Despite New FCC Rules, Linksys, Asus Say They'll Still Support Third Party Router Firmware

from the apocalypse-averted dept

Mon, May 16th 2016 2:06pm — Karl Bode

The apocalypse for those who like to tinker with their router firmware may be postponed.

Last year we noted how the FCC updated router and RF device rules for safety reasons, stating that some illegally modified router radios operating in the unlicensed bands were interfering with terminal doppler weather radar (TDWR) at airports. The rule changes prohibited tinkering with the just the RF capabilities of devices. But some sloppy FCC language worried tinker advocates and custom-firmware developers, who feared that because many routers have systems-on-a-chip (SOC) where the radio isn't fully distinguishable from other hardware -- vendors would take the lazy route and block third-party firmware entirely.

And, at least with some companies, that's exactly what happened. TP-Link for example stated that it would be preventing custom router firmware installations with gear built after June 2016, blaming the FCC for the decision while giving a half-assed statement about respecting the hobbyist community's "creativity." Again: the rules don't mandate anything of the kind; TP-Link just decided to take the laziest, most economical route.

Fortunately, not all hardware vendors are following TP-Link's lead. Linksys has announced that while it will lock down modifications on some router models, the company will continue to let enthusiasts tinker with its WRT lineup of hardware, which has been a hobbyist favorite for years. From its comments the company is well aware that while custom firmware flashers may comprise a minority of overall customers, they're a vocal minority that companies really don't want to piss off. As such, a company spokesman was quick to breathlessly praise third party custom firmware options:

"The real benefit of open source is not breaking the rules and doing something with malicious intent, the value of open source is being able to customize your router, to be able to do privacy browsing through Tor, being able to build an OpenVPN client, being able to strip down the firmware to do super lean, low-latency gaming,” La Duca said. “It's not about ‘I'm going to go get OpenWrt to go and piss off the FCC.' It's about what you can do in expanding the capabilities of what we ship with."

While it would be nice to see more models supported, it's certainly a step in the right direction. It should be noted that (now Belkin-owned) Linksys said it wasn't a very big deal to lock down the radio specifically, contrary to what some vendors have claimed:

"The hardware design of the WRT platform allows us to isolate the RF parameter data and secure it outside of the host firmware separately," Linksys said in a written statement given to Ars. La Duca declined to get more specific about Linksys's exact method. Even though this is about enabling open source, Linksys’s method is proprietary and provides a competitive advantage over other router makers that aren’t supporting open source, La Duca said."

So while one vendor used the FCC rule change as an opportunity to be lazy and cheap, others are using the news as an opportunity to embrace an important part of their community. And from the looks of thinks Linksys won't be alone in the effort; representatives from Asus have been telling some hardware enthusiasts that they plan to continue supporting third-party open source firmware as a point of pride as well:

"As you may know, FCC requires all manufactures to prevent users from changing RF parameters. Not only manufactures' firmware but 3rd party firmware need to follow this instruction. Some manufactures' strategy is blocking all 3rd party firmware, and ASUS's idea is still following GNU, opening the source code, and welcome 3rd party firmware. ASUS are co-working with developers such as Merlin and DDWRT to make sure 3rd party firmware's power are the same as ASUS firmware and obey the regulations."

None of this is to say these companies can't go back on their word down the line (concerned users should keep the pressure up), but it's refreshing to see at least a few vendors actually standing behind their communities' right to tinker.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: fcc, firmware, open source, routers
Companies: asus, linksys, tp-link

9 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

anon 802.11, 16 May 2016 @ 3:01pm

Locking a router's firmware has downsides.
It is more than a right to tinker, users have the right to control their own machines within the law. Using clear text and open source code helps make a secure router. Being able to use a common software base across different hardwares and vendors helps make a secure router too. Around the world, the spectrum offered for wireless networking is fairly uniform, and only a few channels in a few countries are outliers, so the chip makers already implement some hardware and firmware boundaries. The doppler avoidance issues could be managed like the milspec radar avoidance, where the router software abandons a channel when it detects the radar. Locking routers to the vendors software won't help much. That lockout will make for more out of date and vulnerable firmware in home routers, as update policies at each vendor will drive those improvements.
[ link to this | view in chronology ]
John Fenderson (profile), 16 May 2016 @ 6:08pm

Good for Linksys
It's just too bad that their routers are so terrible. I'll retain my "plan B", which is pretty much what I used to do: build my own router & WiFi AP.

