https://www.cnet.com/home/internet/fcc-bans-foreign-made-routers-as-national-security-risk/
Is this real? Did April Fools hit early or something?
Is this real? Did April Fools hit early or something?
![[H]ard|Forum](/styles/hardforum/xenforo/logo_dark.png){kind=logo}
-
Some users have recently had their accounts hijacked. It seems that the now defunct EVGA forums might have compromised your password there and seems many are using the same PW here. We would suggest you UPDATE YOUR PASSWORD and TURN ON 2FA for your account here to further secure it. None of the compromised accounts had 2FA turned on.
Once you have enabled 2FA, your account will be updated soon to show a badge, letting other members know that you use 2FA to protect your account. This should be beneficial for everyone that uses FSFT.
FCC bans sale of some foreign-made routers in the US
- Thread starter sphinx99
- Start date
It's anything on this list - https://www.fcc.gov/supplychain/coveredlist - now expanded to the consumer space. It also has some limitations to devices such as they should be constructed/mostly made in the U.S., etc. - not as strict as you think and overall a good move.
- Joined
- Jan 14, 2007
- Messages
- 17,022
I mean can't buy ram, can't buy ssds, CPUs maybe next... so sure why not, no one needs wifi stuff either!
That's the list? There's way more than that, but OK.
That is what is overtly banned, it is the Section 889 stuff - some Chinese companies and then Kaspersky (Russia) today.
This new ban will affect EVERYTHING but they are taking this approach because there is just so much crap. I am sure they will review every brand on a case-by-case basis and the "big guys" like ASUS, etc. will get through fairly quickly. It's not ideal but I am not sure how they would do this in a better way. "Door is closed, but check with us, if OK we will give you approval and work with you to produce more of your products in the U.S." etc etc
- Joined
- Nov 11, 2012
- Messages
- 1,475
There's only one country allowed to spy on you with their devices (actually, there's two).
They'd just better not ban MikroTik. I have one of their routers. I'm probably one of the very few people on here with a router that was made in a "western" country - my router was made in Latvia, so it was made in an EU country.
The stickler in me says to watch that the only things that get approved to use are the ones submitted by Service providers.
The Person in me who does the broadband access stuff says service providers and their OEMs (Nokia, Adtran, Ciena, etc) who provide the CPEs, and well, all CPE manufacturers are basically screwed by this. Like even for BEAD they allow Wifi Routers to not need to meet the BABA requirements as they're not part of it, but this is going to completely crush deployments since every CPE is not made in the US basically.
The Person in me who does the broadband access stuff says service providers and their OEMs (Nokia, Adtran, Ciena, etc) who provide the CPEs, and well, all CPE manufacturers are basically screwed by this. Like even for BEAD they allow Wifi Routers to not need to meet the BABA requirements as they're not part of it, but this is going to completely crush deployments since every CPE is not made in the US basically.
There have been reports of previously somewhat reputable brands having very big holes in them and in some cases firmware that is sending traffic to 3’rd parties for “AI” analysis.
Using either QUIC or SSL protocols, usually to Amazon Web Services or a smaller data center in the EU.
It looks normal and unless you have SSL decrypt enabled you would never know it’s essentially running a man in the middle to monitor all your activities and services.
Using either QUIC or SSL protocols, usually to Amazon Web Services or a smaller data center in the EU.
It looks normal and unless you have SSL decrypt enabled you would never know it’s essentially running a man in the middle to monitor all your activities and services.
- Joined
- May 19, 2008
- Messages
- 2,349
The USA government just doesn't want backdoors and remote kill switches built into products sold in the USA, by foreign governments. Kind of like the 0days built into the USA operating systems that we put in during the development stages of OS builds. That is why China bans the use of USA operating systems without similar compliance with their governmental policies(most USA operating systems are banned in China). This is just the USA wanting a smaller amount of protection from Chinese exploits than China already expects to be protected from the USA. It makes sense to have this policy from a security standpoint. The problem is that government is painfully slow at everything important in the permanent state(across every presidency since JFK). Expect this "ban" to be a shifting goalpost to muscle companies into showing source code and removing parts(software and hardware) that the USA government disapproves of.
Just wait until you see what's next in the mobile space. It's not over.
It only effects consumer devices to my knowledge.
