’s unreasonable to ask that before making major rule changes like this with such large unintended consequences that they at least justify it by naming some specific examples of harm.

          Then again, I also believe that before locking someone away indefinitely they should have to at least show evidence that the person is guilty of a crime even though that hasn’t been stopping this government for at least the last 14 years.

        2. arnt the transmitters digital? would you get the same effects like you described or is it only that “increased harmonics and out of band emissions. It can also cause the shoulders around the main signal to increase” happen with analog carriers?

          1. so you mean that if you drive digital out of spec the noise becomes analog thereby interfering with everything?

            why would the government even allow us to use those frequencies why not give us access to say anything beyond 300 ghz say 400ghz so then it would not cause interference?

          2. @ejonesss

            No, I mean that digital (unless you get down to the quantum level) is analog. And even if you use a digital transmitter it is going to be subject to analog distortions in the amplifier.

    2. It is all to do wih radio power I think, also people using the wrong wifi channels for America. I think it is really it’s too stop people paying $40 for a router and turning it into a $1,000 router with hacked firmware.

    3. The hardware radios used today support frequency bands for multiple countries but unfortunately those frequency bands very often don’t overlap from country-to-country or only overlap partially, vendors use software restrictions to keep radios operating within each country’s required bands while maintaining only 1 piece of hardware. However someone can modify the firmware of their device to operating in the restricted bands. In the US, the 5Ghz band is partially used for Military applications and I think this is the FCC’s attempt to keep users from impinging upon those frequencies or potentially eaves dropping on those communications.

      They have good intentions but with very dire unintended consequences.

      1. I have noticed a Country setting in my TomatoUSB firmware, however I wouldn’t think of changing it (apparently the max output power is variable due to the specified country). If you aren’t getting enough power, the answer isn’t more power, it’s analyzing the location and optimizing.

        When I was a Kid we lived in Spokane, WA near the AM radio station KGA. It’s 50,000 Watt power caused all kinds of interference with electronics within a couple mile radius during the day. At night, they had to change the directional antenna so that it didn’t interfere with another station (in Dallas, TX I believe). In 2008, the station was forced to reduce nighttime output to 15,000 Watts so that KSFN in the San Francisco bay area coul up their transmit power without interference at night (turns out you need a good reason for FCC attention indeed; even if it is de-powering a smaller market station to allow a larger market station to gain listeners.

        My same reasoning for staying in-spec is the same reason I don’t fly my drone over fires or near airports: common sense.

        Of and Tx power can be a big problem. For those too young to remember about Border Blasters: http://jimcofer.com/personal/2008/09/24/the-border-blasters/

  3. Please think further:
    Governments forces developer to add a security breach for NSA/GCHQ and so on. The manufactur is now allowed to talk about this or to make it public. Custom firmware is forbidden. -> Game Over

    Up2Date: Android Stagefright: hundreds of million android devices won’t be fixed anymore because outdated. The only whay for those is to buy a new phone or to install a custom firmware -> Extreme garbage.

  4. I’m wondering if they are using a blanket reason of being able to increase radio power beyond the amount allowed under regulations as a gateway to stopping firmware modification of all devices with 5GHz radios. With the growing trend of smart home and IoT devices I could see there being pressure from big companies here. #GoogleOn

    1. You should be worried anyway. If the whole US market needs to close the devices, guess what’s going to happen for the rest of the world. You think the manufacturers are going to make a separate product which no law in EU for example requires? I mean they might make a european version with maybe different frequences or just for some other reason (though i think in WIFI the frequences are the same?), but since no law will require them to have an open system, and US law requires them to have a closed system, it’s going to be closed for everyone.

      1. Nah, I don’t think so. WLAN frequencies differ and we already got WLAN products over here which are exclusive to our market.

        “If the whole US market needs to close the devices, guess what’s going to happen for the rest of the world.” – this is just the usual “america is the world”-thinking ;)

        1. I wouldn’t be so sure about the EU versions being different. The US market is very big and has a big say in what gets manufactured and what doesn’t, like it or not.

