Linksys Will Lock Down Firmware on most routers, but not WRTs

[thiggins]

I asked Linksys for its approach to handling the new FCC requirements, as a follow-up to this thread on TP-LINK's approach. Here is Linksys' official response:

"Linksys will conform to the FCC and European Telecommunications Standards Institute (ETSI ) rules that go into effect on June 2, 2016, that require our routers and software to be secured to prevent changing the power output or unauthorized channel selection of the router on the 5Ghz band. This impacts ALL our dual and tri-band routers including legacy, Max-Stream and WRT routers.

All Linksys legacy and Max-Stream routers will have the full host firmware locked down to adhere to the FCC and ETSI requirements. However, our current WRT router lineup (WRT1900ACS and WRT1200AC) does not need to be completely locked down. We have the ability to only lock down the radio portion of the router, thus preserving the open source support value proposition held by WRT routers.

The hardware design of the WRT platform allows us to isolate the RF parameter data and secure it outside of the host firmware separately.

We are pleased with the recent updates to the FCC rules so that we can continue to serve the open source community with the ability to utilize the thousands of customization packages like OpenVPN clients, TOR, HotSpots, etc. on WRT routers."​

 

[RMerlin]

Ars Technica has a good article on this.

 

[thc]

http://arstechnica.com/information-...block-open-source-firmware-despite-fcc-rules/

Eu, merkkel brussel ... *** f * *** and uncle sam

 

[sfx2000]

http://arstechnica.com/information-...block-open-source-firmware-despite-fcc-rules/

Eu, merkkel brussel ... *** f * *** and uncle sam

Understand your frustration - but some in the third party dev community brought this on...

 

[Razor512]

It is horrible that more router makers are following this stupidity, and locking the firmware down.
The majority of routers sold, stop receiving updates within a year, what happens if someone spends $150 on a new router, then 6 months later, a remotely exploitable vulnerability is found, but the router maker is no longer releasing updates?

If people cannot replace the firmware when official updates stop, then they risk having their devices become a security risk, and effectively not usable, long before the actual hardware becomes obsolete.

 

[Bryceadams]

View attachment 6294​

I asked Linksys for its approach to handling the new FCC requirements, as a follow-up to this thread on TP-LINK's approach. Here is Linksys' official response:

"Linksys will conform to the FCC and European Telecommunications Standards Institute (ETSI ) rules that go into effect on June 2, 2016, that require our routers and software to be secured to prevent changing the power output or unauthorized channel selection of the router on the 5Ghz band. This impacts ALL our dual and tri-band routers including legacy, Max-Stream and WRT routers.

All Linksys legacy and Max-Stream routers will have the full host firmware locked down to adhere to the FCC and ETSI requirements. However, our current WRT router lineup (WRT1900ACS and WRT1200AC) does not need to be completely locked down. We have the ability to only lock down the radio portion of the router, thus preserving the open source support value proposition held by WRT routers.

The hardware design of the WRT platform allows us to isolate the RF parameter data and secure it outside of the host firmware separately.

We are pleased with the recent updates to the FCC rules so that we can continue to serve the open source community with the ability to utilize the thousands of customization packages like OpenVPN clients, TOR, HotSpots, etc. on WRT routers."​

My concern is this ... If they lock out user accessed firmware. How will they work in access for licenced radio operators who are legally allowed to operate the router at higher RF POWER OUTPUT than the average unlicensed part 15 consumer. As it stands now non of the OEM or legal compliant dd-wrt allow you to go over 1000mw power out put With out modding with hardware or firmware . Granted the easiest and by far cheapest " usually". Is to increase E.I.R.P. with a higher gain antenna. So I ask these manufacture how they plan for this allowance especially since said licensed operator access is also esentialy a back door

 

[pete y testing]

Understand your frustration - but some in the third party dev community brought this on...

sorry but thats not exactly right , the lack of regulation brought this on

abuse in the 3rd party dev community has always been an issue

you cant blame a dude for trying if the rules allow as this is why 3rd party firmware started , but its when those that choose to take it upon then selves to abuse the regulations and cause issue and claim its all in relation to 3rd party freedom that i take a stand and call it bull shyt

i stand by any improvement that takes advantage of shortcomings in stock firmware , i do not and never will accept abuse of the regs and standards, just because, and those that cry about this, they are ignorant fools or complicit contributors choose who you are and then cry over it . I accept there needs to be limitations and controls and abide by them

if i need better coverage i run an ethernet point and a second wireless access point , its that simple

 

[sfx2000]

sorry but thats not exactly right , the lack of regulation brought this on

abuse in the 3rd party dev community has always been an issue

The regulations regarding DFS/TPC were always there - just not enforced - the FCC rule and order expands it a bit, and holds the vendors accountable...

 

[pete y testing]

The regulations regarding DFS/TPC were always there - just not enforced - the FCC rule and order expands it a bit, and holds the vendors accountable...

i have no issue with that 'as

you cant blame a dude for trying if the rules allow as this is why 3rd party firmware started ,

i take my hat of to the 3rd party community that spend time improving the base line product

i however have no time for those that abuse any regulations or rules esp when it comes to safety and or restrictions based on known transmission regulations based on occupational health and safety and or standards

this seems to be ignored for a long time and now its addressed seems ppl are up in arms and plz explain why as i have no idea

 

[RMerlin]

The majority of routers sold, stop receiving updates within a year, what happens if someone spends $150 on a new router, then 6 months later, a remotely exploitable vulnerability is found, but the router maker is no longer releasing updates?

If you read this again, you'll see that Linksys is in no way preventing you from flashing third party firmwares.

So far, TP-Link is the only one taking this route.

 

[L&LD]

If you read this again, you'll see that Linksys is in no way preventing you from flashing third party firmwares.

