US bans sale of all *new model* non-US made wifi routers

[Notconnected]

Safety being used as an excuse to control products, just like age verification is about the children. Just more control mechanisims.

The FCC has set up a conditional approval process that, on paper, lets manufacturers apply for exemptions. In practice, it's not a security review. The application requires "a detailed, time-bound plan to establish or expand manufacturing in the United States," documentation of "committed and planned capital expenditures" for US-based production, and quarterly status updates on onshoring progress. If you're approved, you get a temporary exemption, typically up to 18 months.

Notice what's not in that list: security testing, independent code audits, vulnerability disclosure requirements, or any technical evaluation of whether the router is actually safe. A manufacturer could build the most thoroughly audited, security-hardened router on the planet, and if it's assembled in Vietnam without plans to be manufactured in the United States, it can't get authorized. A router assembled in Texas with the exact same firmware, the same Chinese-made chipset, and the same global open-source software stack would sail through. The process is asking "are you willing to move production to America?", not "is this router secure?"

 

[Notconnected]

And if state-sponsored hacking via consumer networking equipment is the actual concern, the scope of this ban is oddly narrow. Routers aren't the only devices on your home network with a foreign-made chipset and a firmware stack that could theoretically be compromised. Managed switches, wireless access points, NAS devices, smart home hubs, IoT sensors, all of them run software, all of them connect to your network, and almost all of them are manufactured overseas. If a TP-Link router is a national security risk because it could be compromised by a foreign state, then so is a TP-Link smart plug, a TP-Link security camera, or for that matter, a Hisense TV with a microphone. The FCC didn't touch any of those.

 

[Notconnected]

So Asus are already jumping though hoops for the powers that be,
may be they should get a pass on the router ban, seems they are bending over backwards to make their firmware available for audits since 2016, when the FTC settled with the company over security flaws in its routers that left hundreds of thousands of consumers exposed. The default login credentials on every Asus router were "admin" and "admin," and a vulnerability in its cloud storage feature led to hackers accessing over 12,900 consumers' connected storage devices. Asus agreed to 20 years of independent security audits as part of the settlement.

 

[Viktor Jaep]

And if state-sponsored hacking via consumer networking equipment is the actual concern, the scope of this ban is oddly narrow. Routers aren't the only devices on your home network with a foreign-made chipset and a firmware stack that could theoretically be compromised. Managed switches, wireless access points, NAS devices, smart home hubs, IoT sensors, all of them run software, all of them connect to your network, and almost all of them are manufactured overseas. If a TP-Link router is a national security risk because it could be compromised by a foreign state, then so is a TP-Link smart plug, a TP-Link security camera, or for that matter, a Hisense TV with a microphone. The FCC didn't touch any of those.

They're either executing on the vague "concept" of a plan, or to increase the wealth of their money for their 1% billionaire buddies. Not sure. Might be both.

 

[KevTech]

I wonder how this will affect cable ISP gateways as they are a modem and a router.