          And even if they don’t close it off, how long will the EU take to follow suit on such silly laws? Usually the EU is pretty good at incorporating silly ideas like this into their own rules.

          1. I thought China had ultimate control over what gets manufactured, what features it has, what it’s price will be, and what markets and regions of the world it targets with those products.
            China will have no problem pumping out a different version for the EU market. And I will have no problem buying one from a Chinese suppler to import into the US.

        2. Well, i for sure am not an american, so i am “over here”, and i do not think that USA is the world, but USA is a big market. I have no “faith” in any manufacturer doing anything more than what they have to. And making 2 separate firmwares, unless necessary by law or by the fact that they intentionally want to split the market to limit consumers, is not going to happen.

          1. It’s no different than making keyboards in different languages, or putting different plug on an AC adapter. It is done all the time, and firmware is far cheaper (once written) than hardware.

          2. AC plugs or language settings are a “must implement” feature to sell in EU. Free firmware isn’t mandatory. If source files for firmware in EU would be mandatory, EU routers will ship with links to the source, while USA won’t.

  5. Bad guys dont play by the rules. and how the hell does this possible law actually help anyone other than businesses? cant access fw… secuirty guy; this is bad. Criminal; PARTY!!!

  6. Do they really want us to stop buying anything “Made in USA” and buy everything “Made in China” instead?
    It’s like prohibiting you replacing an old door lock after you lost a key (and are afraid thief could find it)…

    1. You still buy stuff that is “made in the USA”? The tiny fraction of electronic devices that are made in the US use circuit boards and electronic components that are made over seas almost exclusively.

    1. This _does_ affect SDRs too, it replaces the old SDR laws with these.
      Once your SDR’s software is verified by the FCC (doubtful with hackrf et.al.),
      an end user’s not allowed to change it, per this proposal, if it’s passed.

      The fcc really sucks :(

    2. SDR rules are already in place. You cannot change code that transmits over an SDR. The code is the part of the radio that controls and shapes the signal sent out and thus is certified with the radio hardware.

      Changing it means you are no longer operating it under its certificate and thus are in violation.

      This is why so many SDR kickstarter projects have failed. They can’t sell it legally.

      1. Umm, there are plenty of commercial SDRs that support GNU Radio or another SDR programming package:
        HackRF, USRP (all of Ettus’s products), BladeRF, UmTRX, Novena + Myriad-RF, and a pile of other SDRs for ham usage.

        These are all sold legally.
        What’s your point?

  7. 1. if harmful interference ( the denial of service of the 911 dispatch) is the concern then dont assign the 911 dispatch those frequencies
    or require the U-NII transmitter maker to lock out certain frequencies like the sdr and tv dongles do so rogue/black hat hackers could not wreak havoc on the 911 dispatch for example.

    the 5.15 to 5.25 is AERO. RADIONAV. FIXED SAT(S-E) so what? if if the aero industry cant get a correct signal due to some running their wifi too hot there are dozens of other AERO. RADIONAV. FIXED SAT(S-E) bands

    5.25 to 5.35 is more RADIOLOCATION Radiolocation use another band

    5.47-5.725 contain some ham bands so you ham operators can just use another band

    just to name a couple things.

    2. if the concern is us building our own haarp by accident or even some evil nation turning the U-NII signals into a haarp and weaponizing the weather then just go after those who are using the device for evil.

    give us back our firmware modifications or weaken the laws so the fines are unenforceable just like the laws on venting freon.

    1. @ejonesss
      You are an asshole I hope the FCC nails. People rely (sometimes with their lives) on spectrum to work for specific purposes and should be able to use them interference free. I don’t think the FCC should block firmware updates, but they should fine the hell out of people who do cause problems for others. Right now they lack enforcement resources to do patrols to find people and equipment that violate rules.

        1. ejonesss,

          You are one very thoughtless self centered prick.

          And if the backup fails while you are jamming a primary system with out of band emissions?

          Why? so you can watch cat videos down the block on a hot rodded wifi access point?

          Just what do you do on the internet that justifies blocking Navigation, 911, radar, and homeland security?

