- cross-posted to:
- usa@midwest.social
608
- cross-posted to:
- usa@midwest.social
BrianKrebs (@briankrebs@infosec.exchange)
infosec.exchangeWhoa, that escalated quickly. This just got sent out by the press folks at the Federal Communications Commission (FCC). The FCC says it has decided that all foreign-made consumer-grade Internet routers are henceforth prohibited from receiving FCC authorization and are therefore prohibited from being imported for use or sale in the United States.
"Update Follows Determination by Executive Branch Agencies that Consumer-Grade Routers Produced in Foreign Countries Threaten National Security
WASHINGTON, March 23, 2026—Today, the Federal Communications Commission updated its Covered List to include all consumer-grade routers produced in foreign countries. Routers are the boxes in every home that connect computers, phones, and smart devices to the internet. This followed a determination by a White House-convened Executive Branch interagency body with appropriate national security expertise that such routers “pose unacceptable risks to the national security of the United States or the safety and security of United States persons.”
"The Executive Branch determination noted that foreign-produced routers (1) introduce “a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense” and (2) pose “a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons.”
"This action does not affect any previously-purchased consumer-grade routers. Consumers can continue to use any router they have already lawfully purchased or acquired."
"Producers of consumer-grade routers that receive Conditional Approval from DoW or DHS can continue to receive FCC equipment authorizations. Interested applicants are encouraged to submit applications to conditional-approvals@fcc.gov."
Not sure how many consumer-grade routers will be left for sale if it really is a ban on approvals for any foreign-made consumer routers like they said, and not just a bunch of already restricted Chinese makers like Huawei and ZTE.
https://www.fcc.gov/document/fcc-updates-covered-list-include-foreign-made-consumer-routers
FCC's "covered list" of "thou shalt not entities": https://www.fcc.gov/supplychain/coveredlist
I hate to say anything that would defend any of this, but cheap Chinese routers are very prone to security issues. There’s a guy that has a youtube channel built arond taking apart and reverse engineering all kids of electroncis. He’s found some pretty bad stuff in generic routers, static logins, telemetry sent home, remote executable code in the admin portal while not logged in.
I agree there’s a lot more here they hope to gain, and that those gains are their primary objective, but there are some real issues from consumer network electronics.
That may be true and is certainly a well known concern …. Yet given the US government’s recent history, I have a hard time believing much of what they say
Cheap Chinese routers as a risk being true doesn’t prevent it from also being true that the current us administration is full of shit and likely more concerned about enriching someone connected to them, or tilt at windmills
There’s better ways to do it then, EU don’t have that problem for example, and we buy plenty from China.
We just have safety and security standards enshrined into law, and don’t deal with anyone that doesn’t agree to follow them.
It’s why some products have the C€ symbol on them, which is “this has been imported, and meets all legal requirement”, and all shops are not allowed to sell anything without that cert if imported.
(Though this don’t apply to direct delivery from other nations, so it’s not bulletproof)
That’s kinda what’s going on. They’re pulling the FCC logo and making it illegal to resell without authorization. Hopefully, (but not assuredly) part of that authorization will be to make sure they comply with security.
Though I’m absolutely certain those ‘agreements’ cost a pretty penny and it’s lining someone’s pocket as well.
Ah but the C€ don’t require you to manufacture some or all parts in the country though, or to pay a fee for the courtesy of dodging the law
Not that i’d be suprised for it to be so, but conditional approval doesn’t automatically mean pay a fee and we don’t check.
This is America
If I read this right it goes beyond the cheap no-name Chinese stuff that we hopefully all know to avoid by now. This would prevent US companies from outsourcing manufacture to foreign countries, which pretty much all companies do at this point
That would keep routers.ca from reselling Temu routers, net win.
I just hope that part of this doesn’t include mandatory backdoors for US agencies. This might be the start of the great firewall of the US
it will
if that ends up being the case, us linux nuts can start making and selling our own routers!
Side Hustle!