BEAD = Broadband Equity Access and Deployment Program , Money for broadband deployments in rural stuffs (technically underserved areas)
BABA = Build America Buy America , one of the key components that certain aspects of your network (fiber, outdoor housings, OLT/OLT LineCards/OLT Optics/Bridge ONTs only/ETC) need to be built in America to get the funds.
Considering that a lot of consumer routers are designed and/or built in China, I think that this FCC action is justified. Of course, it would be better still if US designed and built routers had to submit code for independent review, something that might be enable at low cost with AI.
This country is under constant cyber assault from both state and non-state actors, a lot of them from China. There are other state-level actors, but we don't buy IT equipment from them.
This country is under constant cyber assault from both state and non-state actors, a lot of them from China. There are other state-level actors, but we don't buy IT equipment from them.
It's strange as it's not like brands can fund and switch to a US-based manufacturing operation overnight. Routers, routers that serve as access points, gateways—they all will be affected on paper.
For this to make any sense brands would have to had been given forewarning to be able to plan ahead or submit for approval, yet as of today none have exceptions and none responded to CNET for comment. People will be stuck without being able to buy related networking gear for some time unless exceptions occur shortly.
Avalon, Ericsson, Allen-Bradley, Cisco, Dell, Juniper, all made in the US. They make up most of the ISP backbone.
HPE has started to leverage the supply chain they acquired when they purchased Juniper to bring the Aruba and HPE manufacturing back to the US.
So most of the big players are already onboard for this.
Dlink, Linksys, Ubiquiti, TPLink, those guys are in trouble.
Again, this is only the Consumer side, so the Routing/Optical side of SPs are not going to be effected by this, but their CPE pieces will (Gateway combos for home, Bridge ONTs/ONUs and modems should be fine).
I will note that a lot of the high end routers are not manufactured in the US. Heck, a lot of the Cisco SP gear comes in through Laredo, Nokia stuff is mostly out of country (And probably a bigger footprint than Cisco in HERO stuff there anyway). I would wager all the whitebox routers aren't manufactured here (UFISpace, Edgecore, etc) that ISPs are also all manufactured foreignly.
DukenukemX
[H]F Junkie
- Joined
- Jan 30, 2005
- Messages
- 11,195
Mentioning the other country makes you antisemitic.
Glad to see the lack of competition to bring down pricing. This is the best time to start banning the sale of routers from other countries, when the price of goods has skyrocketed. I'm sure the big players won't suddenly jack up prices over night. At this point, it seems like building your own router is the best course of action. I don't trust the big players as much as the FCC trusts Dlink, Linksys, Ubiquiti, and TPLink. If I can't run my own software then I don't trust them.
View: https://youtu.be/r9fWuT5Io5Q?si=meJxJReUq-Ak5xHi
- Joined
- Aug 15, 2005
- Messages
- 9,086
Gonna be a few more million dollar paying "guests", at the next Mar-a-Lago dinner. Its all a grift.
Last edited:
It's good to know about enterprise brands already being made in the US though the context to my posts were about consumer brands and being impractical to suddenly shift operations, leaving people stuck and the ambiguity of whether brands were given advance notice about this.
I get the impression they knew it was coming. I’ve gotten too many security bulletins over the past 2 years talking about the challenges in the security space caused by cheap Chinese and Indian electronics and how we need to be securing them as untrusted devices on our networks and blah blah blah for this to be coming at them out of left field.
It might be happening sooner than they anticipated but they would have to be blind and deaf to not have gotten wind of it until now.
Components can still be sourced from elsewhere, just assembly and programming needs to happen locally. It won’t be a huge shift, existing approved devices are grandfathered. New devices just need to either be made in the US, or go through the FCC approval process for exemption. Short term pain, but there’s a bright side, it could be the final nail in the smart appliance market what memory pricing made impractical the FCC may have just killed.
We've seen things released about certain Chinese product security concerns and even threats of blacklisting certain brands though I think this sweeping ban that affects not merely Chinese-owned companies but anything made in any non-US country is a bit different.
Looking at the FCC's FAQ it seems pretty explicit that it doesn't matter which foreign country it is, even if they're traditionally US-friendly, which personally I don't think would have been something that could have been seen coming. I think we both expect brands will just seek exceptions in the short term.
