260 experts pen four-point plan to strengthen Wi-Fi router security

"We can't afford to let any part of the Internet's infrastructure rot in place," said Vint Cerf, co-inventor of the internet.

linksys-ac3200-router-3249-007.jpg
(Image: CNET/CBS Interactive)

It's not just security researchers who are fed up with hearing day after day about a new security vulnerability in a widely-used Wi-Fi router.

Even the co-inventor of the internet, Vint Cerf, has had enough.

In a letter to the Federal Communications Commission (FCC), the government body that regulates the airwaves and internet services, more than 260 leading internet experts argued that new proposals could lead to "buggy and insecure software" for off-the-shelf home and office routers, among other technologies, and should not go ahead.

Read this

Free wi-fi? Mesh networking? Bins that talk? Porto project shows it's a load of garbage

A clever experiment in Portugal is showing how adding new technology to the city's vehicles - including garbage trucks - can be put to new uses.

Read More

While the proposals would on one hand ensure that a Wi-Fi router operates on the mandated parameters of the radio frequency spectrum it was designed for, on the other the rules as they stand risk "permanently locking in place buggy and insecure software."

Cerf, along with Dave Taht, co-founder of the Bufferbloat Project, said Wednesday that the FCC should take the "alternative approach" that favors open-source and patching.

Their four-point plan, they say, would help to strengthen security across the whole internet.

The experts said routers should be open-source so their code should be made public and available for review. Additionally, manufacturers should assure that any router firmware updates are under the owner's control rather than the manufacturers and they should allow for a 45-day patch window for vulnerabilities for five-years after the device ships.

If, say the experts, the companies fail to comply, the FCC could decertify existing products or, in severe cases, bar new products from that vendor from reaching the market.

Former FCC chief technologist Dave Farber welcomed the approach, adding that the proposed rules as they stand "lack critical accountability for the device manufacturers."

Farsight Security chief executive Paul Vixie said the rules "would significantly decontaminate our technology supply chain."

The FCC did not respond to a request for comment early Wednesday.

Newsletters

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
See All
See All