[Cerowrt-devel] security guidelines for home routers

Sebastian Moeller moeller0 at gmx.de
Wed Nov 28 08:49:19 EST 2018

Hi Mikael,

> On Nov 27, 2018, at 14:34, Mikael Abrahamsson <swmike at swm.pp.se> wrote:
> On Tue, 27 Nov 2018, Sebastian Moeller wrote:
>> 	Really, which ones? I would like to know so I can avoid them ;) Just joking, but I have never heard of secure booting in the context of MIPS based routers and at least in the retail market most cheap devices still seem MIPS based. Then again this is slowly changing with x86 (via DOCSIS-SoCs and even the high end lantiq/intel dsl SoCs) and ARM slowly seeping into the market. I think bot x86 and ARM have specs for secure booting or related methods.
> DTs Speedports.

These do have secure boot? interesting. But it explains the lack of user modifications to these devices. As an alternative example the AVM Fritz! brand devices quite popular in Germany do actual allow to install modded firmwares, but the steps to do so are involved enough to not have anybody do this accidentally.

>> 	I am old school, once somebody has physical access to the device it is game over already. Point in case people have found ways to decrypt the encrypted configuration files huawei tends to use in their routers, and some people even hacked docsis-modems. From my reading of the BSI recommendations, even pressing a reset button long enough would be okay, the only nono seems to be allowing changing the firmware to non-signed ones without explicit opt-in by the user.
> Again, how do you define "explicit opt-in"?

	Well, BSI document proposes simply modal warning dialogs from the GUI as an entry barrier...

> Yes, cutting a wire inside the device is probably a good way to do it, if someone doesn't understand this is modification of the device then I don't know what is.

	Well, the wire thing is probably the weakest part, I guess my proposal was to make this change cause visible irrevocable physical changes to the device. But i guess this is solving a non-existent problem...

>> 	But that is okay for a device that an ISP owns and rents out, but decidedly not okay for a device I want to own.
> I agree, but it might be exactly what some other people want to own, who just want things to work. There are plenty of devices that people pay and own, but they expect their ISP to manage and software update.

	And that is fine, but the whole issue under scrutiny here is what happens when the manufacturer/seller EOL's a device, and at that point the only alternative is a forced retirement of hardware that might still be up to the job.

> -- 
> Mikael Abrahamsson    email: swmike at swm.pp.se

More information about the Cerowrt-devel mailing list