The Lockdown is Here.

February 20, 2016

Buckle up, buttercups. This is a long but IMPORTANT blog post. A post that talks about how the FCC and technology manufacturers have made it almost impossible for anyone to use open-source firmware on routers and other devices with a radio. We spoke about this possibility a few months ago in Becky's "You Can't Stop the Signal" post. The bottom line? This could be the end (or at the very least, a BIG slowdown) of Community Wireless Networks like PittMesh and city-wide free public Wi-Fi projects like Freifunk in Germany. What we feared has become a reality.  But we want to give you a complete and informative post about what is happening, so please stay with us for the full ride. We will also post updates if and when new information is provided to us. 


Adam has recently been working with a member of the PittMesh Working Group on a project, mapping where PittMesh can and cannot be used. We needed a router, and he knew just what to get: the trusty and inexpensive TP-Link WDR3600, which we have used for almost 2 years in the PittMesh network.





When the router (a v1.5, the newest version) was delivered, I tried to flash it with OpenWRT, the de facto open source firmware all routers on our Community Wireless Network use. But I couldn't flash it. I couldn't even flash older "official" images from TP-Link. So I figured the router must be flawed in some way. Just in case, I put in a support ticket on TP-Link's site inquiring if this problem could be due to being locked down firmware and then I RMA'd the device back to the reseller.


A week later I received the second WDR3600 (this time an older v1.0 model). Again, I tried to flash it using both GUI and TFTP methods. And once again, I received an error. This time I opened a chat session to see if I could get more immediate answers. I was connected with "Camille."


And that's when things got scary.


The Federal Communications Commision (FCC) is the United States' regulatory board that makes rules for radio communication. They have sliced and diced the RF spectrum up for decades, alloting different bands for different uses and creating rules so that those bands can be useful to public and private entities. The FCC sets in place "rules of the road," too but they generally leave those rules up to the users and vendors to implement-- especially when it comes to the "license-free" segments on which WiFi works: the 900 MHz, 2.4GHz, and 5GHz bands. You could think of their role as the painters of road markings on your local highway. They paint the lines and expect you to stay within them both for your benefit and the benefit of those around you. This has worked pretty well for everyone using those bands for decades.


Well, almost everyone. It turns out that there are other technologies operating in those "license-free" bands.  Technologies which the FCC argues are more valuable to society than your transferring of an episode of MST3K from one computer to another using your new 5GHz router. Ground-based Doppler Weather Radar systems use certain channels on the 5GHz portion of the WiFi spectrum to detect, well, weather. We've all seen these Doppler maps. They're on the local news every day.



WiFi routers using the 5GHz band should have a technology enabled called Dynamic Frequency Switching (DFS) that listens for the "pings" of Doppler radar. When the router hears the radar, it switches channels so that it does not interfere with the radar. At least that's how it's supposed to work. It is possible to turn off DFS on routers. It's also possible to ignore the lines painted on the road. Neither possibility is good for anyone-- but it still happens.


The FCC cited a Federal Aviation Administration report from 2009 that showed that license-free U-NII devices (devices operating in the 5GHz band) were causing "harmful interference to [the FAA's] Terminal Doppler Weather Radar." Most interesting was this section from the same document:


13. The Commission’s investigations found that most 5 GHz devices are manufactured to enable operation across a wide range of frequencies, extending down into the 4 GHz bands and up to almost 6 GHz. The devices are controlled by software that manages the specific parameters used in the equipment. In most of those cases for which a specific cause was determined, the harmful interference was the result of third parties or users modifying the software configurations to enable operation in frequency bands other than those for which the device had been certified, but without meeting the technical requirements for operation in those frequency bands (such as the U-NII-2C band where interference to the TDWR was occurring).


In English, the FCC found that users who may not have known better had tinkered with the firmware on their wireless devices that made them operate in a not-so-nice way with the weather stations and were causing interference with the station's readings.


Analogy time: If there is a particular section of a road that sees an abnormal amount of head-on collisions because people are inadvertently crossing the painted road markings, it might be a good idea to put up a Jersey barrier in the center of that particular road. It would be silly to do anything more than that, right?