          1. You can use a different ISM band (like 2.4GHz) if his 5GHz hijinks cause a problem for you. In my area, local public safety stations use K-band (24GHz) communications, so it causes no issue.
            Spread spectrum and frequency hopping transmission is the norm for 5G band communications, and cyclic redundancy is already used to reduce bit errors, so again his hijinks cause no issue.
            The maximum RF output is limited by the design of the device anyway, so it has limited range, and even with the firmware RF power all the way up, it’s range is still quite limited. Short of him adding a KW power amplifier and a tower antenna, his hijinks will cause no problems to the services you mentioned.

          2. @Mark,

            you don’t need a 1KW transmitter and a tower to cause trouble.

            911 and homeland security are effected because some of them use the 4.9GHz homeland security band for wifi.

            Radar is effected. How do you think 100mW from a router compares to energy reflected by a cloud? I’ll tell you, it dwarfs it.

            So yes his hijinx can interfere.

            As someone who has designed radio hardware I can tell you that most devices out there that are approved are set to transmit at the maximum power that they can and still comply with regulation. Its a selling point and market demand drives it.

            I can also tell you that most design’s chipsets feed external amps. As I mentioned above their settings are set to drive the power amp so it makes the most power and can still comply. You can often adjust the chipset’s power output to drive the power amp harder. This can often increase power output but the device will no longer comply with rules.

          3. The emissions from a WiFi router would have no negative effect on a pulsed Doppler or FMCW radar system. The frequency, polarization, and temporal delay are all used in generating the radar data.
            The 5GHz WiFi is within the C-Band wavelength range, used for some weather radar, but S-band is just as common, and more often used for aircraft. X, Ka, and Ku bands are used for higher resolution radar imaging, and are of higher frequency.

          4. @Dave,

            All emissions in band can and do effect radar of all types. Noise is something that has to be filtered out and comes at a cost of signal level to the desired signal. Some types of radar are _more_ immune to in band noise than others but they are not totally immune.

          5. Does your neighbors WiFi interfere with yours? Mine doesn’t, and I have several neighbors within 200 feet of me. Yes, a C-band radar receiver is capable of picking up the 5GHz WiFi signals, but it just ignores those signals. To say it will interfere is like saying the guy on the cell phone next to you is making your cell phone not work due to interference. And 100mW is nothing at that frequency. Even with a very high gain receiver and directional antenna you would be lucky to get more than 2 miles if you put that source up on your roof.

    1. Because it is not about the radio side. Its about open source firmware not allowed to be installed in comercial routers. This limits users the ability to install their firmware of choosing to keep their own network safe as many companies ingnore security holes and continue to sell the routers to en users. Read the Article.

      1. While I agree that this is an issue, it’s still a radio service and should be handled as such. What the FCC is trying to do is prevent interference from other spectrum users. This is not the nefarious conspiracy against wifi users that Hackaday is making it out to be, especially when you consider the fact that a $15 amateur radio license gives you the ability to legally modify your wifi gear to your heart’s content (as long as you don’t cause interference to other spectrum users).

        I did read the article. It is full of hyperbole without offering much in the way of any real reasoning about why legislating the wifi service like all other radio services is such a horrible thing. Freedom to modify radio gear has not existed since the 1930’s. What the FCC is doing is closing a loophole that has allowed unlicensed individuals to modify their radio gear. You’re not losing a freedom, you’re losing a loophole in the law that ALL other radio services (again, except amateur) have had to abide by since the 1930’s. This is NOT something new.

        And if you think for a second that anyone reading this will be in any way affected by this law, you are fooling yourself. Since when has this community cared about a little thing like following the law?

        1. first off I shouldn’t need a ham license just because I want to run dd-wrt on my router, second a license isn’t going help when all future routers are going to become extremely difficult to put cfw on. and by that I mean that companies aren’t going to go to the trouble to make special routers that are unlocked just for ham license holders. and even if they did, they would likely charge more for them and that goes against the spirit of cfw which is taking a normal consumer grade router with good hardware and unlocking its full potential.

          1. Yes, you should. Just because you are too lazy to take a 1/2 hour out of your life to acquire the necessary license to modify radio gear doesn’t mean that the laws should change to suit you’re own lazy ideals.

