HN

Need help?
<- Back
FCC updates covered list to include foreign-made consumer routers

FCC updates covered list to include foreign-made consumer routers

moonka

Comments (155)

  • WarOnPrivacy
    The FCC maintains a list of equipment and services (Covered List) that have been determined to “pose an unacceptable risk to the national security Recently, malicious state and non-state sponsored cyber attackers have increasingly leveraged the vulnerabilities in small and home office routers produced abroad to carry out direct attacks against American civilians in their homes. Vulnerabilities have nothing to do with country of manufacture. They have always been due to manufacturers' crap security practices. Security experts have been trying to call attention to this problem for 2 decades.Manufacturers have never had to care about security because no Gov agency would ever mandate secure firmware. This includes the FCC which license their devices and the FTC who (until recently) had the direct mandate to protect consumers.Our most recent step backward was to gut those agencies of any ability to provide consumer oversight. All they they can do now is craft protectionist policies that favor campaign donors.The US has a bazillion devices with crap security because we set ourselves up for this.
  • adrianmonk
    This part of the press release seems pretty crucial:> Producers of consumer-grade routers that receive Conditional Approval from DoW or DHS can continue to receive FCC equipment authorizations.In other words, foreign-made consumer routers are banned by default. But if you are a manufacturer, you can apply to get unbanned ("Conditional Approval").In the FAQ (https://www.fcc.gov/faqs-recent-updates-fcc-covered-list-reg...), they even include guidance on how to apply: https://www.fcc.gov/sites/default/files/Guidance-for-Conditi...If you (a manufacturer) apply, they want information regarding corporate location, jursidiction, and ownership. They want a bill of materials with country of origin and a justification for why any foreign-sourced components can't be domestic. They want information about who provides software and updates. And they want to hear your plan to increase US domestic manufacturing and progress toward that goal.So, foreign-made consumer routers can still be sold, but they are going to look at them with a fine-tooth comb, and they are going to use FCC approval as leverage to try to increase domestic manufacturing.
  • WarOnPrivacy
    If we wanted secure products, we wouldn't ban devices. We'd mandate they open their firmware to audits.
  • Someone1234
    Considering this is after Loper Bright Enterprises v. Raimondo (2024), it will be interesting to see if this holds up to judicial scrutiny.The FCC's power just got substantially nerfed, and "we've decided to slow lane all foreign-made routers" feels like that may have been beaten on the old, higher, standard. Let alone the new one that gives the FCC almost no power.
  • buzer
    > all consumer-grade routers produced in foreign countriesAre there even consumer-grade routers that are produced in the USA...?
  • jscheel
    And exactly how many consumer routers are not foreign made?
  • dlcarrier
    For the device manufacturers, the obvious solution is to sell them as general-purpose computers. You can already get devices that had started out as Raspberry Pi clones but evolved into excellent DIY network appliances, with multiple high-speed Ethernet and SSD ports that are great for running a NAS, proxy server, firewall, or all three, and more. Rarely do they have good WiFi, but if manufacturers start selling hardware that has been traditionally sold as a locked-down routers or access points, but include a generic Linux installation, it'll compete will well with the aforementioned hardware.
  • rpcope1
    What exactly does "produced" mean in this context? That the final assembly was done here, software was written here, PCB was assembled here, SoCs and ICs wwre manufactured here, or something else? Regardless, while consumer routers are 9 of 10 times insecure garbage, it's hard to think of any that aren't manufactured outside the US.
  • bibimsz
    I'd gladly buy an American-made router if one existed!
  • BOFH69420
    I would be more impressed if they would ban all enterprise routers manufactured in China. I have had to continuously patch and meticulously mitigate severe vulnerabilities and bugs in Cisco, Dell, HPE, Extreme, Arista routers, switches, fabrics, and others. These are all manufactured in China, Taiwan, Hong Kong, Vietnam, Malaysia, Thailand, and probably elsewhere in the Greater China region... Actually I take it all back. I wish they would just ban companies from shipping bad code and sanction them for causing millions of hours of required labor to ensure their manufacturing defects do not harm businesses and their customers. Thank you for your attention to my chatter.
  • yunwal
    Incredibly obvious domestic surveillance scheme. Quite creepy
  • freedomben
    So... What are the options now for American consumers? What brands are left and available?
  • kemotep
    Does anyone even have a list of US produced routers? Like does installing OpenWRT or OPNSense or VyOS matter?I can’t think of a complete start to finish, OS to mosfets, computer that is 100% manufactured in the United States.
  • patrakov
