D-Link: sorry we're SOHOpeless D-Link's SOHOpeless HNAP vulnerability hasn't been fixed, but readers will be pleased to know that the company is very, very, very sorry that it exists. The company issued a patch on April 10 for its design-over-substance AC3200 series routers, but that "fix" blew a hole in the device's authentication routines. Tactical …
No, there is not. Disclaimer - I worked on CPE software for a few years so I am probably too pessimistic here.
This is business as usual in CPE vendor land. Everyone with the veritable exception of TP Link takes Broadcom reference bugware and slaps some lipstick on that pig. The result is exactly that too - pig with a lipstick: routers and APs which corrupt tcp when forwarding it (hello Netgear), crash if you connect one client too many (hello Dlink), etc. This is in addition to violating basic encapsulation principles and RFCs (which is broadcom and broadcom).
In any case, if Broadcom is not fixing the particular piece of bugware because it is out of maintenance you are not going to get a vendor fix.
In the few cases where the problem is not at reference bugware level, but at the lipstick level, you also find out that the lipstick for the pig was manufactured in a small sweatshop somewhere and nobody knows the ingredients any more because the idiot MBA who signed the contract did not get the full rights for the source.
... it's most of the vendors and most of their products. The problem exists in everything from $20 routers to $200 routers. In fact the ultra cheap routers might even run OpenWRT which probably has _much_ less problems security wise than the software running on more expensive boxes.
Maybe we need laws allowing everyone to freely replace the software they run on their devices. Then the store where I buy my router can just flash OpenWRT onto it and therefore actually do something that justifies their markup.
OpenWRT could be the answer, but presently is not the answer.
80%+ of the CPE market is Broadcom. Take a look at the OpenWRT TOH (table of hardware) and see exactly how many Broadcom devices does it support and for how many of them the support is usable. "Support" where the DSL modem or the Cable MAC does not work is not really viable in a SOHO router. You can OpenWRT most TP-Links, Lantics, etc. Broadcom devices - not so much as it is actively opposed by both Broadcom and its line up of SOHO router sycophants.
Broadcom has created a perfect captive market ecosystem for itself - all of its SOHO device "customers" are nowdays reduced to mixing lipstick for a pig and have lost nearly all engineering capability. As a result they are fiercely opposed to OpenWRT. If OpenWRT comes into the equation the product management and pseudoengineering teams in these vendors are out of a job overnight. This is exactly why they will fight tooth and nail to keep OpenWRT out and some derivative of Broadcom reference bugware in.
Yes, but why not just pass a law that would outlaw hardware without well documented interfaces?
I mean seriously this could be dressed up as a mayor security issue.
Imagine Broadcom puts some spyware into their blobs, they could take over very substancial amount of devices. They could potentially even take over laptops with governmental secrets on them.
It would be hard to find out as you can easily hide code in a binary blob compiled for an obscure processor architecture. After all the processors in the wireless chip probably aren't plain vanilla ARM.
Yes, but why not just pass a law that would outlaw hardware without well documented interfaces?
That is pretty much any Broadcom SOC including and especially the Raspberry Pi. The sole reason the Razzie functions is a 2MB+ enornoblob of firmware it loads at boot. What is in that firmware - only Broadcom knows. By the way - the Razzie is a fairly typical Broadcom device to that respect. It's sole difference compared to CPEs is that it is an ARM, not a MIPS.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