            Grow up.

          2. DainBramage: Why should i need a FCC license to install openwrt and motion on a cheap router to use it as a network camera? I have two mr-3040s connected to webcams running part of my security system. I havent touched the wifi configuration other than giving it my SSID and password. I am even considering switching over to wired and disabling the wifi.

        2. “Since when has this community cared about a little thing like following the law?”

          Are you joking? I may love building strange electronic circuits, and “hacking” professional products to make them better, but I always strive to stay inside the law. Just because I’m on a site that shows how to do some *potentially* outside of the law hacks, doesn’t mean that I do them.

          This is why hackers and hackerspaces have a bad name. If even those that frequent these websites think like you do, why shouldn’t people outside our circle do the same?

        3. I don’t think anyone is arguing against the FCC’s intent. They are responsible for controlling the spectrum, and that’s what they are doing. What everyone is concerned about is the unintended consequences of having software be locked down to the point where the user cannot modify it. I agree with the FCC, that in order to be a certified device, you should have to ensure that the radio cannot be set to work outside its certification parameters by the end user. However, it’s looking like this will lead to software update lockouts that will prevent users from adding and updating non-radio related functionality.

          Part the problem, which is not the FCC’s fault, is that routers are not marketed to be customizable, so the manufactures don’t care. My reading of the proposal shows that it would be legal to produce a router with user upgradeable software, as long as such updates cannot change the radio frequence, output power, or protocol outside of what it was certified under. However they are almost certain to just lock down the whole thing for simplicity. So it is a very real change, and a very real loss.

          TL:DR. the FCC is right, but the fallout will be negative for some.

      2. why not then just hold the router makers liable for security.

        if you live in florida and someone steals your gun and murders someone then you are treaded as a murderer too

        use that kind of accountability against the makers.

        what features does the unii transmitter have that they are worried about other than diy firmware?

      3. if this is not about the radio side then the enforcement is not in the fcc jurisdiction

        the fcc i think was formed to stop spark gap transmitters and enforce decency over the air (no swearing or porn on the public airways)

  8. So if somebody already has a router with DD-WRT or Open-WRT
    on it, would they be required to throw it away? Or maybe this would just mean no more new DD-WRT flashes? I agree, this looks more like corporate protectionism not genuine security concerns. Just like how some farmers/car owners aren’t even legally allowed to tinker with or repair their car/tractor due to particularly crappy copyright laws.

  9. This is the first time I seriously consider giving up on Hack a Day!
    Have you actually read the FCC proposal and given it some thought what it actually means? For when I read your articles about this I don’t think you have..

  10. It’s not about open-source software on a WIFI router, this is just about radios used by non-professionals that could potentially send outside the licensed band…

    In fact the rest of FCC15 sets more or less the same requirements…

    5GHz Wifi restricted first because weather radar systems at airports do suffer from those routers…

    73

  11. so there will be no firmware updates at all? does this mean that business will be responsible for shipping out new routers if it is found that the shipped firmware is buggy and wont work? or is this going to be some sort of digital lock? because we know what happens to digital locks…. they get broken easily…

    1. It means that any firmware update that modifies modulation, power level, effects harmonics, or adjusts filters on the transmitter from what was certified by the fcc will be against the law to install. Things that change the color of the web interface or close security vulns etc will be ok. The problem is there is no way to ensure that firmware updates other than those provided by the mfg will tamper with the forbidden stuff so they will be blocked.

      1. Why would it be impossible to get open source firmware vetted to abide the regulations?
        Why can the protocols and physics not be formalized such that a proof checker can verify a candidate proof that a piece of software (both written by either manufacturers or open-source volunteers) abides the formalized rules? Once written verification could be cost-free, and a law could be added that the manufacturers are obliged to sign any code that meets the specifications. This way the community can still modfiy there code and stay within the law.

        It seems that it’s less about regulating spectrum usage, and more about power & control and about losing face as a lawmaker (who fails to exactly formalize laws in a way a proofchecker can neutrally judge a case, instead of the usual “I know exactly if something is right or wrong when I see it” after getting calls from whomever offers the most) which is again really about power & control.

