Global Internet Experts Reveal Plan for More Secure, Reliable Wi-Fi Routers - and Internet
October 14, 2015 | Business WireEstimated reading time: 4 minutes
In a letter submitted to the Federal Communications Commission (FCC), Dave Täht, co-founder of the Bufferbloat Project, and Dr. Vinton Cerf, co-inventor of the Internet, along with more than 260 other global network and cybersecurity experts, responded to the newly proposed FCC rules laid out in ET Docket No. 15-170for RF Devices such as Wi-Fi routers by unveiling a new approach to improve the security of these devices and ensure a faster, better, and more secure Internet.
The letter was filed during the agency’s public comment period on this issue.
Dave Farber, former Chief Technologist of the FCC, supports the new approach, stating, “Today there are hundreds of millions of Wi-Fi routers in homes and offices around the globe with severe software flaws that can be easily exploited by criminals. While we agree with the FCC that the rules governing these devices must be updated, we believe the proposed rules laid out by the agency lack critical accountability for the device manufacturers.”
“We can't afford to let any part of the Internet's infrastructure rot in place. We made this proposal because the wireless spectrum must not only be allocated responsibly, but also used responsibly. By requiring a bare minimum of openness in the technology at the edge of the Internet, we'll ensure that any mistakes or cheating are caught early and fixed fast,” said Dr. Vint Cerf, a co-inventor of the Internet and also Senior Vice President and Chief Internet Evangelist at Google.
To improve accountability significantly while keeping the original intent of the regulation, the signatories, who also included Dr. Paul Vixie, Dr. Sascha Meinrath, Dr. Nick Feamster, Jim Gettys, Dr. David P. Reed, Dr. Andreas Petlund, Jeff Osborn, and other well-known industry experts, recommend the FCC mandate the following actions:
1. Any vendor of software-defined radio (SDR), wireless, or Wi-Fi radio must make public the full and maintained source code for the device driver and radio firmware in order to maintain FCC compliance. The source code should be in a buildable, change-controlled source code repository on the Internet, available for review and improvement by all.
2. The vendor must assure that secure update of firmware be working at time of shipment, and that update streams be under ultimate control of the owner of the equipment. Problems with compliance can then be fixed going forward by the person legally responsible for the router being in compliance.
3. The vendor must supply a continuous stream of source and binary updates that must respond to regulatory transgressions and Common Vulnerability and Exposure reports (CVEs) within 45 days of disclosure, for the warranted lifetime of the product, or until five years after the last customer shipment, whichever is longer.
4. Failure to comply with these regulations should result in FCC decertification of the existing product and, in severe cases, bar new products from that vendor from being considered for certification.
5. Additionally, we ask the FCC to review and rescind any rules for anything that conflicts with open source best practices, produce unmaintainable hardware, or cause vendors to believe they must only ship undocumented “binary blobs” of compiled code or use lockdown mechanisms that forbid user patching. This is an ongoing problem for the Internet community committed to best practice change control and error correction on safety-critical systems.
For the complete letter and the full list of supporters, please visit here.
“Our fight for a free and open Internet began long before the invention and wide use of Wi-Fi home routers, whose manufacturers chose to base on open software. We are at an important inflection point in the history of the Internet. The FCC has an opportunity to take positive action that will increase the security and performance not only of these devices, but also influence how manufacturers develop secure Internet of Things while preserving an open Internet,” said Jim Gettys, Chairman, Bufferbloat Project.
“Networking research and innovation fundamentally depend on the ability to modify firmware on CPE and deploy it in real-world settings in home networks,” said Dr. Nick Feamster, Acting Director of Center for Information Technology Policy at Princeton University.
"The Internet is now effectively a battleground with end-users, our employers, our schools and our vendors on one side, and organized crime and nation-states on the other side. Our home gateways are often repurposed by our adversaries into weapons against us because these small, cheap plastic boxes are unpatchable, abandoned by their makers, and completely opaque. These devices are currently the Internet's public enemy #1. The plan proposed would significantly decontaminate our technology supply chain,” said Dr. Paul Vixie, CEO of Farsight Security, Inc.
“The recommendations in this document would go a long way toward ensuring the existence of a highly performant, secure, and regulation-compliant Internet far into the future,” said Jonathan Corbet, Executive Editor, LWN.net.
“As the recent revelations about the ‘Moon Worm,’ ‘DNSchanger,’ and ‘Misfortune Cookie’ and now the Volkswagen scandal illustrate, secret, locked-down firmware represents a clear and present danger to the security of the Internet,” said Ted Lemon, recent Area Director at the IETF.
“If we raise the bar for firmware code quality, maintenance, and upgrades, we can finish beating bufferbloat, especially on Wi-Fi, deploy IPv6 faster, improve security, and build a vastly better Internet, for everybody,” said Dave Täht, Architect, CeroWrt, co-founder, Bufferbloat Project.
If you care about this important issue and agree with our approach, please contact your local Congressional representative and share our letter with them. For media interview requests or other inquiries, please contact media@bufferbloat.net.
About the Bufferbloat Project
The Bufferbloat Project is an international coalition of individuals, many who were instrumental in the development of the Internet, and several with Wi-Fi, deeply concerned about the future health, speed, and safety of the edge of the Internet. In operation for 5 years, and working primarily on third-party firmware, it has pioneered new algorithms, boosted safety and security, helped develop new standards, and worked to make as much of this new theory and code available as possible for all to use.
Suggested Items
It’s Only Common Sense: Would You Join Your Own Company?
05/06/2024 | Dan Beaulieu -- Column: It's Only Common SenseIn the past few years, I have heard many company runners complaining about their workforce. They tell me that the government is paying people too much money not to work, too many young people are not interested in working every day, and there is just not the work ethic there once was when they were young.
First Two WorldView Legion Spacecraft Performing Well After Launch
05/03/2024 | BUSINESS WIREMaxar Intelligence, provider of secure, precise geospatial intelligence, today confirmed the first two WorldView Legion satellites are performing well after being launched on a SpaceX Falcon 9 rocket earlier today from Vandenberg Space Force Base, California.
SIA Statement on Senate Commerce Committee Legislation that Funds CHIPS & Science Programs
05/02/2024 | SIAThe Semiconductor Industry Association (SIA) today released the following statement from Vice President of Government Affairs David Isaacs in support of provisions included in legislation pending before the Senate Commerce Committee that would fund critical CHIPS & Science Act programs.
Intel Takes Next Step Toward Building Scalable Silicon-Based Quantum Processors
05/02/2024 | BUSINESS WIRENature published an Intel research paper, “Probing single electrons across 300-mm spin qubit wafers,” demonstrating state-of-the-art uniformity, fidelity and measurement statistics of spin qubits.
IPC's Vision for Empowering PCB Design Engineers
04/30/2024 | Robert Erickson, IPCAs architects of innovation, printed circuit board designers are tasked with translating increasingly complex concepts into tangible designs that power our modern world. IPC provides the necessary community, standards framework, and education to prepare these pioneers as they explore the boundaries of what’s possible, equipping engineers with the knowledge, skills, and resources required to thrive in an increasingly dynamic field.