Forced firmware lockdown? Christian 2015-11-16.

Slides:

Advertisements

Similar presentations

Pieter Robben ACB MIC MRA Workshop 2014 update. MIC MRA Workshop 2014 The workshop took place on February 2014 Approximately 150 attendees A broad.

Advertisements

ACB Module Assessment and Integration FCC and IC Michael Derby ACB Europe7 April

EQUIPMENT VALIDATION.

American Certification Body - Your Online Resource for Regulatory Training 1588 ENERGYSTAR®

5/10/2015TCB Council1 Navigating the FCC Online Resrouces Presented by: Chris Harvey Tim Dwyer Anne Liang.

MOTOROLA and the Stylized M Logo are registered in the US Patent and Trademark Office. All other product or service names are the property of their respective.

Research Development for Android Coopman Tom. What is Android?  Smartphone operating system  Google  Popular  ‘Easy to develop’  Open-Source  Linux.

Washington Laboratories (301) web: Lindbergh Dr. Gaithersburg, MD How to Create a Part 15C Report.

Wireless Fundamentals Chapter 6 Introducing Wireless Regulation Bodies, Standards, and Certifications.

Security in By: Abdulelah Algosaibi Supervised by: Prof. Michael Rothstein Summer II 2010: CS 6/79995 Operating System Security.

Concepts of Database Management Seventh Edition

1 ® Intel Labs ® Slide No. *Third party brands and names are the property of their respective owners Module Approval Explained 04/18/02 Jeffrey Schiffer.

Dennis Ward ATCB FCC Overview. CFR 47 FCC Regulation Part 2 General Requirements Part 5 Experimental Radio Service Part 15 Subpart C, D, and E Unlicensed.

European Regulatory Environment (just a part!) Mark Thomas, ECO Director CEPT Workshop on European Spectrum Management and Numbering 4 th June 2014.

Concepts of Database Management Sixth Edition

Commissioning of Fire Protection and Life Safety Systems Presented by: Charles Kilfoil Bechtel National Waste Treatment Plant Richland WA.

Work product for review and discussion by the FDASIA Regulation Subgroup; May not reflect the subgroup’s views REGULATORY WEAKNESSES A report of the typist.

CSCI 101 R 3:30 Dr. Garrison.  What is software? ◦ Set of computer programs that tells the computer what to do and enables it to perform different tasks.

Concepts of Database Management Eighth Edition

Doc.: IEEE /1119r0 Submission November 2005 Alistair Buttar, MotorolaSlide 1 Support for Emergency Calls Notice: This document has been prepared.

2006 MAM - Wireless Copyright © 2006 The Regents of the University of Michigan, Ann Arbor, MI June 23, 2006 Dennis Ward

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Configure a Wireless Router Chapter 7.

Using License Exempt Spectrum for Wireless Broadband Ronald Repasi, Deputy Chief Office of Engineering and Technology Regional Educational Workshop On.

World Class Standards Footer text (edit in View : Header and Footer) Software Defined Radio ETSI © ETSI All rights reserved ITU Workshop.

©Ofcom IEEE 802 Plenary, Dallas, Tx RRTAG( ) meeting Consultation on Safety Related ITS 12 th November 2008 Andrew Gowans, Head of Exempt Technology.

Doc.: IEEE November06-RR-TAG_Liaison_Report.ppt _RR-TAG_802.22_Liaison_Report_November06 Submission November 2006.

Doc.: IEEE /139r4 Submission November 2011 M. Azizur Rahman (NICT)Slide 1 Response to Comments on P802.22b PAR and 5C Date: Authors:

Validation | Slide 1 of 27 August 2006 Validation Supplementary Training Modules on Good Manufacturing Practice WHO Technical Report Series, No. 937, 2006.

Doc.: IEEE /1171r0 SubmissionRich Kennedy, MediaTek Summary of FCC Administrative Changes Proposed in NPRM FCC Date: Authors:

Using License Exempt Spectrum for Wireless Broadband Ronald Repasi, Deputy Chief Office of Engineering and Technology Regional Educational Workshop On.

Value Stream Mapping: August 2005 Current State Nancy Terranova October 26, 2006.

16/02/2016 RESOLUTION GSC-8/4: Measurement Uncertainties & Methodologies Update on ETSI Progress 1GSC-9, Seoul SOURCE:ETSI TITLE:Measurement Uncertainties.

Doc.: IEEE /1417r0 Submission November 2012 Rich Kennedy, Research In MotionSlide 1 IEEE Regulatory SC San Antonio Closing Report Date:

Bangkok, Thailand, 25 Aug 2014 Mongolian ICT sector standardization Chuluunbat Tsendsuren Type Approval Officer Communications Regulatory Commission of.

Doc.: IEEE Submission May 2009 Andrew GowansSlide Review of Exempt Spectrum that may be of interest for medical use.

