Designing for reuse

Doghouse – FOSS Firmware

Article from Issue 214/2018

Adopting FOSS firmware can keep your hardware out of the landfill.

Recently, an article by Bruce Schneier, CTO of IBM Resilient, came across my desk discussing some of the issues around home broadband routers. Apparently, on May 25th, the FBI asked people to "reboot their routers" as various pieces of malware were running in these routers and causing havoc with the Internet. The malware was very sophisticated, to the point where it had (more or less) a software backplane and could install new "plugins" to create even more mischief. Mr. Schneier stated that the malware was probably not the creation of your classic "basement cracker" but was instead a product of an intense program by a government.

Unfortunately, rebooting the router did not really fix the problem, as the malware was still infecting the lower levels of the router firmware, so at a minimum, the user would have to "reset to factory settings" (destroying the sometimes complex set of configuration and passwords) or (more likely) install new firmware, which is completely outside the abilities of most residential users of broadband routers, even assuming that the makers of the router are still updating the firmware or are even in business.

Mr. Schneier therefore recommended that, if the router does not have firmware updates, the best course of action is to throw away the old router and buy a new one, which is what several of my less computer-savvy friends did.

Part of this issue is that these problems have been known for a long time. The reason that the FBI wanted people to reboot their router was that a rebooted router would call to the mother ship of the crackers and try to download malware again. The FBI (who had intercepted the mother ship) wanted to see how many routers were affected. Apparently there were a lot. The list of known routers that might be affected can be found online [1].

There were several other security-related articles that flashed across my computer screen over the past two weeks, one of which had to do with some of the Internet of Things (IoT) devices we are now deploying in our homes. A technique known as DNS Rebinding, which has been known for at least a decade, can affect modern devices such as Roku streaming devices, Sonos wireless speakers, smart home thermostats, Google Home, and Chromecast (the last two I have in my home). These issues keep surfacing because people bring out new devices and, in the interest of making them as "self-configuring" and easy to set up as possible, overlook the techniques used to allow these devices to be taken over by crackers.

Many of these devices do not use strong encryption and authentication to make sure that the software talking to them should have the right to interact with them. People who program them assume that, since they are installed behind secure broadband router gateways (cough), the security on these streaming devices can be relaxed.

Now imagine that there is not only ONE of these devices in your home, but dozens, or hundreds. I have twelve Google Minis, a Google Home, and a Google Max in my house. Yes, I know that "Google can listen to me." I have much fewer issues with Google listening to me than I have with crackers trying to steal my identity or credit card information. Fortunately, my router is up to date with its firmware, and I have configured it well.

Which brings about the issues of FOSS firmware on routers and IoT devices.

Sometimes, I think I am sounding like a broken record (people who have never heard a vinyl record may not understand, understand, understand…) when I say that not buying hardware that can run FOSS is just asking to help build the junkyard of old and forgotten electronics in the future. Eventually the company or solution provider who last built the software for the device will either go out of business or lose interest in updating the software.

Caninos Loucos [2], the LSITEC project in which OptDyn is collaborating, has a long-term plan of making 100% open hardware and software, even to the point of allowing others to make their own CPU (following an open architecture, of course) so they can make sure there is no malware in the system.

Caninos Loucos is designing a sensor computer the size of a dime, with the goal of complete openness. Their other "dog" computers, at this point the Labrador and Bankhar (whose design as the Subutai Broadband Router was contributed to the project) are also as open as modern components allow. The design focus is to document the hardware interfaces so the FOSS communities can support them forever, or at least make the hardware useful even if the upper levels of functionality change.

Unless we want an electronic mountain higher than Everest, we need to design for repurpose and reuse.

The Author

Jon "maddog" Hall is an author, educator, computer scientist, and free software pioneer who has been a passionate advocate for Linux since 1994 when he first met Linus Torvalds and facilitated the port of Linux to a 64-bit system. He serves as president of Linux InternationalÆ.

Buy this article as PDF

Express-Checkout as PDF
Price $2.95
(incl. VAT)

Buy Linux Magazine

Get it on Google Play

US / Canada

Get it on Google Play

UK / Australia

Related content

  • maddog's Doghouse

    After 25 years of waiting for open hardware, Maddog predicts the era of closed, proprietary chips as the only option is drawing to an end.

  • maddog's Doghouse

    In conjunction with Caninos Loucos, maddog helps develop a hardware platform for the Brazilian IoT project.

  • maddog's Doghouse

    With the advent of 2019, Maddog makes a wish list and some resolutions for both himself and the FOSS community.

  • maddog's Doghouse

    Closed IoT devices can use unexpected bandwidth "reporting home," pointing to a need for free devices to allow the user more control over their household gadgets and WiFi use.

  • Gargoyle: Web Interface for Router Configuration

    The Gargoyle project is working on an alternative web interface for better router configuration. The project has now reached its first stable version 1.0.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More