        I yell “publish or perish” (for open-source),
        and “formalize or fossilize” (for neutrality and crystal clear agreements)

  12. Looks like it’s not just our routers. Anything with SDR gets locked down. So just about EVERYTHING in the future.

    “§2.1033(a)(4)(i) The description must state which parties will be authorized to make software changes (e.g., the grantee, wireless service providers, other authorized parties) and the software controls that are provided to prevent unauthorized parties from enabling different modes of operation. “

  13. “Even if you’re not living under the jurisdiction of the FCC, consider this: manufacturers of routers and other WiFi equipment will not be selling two version of hardware, one to the US and another to the rest of the world.”

    Haha, think again, this happens on huge scale, easiest example has to be mobile phones/smart phones, they use different hardware for the USA compared too the rest of the world, because of frequencies.

    Similar thing with food, they sell a bunch of American brands of food/snacks throughout Europe, but most have other ingredients then their American counterparts, because half the stuff that’s in American food is considered a health hazard in Europe.

    1. Sure they will. They are made in China already, and they already tailor all kinds of products to other markets. That’s were all those universal input power supplies come from. Put a plug adapter on it, and it works in your country.

  14. I am told by the ARRL that the comment period for this Notice has been extended to October, and that the ARRL is already at work drafting a response. Stay tuned.

    One of the reasons I got my amateur radio license is that it allows me to use nearly any kind of equipment to transmit and receive within the proscribed bands (subject to bandwidth, control, interference, and identification rules, naturally). If this benefit goes away because all electronics with radios (ie, all electronics) become completely closed-source, that nullifies my experimentation benefit. To me, that’s a Really Big Deal.

    1. After I read the first article I went looking for a response from the ARRL. I expected some sort of public comment from them but was unable to find one. Please let us know if they do make a public statment. I’m still a new ham and have yet to join the ARRL. Their response (or lack thereof) is likely to influence my decision to join.

    2. 1) The new rules cover new requirements for FCC registrants selling 5GHz U-NII devices. Unless you’re slapping FCC stickers on things, this doesn’t apply to you.

      2) Your amateur radio license does not include the ability to stomp on 5GHz spectrum dedicated to U-NII devices.

      3) Unlike 2.4GHz ISM, these new non-ISM 5GHz freqs are carved up very differently in different parts of the world. Using a U-NII device configured for Japan will likely stomp on licensed spectrum if switched on in the USA.

      4) 5GHz is an interesting part of the spectrum. Check this out for some context on why the new FCC approval process requires devices to implement power and frequency agility to react in real-time to interference and primary spectrum users/licensees in the immediate surroundings: https://wirednot.wordpress.com/2014/01/07/what-else-is-in-the-5-ghz-spectrum-hint-its-not-just-weather-radar/

      5) The new U-NII device firmware security requirements seem structured around proving that the device can’t be driven out-of-spec by end-users. It makes the registrant answer questions about how radio parameters are locked down (firmware signing? physical hardware that can’t be modified by software? etc). If you’re going to write to the FCC with feedback, please make them clarify the wording so that devices which happen to have locked-down down their radio module (eg. only allowing signed firmware radio blobs) may still continue allowing 3rd-party firmwares for the overall device.

  15. Various government agencies are probably right now hacking hackaday and looking for dirt to try and chill the criticism of a infallible fed. agency.

    If you ask for clean air, end to wars, etc. you become a seditious traitor, and you are observed and then undermined.

  16. “manufacturers of routers and other WiFi equipment will not be selling two version of hardware, one to the US and another to the rest of the world.”

    Yes they will. We’re all leaving you in the dust…. you haven’t noticed?

  17. I have bought a few of these cheap routers, and the stock firmware is linux-based on all of them. So is it on Android. Even though this is fine with the FCC as long as only the router vendors can change the firmware, would not the GPL disallow such usage of the software?

    That would be an amusing paradox, the FCC would permit only software disallowed by the GPL and vice versa. It would put manufacturers of linux-based routers and android phones out of business, though.