That or they just keep their existing lineups active a little longer. It’s only new products that are banned existing ones get a pass.
So they just need to get their ducks in a row before their next range refresh.
westrock2000
[H]F Junkie
- Joined
- Jun 3, 2005
- Messages
- 9,598
Some people look at the world and see a harmless game of collecting pokemon.
Some people look at the world and see a covert plan to 3D map the entire world exploiting the citizens as free labor.
But most people will look at the world and just assume it's further proof that orange men are in fact still bad.
Who knows what the truth is.
Some people look at the world and see a covert plan to 3D map the entire world exploiting the citizens as free labor.
But most people will look at the world and just assume it's further proof that orange men are in fact still bad.
Who knows what the truth is.
Every router approved in the past (they already needed to be approved by the FCC before) is grandfathered in, this only affect future new models I think. Text of the law say:
Nor does it prevent retailers from continuing to sell, import, or market router
models approved previously through the FCC’s equipment authorization process
- Joined
- Aug 3, 2004
- Messages
- 23,936
It is a money grab. They will allow exceptions if you pay some fee or something..
Or open an HQ in the US or something else, just another push to try and force companies to be located in the U.S
Or open an HQ in the US or something else, just another push to try and force companies to be located in the U.S
- Joined
- Aug 3, 2004
- Messages
- 23,936
Meanwhile CIsco continues to leave hard coded root accounts in their OS and perimeter devices
I agree. This doesn't seem to much be about security but just another way to force companies to spend more money in the USA. They just got bored of tariffs and are trying new things.
Well they did just build the facilities to manufacture the stuff in the US they have to manufacture a reason for companies to start using them otherwise China will just undercut them and manufacturing would remain in China
https://www.fcc.gov/sites/default/files/Guidance-for-Conditional-Approvals-Submissions0326.pdf
A detailed, time-bound plan to establish or expand manufacturing in the United States, it could be, but home router manufacturing must be so small...
https://www.texasattorneygeneral.go...cess-americans-devices-first-several-lawsuits
Huawei and zte were banned in 2022 aftert the https://en.wikipedia.org/wiki/Volt_Typhoon, https://www.justice.gov/archives/op...-republic-china-used-conceal-hacking-critical and others of the type.
Actual fear can be a motivation, the made in US and market capture just helped by some business interest (while really big one would have fought against it).
A detailed, time-bound plan to establish or expand manufacturing in the United States, it could be, but home router manufacturing must be so small...
https://www.texasattorneygeneral.go...cess-americans-devices-first-several-lawsuits
Huawei and zte were banned in 2022 aftert the https://en.wikipedia.org/wiki/Volt_Typhoon, https://www.justice.gov/archives/op...-republic-china-used-conceal-hacking-critical and others of the type.
Actual fear can be a motivation, the made in US and market capture just helped by some business interest (while really big one would have fought against it).
That same list is applied here. It is expanding that ban to the home consumer market and taking steps to head off non-approved devices.
- Joined
- Dec 5, 2018
- Messages
- 4,630
This is the single most retarded decision I've ever heard of.
- Joined
- Jun 7, 2007
- Messages
- 13,728
I love it, hit'em where it hurts.
- Joined
- Jan 14, 2007
- Messages
- 17,022
Absolutely true. Sometimes back China did something with solar by selling below cost and it killed solar startups who were trying to do thin film printing for solar
I doubt those bulletins were worse than the constant vulnerabilities in the dogshit product this pure blooded Murica company proudly serves to the US government and numerous big companies:
This will hurt normal folks the most. And WISPs.
Last edited:
Two different things, vulnerabilities are discovered and patches are issued.
Meanwhile millions of cheap foreign networking devices are actively siphoning data back to their handlers using encrypted protocols or disguised as generic SSL and QUIC traffic to dumping grounds with cheap AWS services or sketchy datacenter’s in the EU.
More than a few cheap video streaming boxes come actively bundled with known IPv6 DNS exploits straight from the manufacturer to assist them in their efforts to steal data.
Last edited:
Sure, just like kids toys from all continents. That's an IoT problem, not a foreign problem.
Routers from reputable non-US companies range from great security wise, to industry average, but none with deliberate security compromises AFAIK. Even the dreaded Huawei has a better track record than Cisco. This administrative decision is just laughable.