    Prediction: there will appear new "Made in the USA" routers that differ from some Chinese model only by the label. Already the case in Russia for e.g. powerbanks.
  • Schnitz
    So router prices in the US will go up a lot, great!
  • weightedreply
    Will this impact the Mono Gateway[0]?[0] https://mono.si/
  • supernetworks
    This whole comment thread is a bit of a dumpster fire of opinions however we at Supernetworks have been working on the wifi security problem for a long time and we have a lot to say about it.Router manufacturers competing into involution that ship RCE (much of which is triggerable from a web page) have created a substantial risk to consumers, in this case with a lens on the US market. The events of the FCC are not in isolation and have to do with not being able to boot actors out of many critical infrastructure networks. You can follow along with CISA on the various alerting that they do. https://www.cisa.gov/news-events/cybersecurity-advisoriesWe tackle hardware & software and prioritized network isolation as the first thing to resolve. We have tons on our blog and page about network security and have open source software.
  • analog31
    Ask HN: Is there a list of preferred routers for security?
  • kittikitti
    Because of this, I'm going to plan my next network upgrade based on open source hardware like Banana Pi. My setup is based on WiFi 7 so this might not apply for a few years. From my understanding, the hardware from proprietary manufacturers is sufficiently advanced to do some advanced surveillance and spyware, whereas previous generations didn't require advanced processing to achieve fiber optic speeds. Back to the original statement, it's clear that the threat of surveillance exists.Personally, I don't make the distinction between foreign and domestically produced routers in America. In fact, I trust foreign produced routers more because the likelihood that they can act upon their surveillance is significantly lower than the current American regime's oppressive and malicious tactics. Therefore, open source routers provides enough transparency to effectively eliminate spyware threats from all angles while being compliant.I'm especially excited about the Banana Pi because of the transparency and potential of modular upgrades. Whenever there's a network issue, I have to consider whether the manufacturer (American or not) is doing something nefarious. With a Pi based router, I have much more peace of mind with network debugging issues.
  • tim-tday
    Aren’t all routers manufactured in foreign countries? Cisco are assembled in China as far as I know.
  • anon
    undefined
  • razorbeamz
    I'm sure people will get right on buying American-made routers.
  • giantg2
    Are there consumer grade routers made in the US?
  • mrsssnake
    What is a router?Really, do they have a definition?
  • raphman
    Does the router ban really only pertain to consumer-grade networking devices?> For the purpose of this determination, the term “Routers” is defined by National Institute of Science and Technology’s Internal Report 8425A to include consumer-grade networking devices that are primarily intended for residential use and can be installed by the customer. Routers forward data packets, most commonly Internet Protocol (IP) packets, between networked systems. ¹> A “consumer-grade router” is a router intended for residential use and can be installed by the customer. Routers forward data packets, most commonly Internet Protocol (IP) packets, between networked systems. Throughout this document, the term “router” is used as a shorthand for “consumer-grade router.” ²There doesn't seem to be a general ban for foreign-made professional routers, just for some Chinese manufacturers, right³?Oh, and what does "produced by foreign countries" even mean? I couldn't find any definition. Is this meant to be the country of final assembly? Would importing a Chinese router and the flashing the firmware in the USA be sufficient to be exempt? Where is the line drawn usually?¹) https://www.fcc.gov/sites/default/files/NSD-Routers0326.pdf²) https://nvlpubs.nist.gov/nistpubs/ir/2024/NIST.IR.8425A.pdf³) https://www.fcc.gov/supplychain/coveredlist
  • sam345
    If you actually read the notice, it exempts models that have been approved. So this just seems to require approvals by DOH or DHS ,": Routers^ produced in a foreign country, except routers which have been granted a Conditional Approval by DoW or DHS." I take this to mean it is just adding security approvals for this type of thing to DOw and DHS. It is not a ban of all future models. It's just saying explicitly that instead of having to review models already in the market and determine that they should be removed because of nation state or other security concerns they are reviewing them before they go to market. Would be nice if people actually read it instead of hyperventilating.
  • i_love_retros
    Given everything else going on in America right now I'm not sure I'd trust an American made router more than any other.Is this just another mass surveillance operation?
  • anonym29
    What the fuck?! I did not sign up to live in some third world shithole where I can't get first-world networking equipment. I do not want some piece of shit closed-source proprietary netgear ameritrash. FUCK! Give me back my god damn chinese routers!Chinese citizens have more computing freedom than American citizens at this point. What the fuck happened to the land of the free?
  • supernetworks
    [flagged]