    1. Many companies violate GPL already, especially in embedded systems. Try and get source code from the likes of D-Link, Asus, Netgear, etc. for their Linux-based networking equipment. :)

  18. @DerAxeman can harmonics go negative?

    if you are old enough to remember the 80’s radio controlled cars that ran on 49 mhz.

    remember you could hear the noise of the transmitter on your fm radio around fm 98 to fm 100?

    that is a harmonic you was hearing.

    lets say your radio could go down to the 25 mhz range can you hear your toy car buzz on fm 24 to fm 25? and again 12 to 13 fm and so on?

    meaning could interference from a poorly set up transmitter effect frequencies in the lower frequencies or only in upper frequencies?

    except for sparks on am radio witch would all over the place.

      1. “Frequency converters” is that like the so called fm booster you used to get so you could play fm on the am radio?

        same goes for allowing scanners to listen to forbidden frequencies for example lats say your scanner has 800 mhz locked out but not 400 get a device that puts the content of the 800 mhz like cordless phones or cell phones over the 400 mhz so you can listen in?

        1. @ejonesss – Yes but that is not what HARMONICS mean. “Mixing” is exploiting heterodyning. By mixing a lower frequency with a higher frequency you could receive at the resultant frequency. That is how I.F. stages work in radio receivers. However HARMONICS is the multiple of a fundamental frequency, It can even apply to sound waves. No there is no “negative harmonic” as you say. Harmonics only go up in multiples of the fundamental frequency. That is how some radio transmitters work. They use a fundamental frequency crystal very low in MHz and exploit the harmonic effect by filtering and amplifying the desired higher frequency, Not sure but I think that is called a transverter.

          That scanner trick I think is called the “magic number” image frequency. That is not deliberate from the manufacture. That is just heterodyning and a poorly filtered scanner radio. Those frequency are not “forbidden” per se. The FCC requires cell phone frequencies to be blocked for privacy reasons. But if you can hear them you are not in violation of FCC law. However, you are in violation of some federal law (i.e. EPCA?) if you divulge or repeat what private conversation you heard to a 3rd party. I also think you can not record them. Sometimes this also applies to Public Safety communications too. And cordless phones.

          Radar detectors in Connecticut is weird. They are banned here but I can’t see how that’s legal when it’s nothing more than a radio receiver. Also I think in Philadelphia PA you are NOT allowed to listen to them on your police scanner! Huh???

          BTW – I live near ARRL and know many people there. Trust me they are not going to butt heads with FCC over this issue. They want the manufacturers to block any hacking or reverse-engineering of wi-fi router firmware. Hams can build projects from scratch so they won’t be impacted (i.e. they like doing that too). They do not have carte blanche access to ANY RF transmitter frequency. Only the Amateur Radio spectrum no natter what type of FCC license they have. There is a class of service with FCC which does allow ANY transmitter frequency manipulation but it’s not a Ham license.

  19. My small comment – “What the FCC regulates affects the entire world”. No – the FCC rules only apply to products sold in the US (Wikipedia – “….50 states, the District of Columbia and U.S. territories….”). Theoretically, a manufacturer in China could offer for sale something which was not tested against FCC rules, as long as it wasn’t sold in the US.

    Converse example – CE marking only applies to products sold in the EU. There are plenty of US-made products which are sold happily in America, but (in theory!) shouldn’t be sold here. In practice it’s a load of regulatory BS that everyone ignores anyway…..

    The FCC rules on electromagnetic interference, immunity, and ESD sensitivity (I might be wrong about the last one – not sure if that is actually something the FCC deals with) are pretty much identical to those from other countries, so if something passes European requirements for electromagnetic immunity, it’ll also pass FCC rules in the US.

  20. I wonder if this is more related to that radio wifi that disappeared from the market a month ago… the FBI and CIA decided they dont want people creating custom protocols or radio frequencies that make it difficult to sniff them out.

    1. i was just thinking that since look at the shutting down of defcon over proxyham.

      in fact i am willing to bet that proxyham used a modified firmware on a similar unii radio

      this is not so much about preventing interference because many of the frequencies are redundant but more about proxyham why do you think the nsa made a big fuss when the spying sunset happened?

