US clarifies mobile hotspots part of foreign router ban despite rarity of American made consumer kit America's telco regulator has clarified its ban on foreign-made routers also includes mobile hotspots and domestic routers that use a 5G cellular connection to the internet. The Federal Communications Commission (FCC) announced – about a month ago – an effective ban on new consumer-grade network routers manufactured abroad …
The amount of lobbying received depends on most routers and phones being manufactured offshore. If it were about protecting US manufacturing then the new protections would be targeted at manufacturing that does exist and which could be scaled up, rather than that which doesn't and won't exist. Assume it's all about the grift and you'll have a better explanation for Trump's executive orders than the good of the nation.
There are no restrictions on owning the kit, only importing it. What will happen, in the name of security, is we'll be stuck with old tech that is not allowed to be replaced or updated. So should a new vulnerability be found (or is currently unpatched), we will have no option to remedy it. Makes you wonder if the government wants to protect the vulnerabilities that they are currently exploiting.
I've come to believe that chaos is the point. Greenland, 51st state, tariffs, attacking Iran, withdrawing from NATO, no longer supporting UK's claim to the Falklands, 'ejecting' Spain from NATO. And so many other things. It has only been 15 months.
If there's espionage to be done, I would think that the least valuable target would be residential customers. Yes, there's more of them, but they probably don't have a computer one 24/7 with lots of horsepower connected to the net. Businesses, on the other hand, have racks of computers that stay on all of the time with big fat connections to the internet. Business data will be more valuable as well. It's better to gain access to the movie studio to download the newest blockbuster before it's released than to bust into some individual's computer to score a copy of Jaws.
The easy out is to style and advertise equipment as being meant for commercial applications since it's going to do the same thing.
Residential customers are an extremely valuable target - there's so many of them with designed-insecure routers, that oodles of bandwidth and processing power is available.
Many botnets use residential routers to offer unprecedented amounts of DDoS bandwidth and endless piles of residential IPv4 addresses for proxy use.
Due to modern bloat, modern routers have plenty of processing power - even when a router is being used as part of a massive DDoS attack, the only thing the resident could notice is a slight slowdown that goes away in a few hours - thus the resident never cares to do something about it.
Most businesses don't have racks of computers - many businesses now have no servers, or only one server that is overloaded with windows bloat and therefore is of similar use to a router.
The internet upload of businesses may be a bit higher, but utilizing it is risky - the business often has an expensive "IT consultant" that has little interest at being competent at their job, but is extremely paranoid and will throw a fit if the upload utilization ever remains on average above 0.5% - thus there's a high chance utilizing business connections for DDoS or for significant proxy use would be discovered.
A pre-release of the newest blockbuster is of little value, as you'd be hard pressed to find many that are willing to pay money for such slop.
For businesses that only have other businesses as their customers, the business data is of little value - although such businesses can be useful to carry on social engineering until a business with valuable data is found.
A common attack now is to hijack business outlook emails by socially engineering the login details (very easy as the stupid microsoft account often needs to be logged into 3 times a day) and then send emails with a phishing link to all of the business customers and keep going.
The US technique seems to be to ban all routers and then follow up by mandating that only designed to be even more insecure routers can be sold.
"Residential customers are an extremely valuable target - there's so many of them with designed-insecure routers, that oodles of bandwidth and processing power is available."
I was contrasting the residential consumer bans to no bans on commercial kit. Yes, botnets can run from insecure PC's quite nicely, but they aren't on all of the time and while they may have a high speed internet connection, it's not going to be on par with what a business might be connected with.
There either needs to be standards required for both spheres or none at all to make any sense.
Residential routers are on 24x7 - as are commercial ones.
A single residential router is worth nothing to a miscreant, but a bot net of many thousands of them is very valuable both for DDoS attacks and for attempting to break into something that is valuable. They all come with their own IP, so such things come at you from all sides.
Most people use the router their ISP gave them and rely entirely on that ISP to keep it secure - after all, most people don't know how any of this works and shouldn't need to!
A single serious vulnerability in one of those routers can give an attacker a significant proportion of an ISP's customer base.
One of my websites has been slammed by a residential botnet crawler for a few months now - even from countries I've never heard of.
162,773 unique residential IP4s in 2 weeks. They all fail the ALPN/GREASE test so are easily filtered, but that's a lot of residential routers / IoT things
Most small to medium businesses have resources similar to what a residence has and use the same kinds of routers - it's only larger businesses that has vastly more resources available - such businesses also tend to keep an eye on resource utilization, solely due to cost concerns.
