260 experts pen four-point plan to strengthen Wi-Fi router security

"We can't afford to let any part of the Internet's infrastructure rot in place," said Vint Cerf, co-inventor of the internet.
Written by Zack Whittaker, Contributor
(Image: CNET/CBS Interactive)

It's not just security researchers who are fed up with hearing day after day about a new security vulnerability in a widely-used Wi-Fi router.

Even the co-inventor of the internet, Vint Cerf, has had enough.

In a letter to the Federal Communications Commission (FCC), the government body that regulates the airwaves and internet services, more than 260 leading internet experts argued that new proposals could lead to "buggy and insecure software" for off-the-shelf home and office routers, among other technologies, and should not go ahead.

While the proposals would on one hand ensure that a Wi-Fi router operates on the mandated parameters of the radio frequency spectrum it was designed for, on the other the rules as they stand risk "permanently locking in place buggy and insecure software."

Cerf, along with Dave Taht, co-founder of the Bufferbloat Project, said Wednesday that the FCC should take the "alternative approach" that favors open-source and patching.

Their four-point plan, they say, would help to strengthen security across the whole internet.

The experts said routers should be open-source so their code should be made public and available for review. Additionally, manufacturers should assure that any router firmware updates are under the owner's control rather than the manufacturers and they should allow for a 45-day patch window for vulnerabilities for five-years after the device ships.

If, say the experts, the companies fail to comply, the FCC could decertify existing products or, in severe cases, bar new products from that vendor from reaching the market.

Former FCC chief technologist Dave Farber welcomed the approach, adding that the proposed rules as they stand "lack critical accountability for the device manufacturers."

Farsight Security chief executive Paul Vixie said the rules "would significantly decontaminate our technology supply chain."

The FCC did not respond to a request for comment early Wednesday.

How to lock down an insecure wireless network router

Editorial standards