      1. Look what “they” did to Tri-Square 2-way radios. One of the best and cheapest 900 Mhz Spread Spectrum walkie-talkies on the market. They’d work for miles. However, no one with a police scanner or another uncoded Tri-Square radio could ever hear them. “They” would have to drag out sophisticated spectrum analyzer’s to even detect they were being used in a local area. Company was squashed with no explanation even when business was doing well. Now they are collector items on EBAY for ridiculous prices. “They” did the same thing to the Russian-American company in Chicago called CYBIKO. 900 Mhz 2-way digital communicators which could be made into digi-repeaters (i,e, Packet Radio?) and make a pretty cool low-profile and cheap digital mesh network. GONE! Can’t have bad guys making their own secret mesh networks!

      2. ProxyHam was very slick. It allowed you to “cheesebox” your way into a distant wi-fi network with a 900 MHz RF link and a Yagi-Uda directional antenna. Cheeseboxing is an old term of tradecraft used by old spooks to use two telephones attached to each other in an abandoned or vacant building. The cheesebox would allow the automatic attaching to the 2nd line via auto-answering and electronic interfacing. This way the spook could make or receive calls at another location far away from the vacant building. That way in case the phone call is traced it will only lead them to the vacant building. Also it had a way to know that the building was breached so the spook could terminate the call before they could trace the 2nd line too.

        ProxyHam works pretty much the same way only slightly different. If they trace the IP address to the Coffee House or Internet cafe your slave device is attached to, they would have to break out the spectrum analyzer to see what RF frequencies were being used in area. Then they could start a RF DF scan to triangulate the ProxyHam master. So some US Federal Agencies have the funding and skill sets for such things but not most of them. Skill sets being the technology gap, not money.

        So when using ProxyHam it’s a good idea to keep the Coffee Shop under line-of-sight video surveillance with a portable telescope, a web cam, or a colleague who works near or at the Coffee shop to notify you that you’re about to get busted and to stop transmitting.

  21. Truth be told: The FCC really doesn’t want you to tamper with radio specs in wi-fi router firmware. You can even increase RF power in a wi-fi router. So they are thinking about regulating it. Of course this will not stop hackers from doing whatever they need to do. BUT the real truth comes from that US expatriate in Russia (you know the guy from No Such Agency?). The FCC is a sister agency with you know who. They REALLY don’t want you to find the Tailored Access Operations/Access Operations/Remote Operations Center beacon implants ILLEGALLY installed in targeted routers. This dates back to before year 2010. Here’s a May 2014 Engadget article about it: http://www.engadget.com/2014/05/16/nsa-bugged-cisco-routers/

    And I’ll bet you it’s NOT just CISCO routers either! Beacon implants “phone home” without you noticing it! If you remove it or disable it from firmware then that’ll really piss off some big wig at the puzzle-palace, ;-/

  22. The iPhone can act as a Personal Hotspot router. iOS jailbreaking is currently legal in the US. If this new law were ratified, the legal status of jailbreaking would be contradictory. Would apps like MyWi and TetherMe become illegal? Or would the entire realm of baseband updates be affected? The possible effects would be far-reaching.

    1. Peter Burkimsher – Many cell phone providers like Virgin and Verizon are blocking Personal Hotspots. Ideally they want you to pay more for it. That means more control of your personal routing either with a bugged firmware update to your phone or a hardware device like a MyFi device. Anyway you look at it, AT&T set the standard of being in bed with the US Intelligence Community (See Room 641A). All others are following suit. No one wants to be tagged on being soft on TANGOS (i.e. bad guys). The US expatriate told his journalist 1st contact from Australia to get that fricking IPhone out of his hotel room when they first met in China. Apple products are so bugged it’s not funny (according to him). Microsoft made a few under-the-table deals too. Guess who controls SKYPE now? That was the most secure peer-to-peer encrypted VOIP in the world when the Estonians where running it. Not even the Russians or the Israelis could break it. NOT ANY MORE! It’s a piece of garbage now. I guess the technique of “bad guys” driving up to a public wi-fi hotspot and voiping home with Skype is no longer a safe maneuver any more. That’s probably why TANGOS use “Sneaker-Net” now. Don’t ask me what that is as it will only date you. Sneaker-Net is what the USN ST6 found at Abbatobad PK when they smoked TANGO-1. Look it up…

