<div dir="ltr">This extends beyond WiFi routers - it's anything with a Part 15 Certification. Phones with WiFi, IOT, ...<div><br></div><div>The FCC seems to be suggesting that manufacturers use a bootloader that looks for signed binaries. </div><div><br></div><div>The comment deadline has been extended to Oct 9. <a href="https://www.federalregister.gov/articles/2015/09/01/2015-21634/extension-of-time-for-comments-on-equipment-authorization">https://www.federalregister.gov/articles/2015/09/01/2015-21634/extension-of-time-for-comments-on-equipment-authorization</a></div><div><br></div><div>Martin W6MRR</div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, Sep 3, 2015 at 8:18 AM, Artie Lekstutis <span dir="ltr"><<a href="mailto:Artie@lekstutis.com" target="_blank">Artie@lekstutis.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Has anyone else heard of this? Is this accurate? Bad news if it is. This would probably exclude the use of Broadband-Hamnet (and DD-WRT).<br>
<br>
This is the Hackaday article that first brought my attention to this. Their stuff can be a bit fringe, especially their opinions, but is usually somewhat accurate:<br>
<a href="http://hackaday.com/2015/09/02/save-wifi-act-now-to-save-wifi-from-the-fcc/" rel="noreferrer" target="_blank">http://hackaday.com/2015/09/02/save-wifi-act-now-to-save-wifi-from-the-fcc/</a><br>
<br>
Here’s a direct link to the FCC website that specifically identifies DD-WRT as an example of needing to be excluded from all firmware updates for future regulatory compliance:<br>
<a href="https://apps.fcc.gov/kdb/GetAttachment.html?id=1UiSJRK869RsyQddPi5hpw%3D%3D&desc=594280%20D02%20U-NII%20Device%20Security%20v01r02&tracking_number=39498" rel="noreferrer" target="_blank">https://apps.fcc.gov/kdb/GetAttachment.html?id=1UiSJRK869RsyQddPi5hpw%3D%3D&desc=594280%20D02%20U-NII%20Device%20Security%20v01r02&tracking_number=39498</a><br>
<br>
Except that it is conveniently unavailable now until the end of the comment period while “the FCC IT Team will be working to upgrade and modernize the FCC’s legacy infrastructure”. I was able to read it yesterday. Luckily I have a cached copy. I'm reluctant to distribute it even though it's an FCC document that was published publicly. If you can find a copy, see “II. SOFTWARE SECURITY DESCRIPTION GUIDE: Third-Party Access Control: 2”.<br>
<br>
If what they are saying is true- this will exclude many very useful projects from being flashed on future commercial hardware of any type. This would include DD-WRT, OpenWrt, SECN, Broadband-Hamnet, HSMM-MESH, etc…<br>
<br>
This in fact degrades security as it means you are now entirely dependent on the WiFi device manufacturer patching vulnerabilities, which they often don’t do or do very slowly, especially on older hardware. Options like DD-WRT usually address such vulnerabilities very quickly, if they ever had them in the first place.<br>
<br>
I haven’t made a public comment yet. Still trying to understand the details.<br>
<a href="https://www.federalregister.gov/articles/2015/08/06/2015-18402/equipment-authorization-and-electronic-labeling-for-wireless-devices" rel="noreferrer" target="_blank">https://www.federalregister.gov/articles/2015/08/06/2015-18402/equipment-authorization-and-electronic-labeling-for-wireless-devices</a><br>
<br>
Thanks,<br>
Artie Lekstutis<br>
KC2MFS<br>
73<br>
_______________________________________________<br>
Tacos mailing list<br>
<a href="mailto:Tacos@amrad.org" target="_blank">Tacos@amrad.org</a><br>
<a href="https://lists.amrad.org/mailman/listinfo/tacos" rel="noreferrer" target="_blank">https://lists.amrad.org/mailman/listinfo/tacos</a><br>
</blockquote></div><br></div>