The Federal Communications Commission (FCC) announced Monday that it is banning the import of new foreign-made consumer routers, citing “unacceptable” risks to cyber and national security.
FCC Chairman Brendan Carr said in a post on The development means new models of foreign-made routers will no longer be eligible for marketing or sale in the United States, Kerr added, a move that followed a national security decision by an executive branch agency.
To this end, all consumer-grade routers manufactured in foreign countries have been added to the target list unless they have been granted conditional approval after the Department of Defense (DoW) or Department of Homeland Security (DHS) has determined that they do not pose a risk.
At the time of writing, the approval list only includes drone systems and software defined radios (SDRs) from SiFly Aviation, Mobilicom, ScoutDI, and Verge Aero. Manufacturers of consumer routers may submit applications for conditional approval. According to BBC News, Starlink Wi-Fi routers are manufactured in Texas, USA, and are therefore exempt from this policy.
“The Executive Branch’s decision found that foreign-made routers (1) pose ‘supply chain vulnerabilities that could disrupt the U.S. economy, critical infrastructure, and national defense,’ and (2) pose ‘significant cybersecurity risks that could be exploited to immediately and seriously disrupt U.S. critical infrastructure and directly harm Americans.'”
The agency said state and non-state sponsored attackers are exploiting security flaws in small and home office routers to infiltrate American homes, disrupt networks, facilitate cyberespionage, and enable the theft of intellectual property. Additionally, these devices can be commandeered by larger networks to perform password spraying, unauthorized network access, or act as surrogates for espionage.
China-linked adversaries such as Bolt Typhoon, Flux Typhoon, and Salt Typhoon have also been observed using botnets comprised of foreign routers to launch cyberattacks on critical communications, energy, transportation, and water infrastructure in the United States.
“In the Salt Typhoon attack, state-sponsored cyber threat actors used compromised foreign routers to implant themselves in specific networks, gain long-term access, and migrate to other networks depending on their targets,” the National Security Decision (NSD) said.
Also of interest to the U.S. government is a botnet called CovertNetwork-1658 (also known as Quad7) that is used to orchestrate highly evasive password spray attacks. This activity has been attributed to a Chinese threat actor tracked as Storm-0940.
Please note that updating the inclusion list does not affect the continued use of routers that a customer has already purchased. It also does not affect retailers who can continue to sell, import, or market router models that were previously approved through the FCC’s equipment approval process.
“Insecure foreign routers are a prime target for attackers and have been used in several recent cyberattacks to give hackers access to networks and use them as launch pads to compromise critical infrastructure,” NSD said. “The vulnerabilities introduced into American networks and critical infrastructure by foreign routers are unacceptable.”
Because routers serve as the primary conduit for Internet access, they have become easy targets for cyberattacks. Once a router is compromised, attackers can conduct network monitoring, steal data, and deliver malware to victims. In 2014, journalist Glenn Greenwald claimed in his book No Place to Hide that the U.S. National Security Agency (NSA) routinely intercepts routers from U.S. manufacturers before exporting them in order to install backdoors.
Source link