  23. Some people have mentioned on other sites that the FCC’s comment database is down for maintenance until the eighth. Just remember that you can still fax or call your comments in. I know this might not be as convenient, but keep in mind that large companies and law firms that might have different views on this issue definitely will be doing so.

  24. i was wondering has anyone actually got one of them 5ghz unii modules and tested if it is possible to change the frequency and power with modified firmware?

    and if you can change the frequency and power can the frequency be changed significantly say for example cause the radio to operate not just a few mhz off but say make it run at 88 to 108 witch is fm radio or 109 to 150 used by maritime radios like those seen on deadliest catch or even emulate an eprb beacon or even tune it into the ham bands?

    1. Not sure but routers like the Cisco Meraki are set for 2.4 GHz or 5 GHz. Any out of band frequency sounds unlikely as the RF components supporting filtering, amplification, etc would have to dramatically be changed or modified to achieve 88 to 150 MHz. Also the firmware probably is programmed to only address those two bands. You’d have to rewrite the whole coding to support your radical change and even then the supporting electronics as well as the antennas won’t be in spec.

      Increasing power is something else. The Cisco Meraki can REDUCE power automatically to avoid other services like radar installations. It uses CCA and DFS to avoid congestion and interference with other services like radar, mesh neighbors, and other AP’s. Increasing power substantially seems counter intuitive for manufacturers to build into firmware. I mean it must be set at it’s highest limit by default and only reduces it as it sees fit.

      1. The radar avoidance and automatic power reduction stuff is *required* in these new rules. For all U-NII devices.

        The other thing is that unlike 2.4GHz ISM, different countries have carved up their 5GHz spectrum rather differently. So turning on a U-NII device in one country is likely to stomp on licensed spectrum in another.

        “Region-locking” 5GHz devices seems to be the new reality, and the new U-NII device firmware security requirements seem to be about making sure it’s not up to the user to pick the country, and that the proof of conformance test data submitted with every FCC approval will actually always be representative of the device operation no matter what settings or firmware the end-user changes.

  25. In all of the stories about this, I have yet to see anyone actually cite the text in the NPRM they’re so worried about. The story here in hackaday is a disaster. It claims to link to that text but it doesn’t. It says the NPRM refers to DD-WRT by name, yet it doesn’t, and even the linked-to article doesn’t. Something smells fishy here. I have searched the 80-page NPRM for keywords like “modify” and “modification” and so far, I haven’t found anything to substantiate this claim. I guess I’m gonna have to read the whole damned thing….

  26. This action by the FCC would have serious consequences for Health & Privacy Regulations.
    I have the right to choose any alternative method, location, and format of communication between myself and my healthcare provider. Whether or not they pass this restriction on WIFI, I still have that right and it protects my choice to communicate with a modified WIFI device.

    Does this mean the FCC has the right to deny me Freedom of Speech??

  27. [quote]
    … Even if you’re not living under the jurisdiction of the FCC, consider this: manufacturers of routers and other WiFi equipment will not be selling two version of hardware, one to the US and another to the rest of the world….
    [/quote]
    Manufacturers have been selling country-specific versions of hardware and software for ages because every part of the world has its own regulations. FCC compliance isn’t worth a dime outside the US, you have to follow local rules if you want to put a product on the market. So whatever the FCC comes up with will have negligible impact outside the US, vendors will continue business as usual.

  28. Don’t worry about SDR. The maximum output of an SDR unit is already hard-coded into unchangeable firmware. When you use software to send the command to your SDR transmitter for maximum output, that maximum output is already defined in the ROM chip on the device (and thus can’t be changed), and this prevents any software from ever causing the output from the SDR unit to exceed FCC allowed power.

Leave a Reply

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.