The FCC didn't quite see it that way.


Here's my own experience with their "solution" in a chat record with TP-Link, the manufacturer of our routers. 



CHAT RECORD from 9:09:36 PM to 9:34:19 PM February 16, EST


Camille 09:09:36 pm




Dear Adam, Many thanks for your valuable reply. If you cannot replace the firmware with a third party firmware, then please try to downgrade the firmware to the older version to see whether it can work. Sorry that we don't have the information about the unlocked firmware. This has to be tried by yourself. Sorry again for the inconvenience caused and your great cooperation & Patience will be highly appreciated.
this is my colleague reply


Adam Longwill 09:10:01 pm


downgrading does not work

I get an 18005 errror

upon attempting to downgrade

I want to know if this is because of the FCC's rules regarding broadcast strength and DFS control. Has TP-Link complied with these rules and locked down its firmware and if so, for what models

I need to know if I am going to continue purchasing devices from you.


Camille 09:13:25 pm


wait one moment please

Thanks for your waiting, right now only these products has limitation on firmware: Archer C7 V2

Archer C1900 V1

Touch P5 V1

Archer C2600 V1

Archer C3200 V1

Archer C2 V1

Archer C5 V2

Archer C8 V1

Archer C9 V1

TL-WR841N V11

TL-WDR3500 V1

TL-WR940N V3.0

TL-WR1043ND V3.0


TL-WR841N V9.0
and all products will also limit firmware in the future.

Adam Longwill 09:26:19 pm


Wow. Thank you. I'm impressed with your digging

And this limitation is due to FCC rule clarifications in 2015?

And not some other reason


Camille 09:28:15 pm


Right, due to FCC

Adam Longwill 09:28:50 pm


Thank you very much. Can you explain why the WDR3600 appears to be locked down? Is it possible that your list is not totally updated?

And do you have a method or avenue that people who wish to use other firmware have?


Camille 09:34:02 pm


Yes, wdr3600 as dual band wifi router, is also locked down. And there is no other way to use other firmware. Sorry for that

Adam Longwill 09:34:19 pm


Thank you very much, Camille. You've been very helpful.

The middle of 2015 saw a bit of talk about this issue. There was some handwringing from open source advocate and some established technology sources picked up the story such as Wired, Engadget, and Ars Technica. Many people submitted comments to the FCC about their proposed changes regarding this issue, specifically this section from their requirements for U-NII devices operting in the 5GHz range:


“Manufacturers must implement security features in any digitally modulated devices capable of operating in any of the U-NII bands, so that third parties are not able to reprogram the device to operate outside the parameters for which the device was certified.”


The "parameters" mentioned here include not just the implementation of DFS technology, but any specification that the wireless device was certified to operate under. There are many other specifications that wireless routers and clients must adhere to as well. For example, the maximum amount of power that is allowed to enter the broadcasting antenna in certain WiFi devices cannot exceed 1 watt. It is possible for an end user to boost the power beyond this limit which was put in place so that you don't have one yokel broadcasting with enough energy to microwave passing wildlife. But there aren't too many FCC "cops" knocking on your door asking to log in to your router to make sure it's operating within these and other parameters.


Instead of creating an Orwellian army of WiFi Enforcement Agents, the FCC foisted the responsibility of enforcing these parameters onto manufacturers. The handwringing intensified throughout the Internet into the Fall of 2015 with even the EFF getting involved in a letter-writing campaign to the FCC to ensure free software on wireless devices. It was also perhaps the most-anticipated discussion at BattleMesh v8 in Maribor, Slovenia.


There was so much noise on the subject that FCC decided to clarify its position. In a paper titled "Software Security Requirements for U-NII devices" dated November 12, 2015. In the paper, the FCC clarified its position that they were out to "lock down" the hacking of routers with third party firmware completely:


The purpose of this rule is to prevent modifications to the software that could, for

example, disable dynamic frequency selection (technology necessary for preventing interference to radars), enable tuning to unauthorized frequencies, increase power above authorized levels, etc. The rule is not intended to prevent or inhibit modification of any other software or firmware in the device, such as software modifications to improve performance, configure RF networks or improve cybersecurity. These types of software and firmware modifications, including updates to address security vulnerabilities are known to be highly desired by many users and manufacturers are encouraged to design their systems to permit such software upgrades while ensuring security of the portion that controls compliance with the FCC technical requirements.


