this post was submitted on 06 Mar 2025
28 points (93.8% liked)

Cybersecurity

6542 readers
263 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago
MODERATORS
kid
[email protected]
28
US congressional panel urges Americans to ditch China-made routers (www.reuters.com)
submitted 2 days ago by kid to c/cybersecurity
15 comments fedilink hide all child comments
top 15 comments
sorted by: hot top controversial new old
[–] GrumpyDuckling 1 points 11 hours ago

Openwrt

Opnsense

Pfsense

[–] [email protected] 28 points 2 days ago (1 children)

So..... All of them?

[–] sugar_in_your_tea 8 points 2 days ago (2 children)

Does it count as "China made" if the firmware is FOSS and I load it myself? NICs and boards are pretty much all made in China, but how far does this go?

[–] [email protected] 10 points 2 days ago (3 children)

It depends on how bad China wants your porn. There could be secondary MCUs that are designed to completely bypass the original firmware. (Think Intel ME)

That is not very practical for consumer grade gear, but still possible.

[–] admin 5 points 2 days ago

This reminded me of a real life story, from the tip or my tongue so details might be inaccurate, but I remember hearing that a/the main MINIX maintainer, all of the sudden, started getting bug reports or some type of feedback from somebody, that ended up being an Intel employee looking to use MINIX for either ME or AMT.

In short, these hardware devices are 100% capable of having their own independent OS, processes with kernel and all, totally obscured from the end user.

[–] Ajen 5 points 2 days ago* (last edited 2 days ago) (1 children)

Wifi chips have their own firmware that could have a backdoor. If it's connected to the CPU over PCI-E or another interface that supports DMA then it's also able to inject code into the main system even if it's running FOSS firmware.

[–] [email protected] 3 points 2 days ago

It seems that a few router types have WiFi + SoC setups now. (Like ones using the IPQ4019, for example.)

While that doesn't significantly reduce the risk of something nasty, it would limit places for nasty code to hide. Well, "hide" in the traditional sense, like on another chip entirely.

However, I haven't really looked into any drivers to see how these SoC's are segmented to see if its really any different than the old MCU + WiFi chipset setups.

[–] sugar_in_your_tea 4 points 2 days ago

Hmm, it's pretty spicy porn.

[–] earphone843 6 points 2 days ago

Yes, it counts. Hardware backdoors are absolutely a thing.

[–] piccolo 26 points 2 days ago* (last edited 2 days ago) (1 children)

And replace them with american spyware? Nice try NSA

[–] sugar_in_your_tea 1 points 1 day ago

Mine's European, but actually Chinese.

[–] _haha_oh_wow_ 9 points 2 days ago* (last edited 2 days ago) (2 children)

Best I can do is flash custom firmware.

Edit: See this helpful comment below if you're interested! https://sh.itjust.works/post/33900457/17108468

[–] [email protected] 5 points 2 days ago

This is what every normie should be doing.

Bought a router but it wanted me to get an account with a "proper" email address.

Lol wtf good thing Foss chads were already cooking haha

[–] [email protected] 4 points 2 days ago

EU commission should be urging Europeans to ditch US products and services 🤷

Anti Commercial-AI license