So far, TP-Link is the only one taking this route.

That doesn't seem to be completely true if what is stated in post one is to be believed?

Only WRT drivers will have that option for third party firmware (all others are locked).

 

[thiggins]

If you read this again, you'll see that Linksys is in no way preventing you from flashing third party firmwares.

That's not how I read it. What gives you that impression?

 

[RMerlin]

That's not how I read it. What gives you that impression?

Sorry, that wasn't totally accurate. I should have specified that this applied to the WRT line of routers (their other line does block third party firmware indeed).

For the WRT line of products, what they do is they store the radio data in a separate location, which means third party firmwares can reuse that data, without any risk of breaking any local regulations. Quotes from the Ars article:

This takes more work than simply locking out third-party firmware entirely, but Linksys, a division of Belkin, made the extra effort. On and after June 2, newly sold Linksys WRT routers will store RF parameter data in a separate memory location in order to secure it from the firmware, the company says. That will allow users to keep loading open source firmware the same way they do now.

That router as well as the newer WRT1900ACS and WRT1200AC will continue to support open source firmware after the new rules take effect, La Duca said.

I suspect that this "wireless data" are the CLM tables (and probably the region code as well).

Nothing would prevent DD-WRT (for example) from reusing that data, and to keep running on the WRT routers.

This is somewhat similar to what happened with the WRT54G. When they went with VxWorks, they launched a separate SKU based on Linux, so third party firmware could still be used.

It's not ideal, but it's not a blanket block at least.

 

[thiggins]

Thanks for clarifying.

 

[sfx2000]

I suspect that this "wireless data" are the CLM tables (and probably the region code as well).

Nothing would prevent DD-WRT (for example) from reusing that data, and to keep running on the WRT routers.

This is somewhat similar to what happened with the WRT54G. When they went with VxWorks, they launched a separate SKU based on Linux, so third party firmware could still be used.

It's not ideal, but it's not a blanket block at least.

Most folks want 3rd party firmware for the base OS and additional capabilities, and don't really need to change anything with the wireless side.

I know of at least two ways to facilitate this with the Marvell platform directly, and allow the base OS to be changed, without impacting/changing the wireless driver configurations - pretty much the same way Mobile Phones do with Android (3rd party ROM's) and not impact the telephony baseband.

 

[pete y testing]

Most folks want 3rd party firmware for the base OS and additional capabilities, and don't really need to change anything with the wireless side.

this is how i see it these days , its been a long time since we had massive gains in wifi performance with any 3rd party firmware ( without breaking rules ) , for the most part now because we have reached max eirp there is little to tweak and or re code to gain performance and still keep it legal and i think a bit of the anger and complaining comes from a lack of understanding and the belief 3rd party always makes things better even wifi

i must admit i left behind the likes of dd wrt and tomato years ago and only used gargoyle because of its bandwidth and quota control and band width monitoring , now asus has taken up most of those duties ( apart from quota control ) i dont really see the need to use 3rd party fw , merlins fw is different as we all know as it adds to the asus base line

how linksys abide by the new rules will be interesting and im guessing they have to go this way to keep the claim the linksys range is 3rd party capable as thats what they floated the whole range on in the first place and why the max stream arnt included is strange , and has anyone heard what parent company belkin is doing with their range yet as i assume linksys still comes under the umbrella of belkin

 

[Razor512]

The problem that I see overall, is that the locking down of the routers is spreading. Users buying a router after these decisions, will be more likely to get something that is completely locked down, thus when the next major exploit is discovered, a lot more people will be screwed. I have seen routers where after release, they never get a single update, and others where after release, they get at most, one two updates during the first 6 months, then nothing after that, even when exploits such as the issues with netusb are discovered. This fcc rule change is not going to magically force these companies to support their routers for a longer time, and the average customer going to a store, will likely not be advised on this, and may not expect to encounter these issues until they do, and they end up with an artificially obsolete product.

This is worst than the smartphone market. Sure the WRT line may keep some 3rd party firmware support, but for how long? What about other brands, tp-link joined the dark side, and Linksys is partially joining; which side will Netgear, Asus, and many other brands, join?

 

[pete y testing]

i think the level of after sales support is a different matter all together , manufactures r and d hasnt changed and wont change as this is dependent on their business mode and not on what wifi regulations exist or dont exists

its prob one of the reasons tp link have taken the approach they have as their buisness model doesnt really have a big after sales support case and never has , the implementation of lockdown is just a case of its the easiest thing for them to do at little cost to them

 

[Razor512]

i think the level of after sales support is a different matter all together , manufactures r and d hasnt changed and wont change as this is dependent on their business mode and not on what wifi regulations exist or dont exists

its prob one of the reasons tp link have taken the approach they have as their buisness model doesnt really have a big after sales support case and never has , the implementation of lockdown is just a case of its the easiest thing for them to do at little cost to them

The after-sales support is closely tied to this issue because it means that when a router company decides to abandon their, customers will have no way to get 3rd party support.

For example, if you buy a new locked down router, and the company abandons it 3 months later, you will be in a situation where if a new security vulnerability is discovered, you may be forced to buy a new router again, and it is likely that the new purchase will not even be much of an upgrade.

 

[pete y testing]

For example, if you buy a new locked down router, and the company abandons it 3 months later, you will be in a situation where if a new security vulnerability is discovered, you may be forced to buy a new router again

once the manufacturer decides its no longer going to support any device it would be the same conclusion , not all routers support 3rd party and no all in one type modems do ether , its rather a small amount of the actual market that can use 3rd party anyway , most manufactures will however release security fw if needed and where they see a need , this is really a small user base this effects in the big picture when it comes to 3rd party support extending the life routers