I've seen a few "residential" windows 10 and 11 computers that for some reason refuse to go into sleep mode and always wake up and such computers are of course allowed to run 24x7 - but those aren't my computers and I don't use them, thus I can't investigate further.
Insecure PC's are in fact on all the time - for any modern intel computer with IME that has power applied, the Intel ME is running 24x7 (generally a low-power processor located in the chipset, but it has the ability to receive and send quite a lot of Ethernet packets as needed to handle remote "VNC" usage).
There has been quite a lot of ME vulnerabilities found and it seems most running IME versions are likely unfixed (as fixing such vulnerabilities is dependent on the motherboard vendor releasing a UEFI update which includes a ME update).
Maybe none of the found vulnerabilities are useful for hijacking the ME itself (instead you need to turn the fat OS on and hijack that?, which would be more detectable), a ME hijack would be an incredible botnet, due to a history of over 1 billion installs and it being likely that there are at least 100 million old IME versions active.
"it's not going to be on par with what a business might be connected with."
I didn't downvote, but due to how stuff is being rolled out, the place I work has something like a 500Mbit line. At home I have 2Gbit down (*) and 700Mbit up. So as fibre rolls out, yes domestic users can have a fair amount of available bandwidth.
* - artificially restricted to 1Gbit per device unless I want to pay extra, but since that's faster than WiFi goes and pretty much everything at home uses WiFi (old stone farmhouse, I'm not cabling that!), it's not a limitation that bothers me.
As well as the Trump mobile phone? Although the page claims "wireless independence", whatever that means, even that stops short of claiming US manufacture with the no doubt much debated phrasing "it’s brought to life right here in the USA. With American hands behind every device", oh and err the biggest problem, still no ship date.
Indeed, as Cisco demonstrates regularly.
And, as far as National Security is concerned, I fail to see where consumers are implicated. This notion concerns government administrations and the military, not consumers.
If you push it, you could eventually mandate that critical infrastructure not be connected to the Internet but only accessible via dedicated phone lines. THAT would be useful.
But of course, being actually useful is not what this administration is worried about.
Nerfing our kids futures to try and and force a piece of the pie into our pockets simply will not work. I didn't think there could be anything more devastating to a class of humans starting their lives than the economic crash of 2008, but here we are. Pandemic was a stall, but the youth persevered and got to it. Making things to where only established and already wealthy (or very rich, at least) have a chance is insane. Electing a President that made his name in realty when the housing market looks like this was a giant red flag that was ignored. All because he ran around basically asking "How much would you pay in order to be allowed to be hateful out in the open?" Turns out, for many Americans, the answer was "everything".
Yes.
They're drafting a bill to block ALL news and entertainment brands that aren't US-made.
So that includes anything Canadian or UK-produced (ALL of the BBC including BBC America), everything from South Korea/Japan etc.
Oh yeah and Netflix is on the list because its felt they're "anti-trump" so any non-US content will have to be 100% blocked.
Manga/Anime is included in the block, so Crunchroll etc will be unavailable in the US.
Basically they're aiming for pro-government only television ala russia's RT and Pravda.
So basically they're blocking:
Cisco
TP-Link
Huawei
ZTE
Xiaomi
Tenda
Mercusys
D-Link (Taiwan)
ASUS (Taiwan)
Zyxel (Taiwan)
Arcadyan (Taiwan)
Nokia (Finland)
AVM (Germany – Fritz!Box)
Technicolor (France)
Sagemcom (France)
Teltonika (Lithuania)
MikroTik (Latvia)
NEC
Yamaha
Buffalo Inc.
Thats just the top 10, there are 25,000 other router brands they're blocking.
You say "The ban has also drawn criticism as a thinly veiled attempt to compel domestic manufacturing, since obtaining an exemption requires vendors to commit to US-based production and submit a detailed, time-bound plan to achieve it."
Unless you're netgear, in which case you just get waved through without any commitment to US based production....
After Trump and his true believer steals the next election the next step will be to ban all existing 'foreign' routers and mandate that all patriotic (you are patriotic, aren't you?) Americans must use a Department of Freedom supplied router. One that's proudly made in the enlightenment zones (aka prison camps) by happily re-educated wrong-thinkers (anyone who doesn't praise Dear Leader).
Of course, being a true American, you've got nothing to hide so you'll have no worries about the Department of Transparency logging all your internet usage. It's for your safety too - there may be liberal, radical, leftist, Marx-Socialist other-thinkers online trying to poison you're mind with subversive, anti-orthodoxy, anti-American ideas.
/s - but only a little bit.