To which technology publications like, Maximum PC, and even the EFF touted as a relief. And here is where my only criticism in this otherwise objective piece comes in. If these reporters were actually interested in investigation, they might have asked the next obvious question:


"If the FCC is not mandating that routers be locked down, how WILL these 'parameters' be enforced by the manufacturers?"


The answer is in: Instead of coming up with novel (read "more expensive") solutions that ensure open-source or third party firmware can replace the proprietary, underpowered, and often bug-ridden firmware that ships with most consumer routers today, manufacturers are taking the easy road and doing exactly what the FCC said they would never mandate: locking down the router. Preventing you from crossing that yellow line in the middle of the road by not letting you drive at all: the manufacturer now controls every aspect of your vehicle.


The FCC is full of smart people. They knew they had to solve a problem without getting egg on their face and becoming the bad guy of the Internet for ensuring some of the world's most notoriously unreliable products stay unreliable. And it appears they have done it. I'm not saying that that's "evil". It was smart. But it certainly makes it feel like the FCC is not really interested in innovative projects like PittMesh.  They have tied the hands of all community-owned wireless networks that run on open software. Networks that anyone is free to join and expand. Networks that are not owned by a single entity, and most importantly, bridge the Digital Divide by sourcing Internet access from those who can afford it and putting it out in the streets for those who see an Internet connection as a luxury.


Community Wireless Networks like PittMesh in Pittsburgh, the People's Open Network in San Francisco, Detroit's mesh network, or St. Louis's WasabiNet require open source technology to run and service tens of thousands of people a week with open Internet access in a day and age when you cannot apply for minimum wage jobs unless you apply online. And that's just our neck of the woods. Remember that FCC rulings are implemented by manufacturers not just for US markets but for markets world-wide as well. If you believe you will always have access to flashable WiFi equipment in Belize or Belgium or Bangladesh... you may find yourself in short supply of new equipment in the upcoming years.


And it's not just TP-Link. Ubiquiti is also planning on locking down routers in the future. And even the invited guests of BattleMesh v8, LigoWave, already lock down their high-end equipment. This is not a spectre in the distance. We are being haunted by this problem right now.


So where do we go from here? We see four ways forward:


1) The FCC mandates that manufacturers must allow some kind of editing of their software or recinds this mandate. Both of these seem unlikely.


2) One or more existing manufacturers actually value their more technical customers enough to follow the FCC's mandate and lock down some parameters of their devices while allowing flashing and editing of other unrestricted aspects. Perhaps they might see the value in the techie market segment in addition to the masses who don't even change their router's default password.

3) A cat-and-mouse game breaks out between hackers (read "developers") and manufacturers, until all firmware on every router is locked down, cryptographically signed, and no one can change anything ever on any device.


4) A new vendor arises, championed by the open source community, and builds open hardware and manages to comply with the FCC regulations.


In any case we have some very unnerving months ahead of us. Expect scarcity of inexpensive and usable routers for development purposes in the very near future. Hold on to those WRT54G's if they still power on and perhaps see the opportunity to hoard and collect flashed legacy devices and sell them on an e-bay like site. We may be headed towards something of a "black market" of networking equipment. And it happened because neither the FCC nor manufacturers stood up for the ten million "little guys" in the world who don't want to be locked out of innovation and opportunity for all. 


What are your thoughts? Email us or leave a comment!

Share on Facebook
Share on Twitter
Please reload

Featured Posts

State Of The Mesh: March 2017

March 2, 2017

Please reload

Recent Posts
Please reload

Please reload

Search By Tags

I'm busy working on my blog posts. Watch this space!

Please reload

Follow Us
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square

© 2019 Meta Mesh Wireless Communities. Share our content freely.

  • YouTube Social  Icon
  • Facebook Social Icon
  • Twitter Social Icon