It wasn't that long ago that if you wanted excellent equipment, you had to build or assemble it yourself. I wonder if the ongoing escalation of the locking people out of the devices they purportedly "own" will bring thing that back around.
[ link to this | view in chronology ]
Ganja Man, 17 May 2016 @ 1:55am

Compliance with FCC Rules Means Hardware Changes
There is simply no way to comply with FCC Rules with respect to existing routers. This is because the FCC rules require that RF settings relating to bandwidth, power output, modulation, etc., not be capable of being changed by the firmware, but those parameters are currently exposed and accessible to the firmware. There is no "software" fix for this problem because the software can be replaced with firmware upgrades, and a new firmware upgrade can modify the RF parameters to which it has access.

So companies like ASUS just pushed out firmware updates for existing routers that essentially lock out third party firmware upgrades (and prevent any attempt to revert to earlier ASUS firmware versions to circumvent that restriction). So if your router company is now asking you to update your firmware, be very reluctant to say "yes" because it will essentially lock you into the newest manufacturer firmware version with no easy way to revert. If it has bugs, etc., you're screwed.

To support third party firmware, manufacturers basically have to put these forbidden RF parameters in a separate memory space, etc., that's outside the reach of the firmware. That's going to require a change to the hardware, but probably not much expense, so you can expect companies to start coming up with DD-WRT/OpenWRT friendly routers in upcoming months.
[ link to this | view in chronology ]
- John Fenderson (profile), 17 May 2016 @ 6:25am
  
  Re: Compliance with FCC Rules Means Hardware Changes
  "So if your router company is now asking you to update your firmware, be very reluctant to say "yes""
  
  True, but it seems to me that people who care about this issue are the ones who install their own firmware to begin with -- and so they wouldn't bother updating the factory firmware anyway.
  
  I know that whenever I buy a new router, the very first thing I do is replace the firmware. Updating the firmware I'm replacing would just be a waste of my time.
  [ link to this | view in chronology ]
DannyB (profile), 17 May 2016 @ 5:54am

Canary
In a different TD post that comes after this one, about YubiKey, I mentioned the following idea. Consider whether it could apply here as well:

Switching from open source to closed source could be considered a form of Canary.
[ link to this | view in chronology ]
Anonymous Coward, 17 May 2016 @ 4:05pm

Just socket the damned chip.
Personally I've never been of the opinion that so many features should be flashable, and I'm of the same opinion with BIOS flashing. Yes it is convenient. No you still shouldn't do it. Yes you should socket the chip, and sell a flashable version so users can choose.

So many of these boxes are botted it is ridiculous. It should be mod-able. But it shouldn't ship that way. Note that most of this class of devices use the low security rather than high security TCP/IP model, even though they often say "firewall" on the package.

The other option would have been to put a 5 cent jumper on one of the leads and make the software check that circuit before flashing. Getting half the country pwned was apparently worth the nickle. Frankly I'm amazed that so many of this class of device has shipped branded as a security product, and it hasn't resulted in a class action suit yet. (That I know of)

They used to put brass keys on computers. It never stopped being a good idea. Just because you can cut costs by doing something, doesn't mean you should.
[ link to this | view in chronology ]
Marc Ragusa, 18 May 2016 @ 6:55am

Latest Asus Router Firmware May Block 3rd Party Firmware
Asus' latest router firmware implies they will block third party firmware. I have not tested this.

See: http://www.asus.com/support/Download/11/2/0/73/PZkFHlMrGWzVROxT/45/

"ASUS has been dedicated to cooperate with third party developers to come up with more innovative features.
To comply with regulatory amendments, we have modified firmware verification rule to ensure better firmware quality. This version is not compatible with all previously released ASUS firmware and uncertified third party firmware."
[ link to this | view in chronology ]
- John Fenderson (profile), 19 May 2016 @ 4:51pm
  
  Re: Latest Asus Router Firmware May Block 3rd Party Firmware
  So don't install that update -- and why would you, if you intend to install your own firmware anyway.
  
  The real issue is not firmware updates. They mean nothing, for obvious reasons. The real issue is buying new devices that have the bad factory firmware preinstalled.
  [ link to this | view in chronology ]
Paulo Lyra, 4 Aug 2016 @ 2:25pm

Be Aware new asus firmware
Can't upload Merlin ... Asus Block alternative firmware in last version 380.3831...no more Merlim :(
[ link to this | view in chronology ]