Agreement concerning the adoption of uniform conditions for periodical technical inspections of wheeled vehicles and the reciprocal recognition of such.

Doc.: IEEE /1276r0 Submission November 2010 Rich Kennedy, Research In MotionSlide 1 IEEE Regulatory AHC Dallas DRAFT Meeting Plan and Agenda.

The WS device requirements in ETSI EN Cesar Gutierrez, Ofcom UK 9 th December 2013 Project Team FM53 FM53(13)58 5 th meeting,17-18 December 2013.

14 March 2002Overview of TCB ProgramSlide 1 Overview of FCC Telecommunication Certification Body Program.

Laboratory equipment Dr. W. Huisman Cairo, November 21th 2012.

Doc.: IEEE /12??r0 SubmissionSlide 0 IEEE 802 Plenary, Dallas, Tx RRTAG( ) meeting Consultation on Safety Related ITS 12 th November 2008.

M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 1 –Free movement of goods Bilateral.

Workday: Data Privacy and Security Overview

Agenda doc.: IEEE /0020r1 April 2016 Rich Kennedy, HP EnterpriseSlide 1 IEEE RR-TAG Teleconference Plan and Agenda Date: Authors:

Module 02 Essential Requirements for ATCOs. Training Objectives  Appreciate the content of the essential requirements for ATCOs as described within EASA.

ACB ISED Canada Radio Certification

EET 422 EMC & COMPLIANCE ENGINEERING

WELCOME Mobile Applications Testing

Instructor Materials Chapter 6 Building a Home Network

Strategy for conformity of non-standard cryogenic equipment

Session II: System authority for ERTMS 4RP Trackside approval

Cisco –B Domain US (FCC) Regulatory Plans

FCC Regulations and Multi-band Operation

Summary of FCC’s Cognitive Radio Proceeding

Masters, Slaves and Clients

Masters, Slaves and Clients

IEEE RR-TAG June 1st Teleconference Agenda

Submission Title: [Reasonable Compromise Proposal]

April 2009 doc.: IEEE /xxxxr0 August 2013

Submission Title: [Reasonable Compromise Proposal]

Response to Comments on P802.22b PAR and 5C

Submission Title: [Regulatory Update]

IEEE RR-TAG Teleconference Plan and Agenda

April 2009 doc.: IEEE /xxxxr0 August 2013

based on WP29/2018/157, SLR-28-09rev1, SLR-28-12

ETSI Contribution to 3rd Meeting of EC Expert Group on RRS

DFS Regulatory Update Date: Authors: May 2005 May 2005

ECC actions on interference from 5 GHz RLAN into meteorological radars

April 2009 doc.: IEEE /xxxxr0 October 2013

SECURITY/BAGGAGE TYPE CABINET OPERATOR TRAINING COURSE

Presentation transcript:

Forced firmware lockdown? Christian

Short Information FCC / ETSI intends to force router makers to lock down their devices to prevent users from changing RF settings to operate a device outside the allowed spectrum. FCC affects only 5GHz Units ETSI seem to affect ALL frequencies Practically this leads to a complete firmware lock down preventing users from installing third party firmwares.

USA FCC 2014, June 2: FCC up dated rules for U-NI I devices op erating under Part 15C 2015, June 1: stop approval of devices under the new rules 2015, August 16th: Deadline for accepting comments 2016, June 1: stop marketing under the old rules FCC Document (as on November 12, 2015): „SOFTWARE SECURITY REQUIREMENTS FOR U-NII DEVICES“ Third - Party Access Control 1. Explain if any third parties have the capability to operate a U.S. - sold device on any other regulatory domain, frequencies, or in any manner that may allow the device to operate in violation of the device’s authorization if activated in the U.S. 2. Describe, if the device permits third - party software or firmware installation, what mechanisms are provided by the manufacture r to permit integrat ion of such functions while ensuring that the RF parameters of the device cannot be operated outside its authorization for operation in the U. S. In the descri ption include what controls and/ or agreements are in place with providers of third - party functionality to ensure the d evices ’ underlying RF parameters are unchanged and how the manufacturer verifies the functionality 3. For Certified Transmitter modular devices, describe how the module grantee ensures that host manufacture r s fully comply with these software security requirements for U - NII devices. If the module is controlled through driver software loaded in the host, describe how the drivers are controlled and managed such that the modular transmitter RF parameters are not modified outside the grant of authorization. Document link: Document available here: plan/plenary/

European Union DIRECTIVE 2014/53/EU becomes effective on 13. of June 2016 "on the harmonisation of the laws of the Member States relating to the making available on the market of radio equipment and repealing Directive 1999/5/E" Essential requirements 1. Radio equipment shall be constructed so as to ensure: [...] (i)radio equipment supports certain features in order to ensure that software can only be loaded into the radio equipment where the compliance of the combination of the radio equipment and software has been demonstrated. Document link: Document available here: plan/plenary/

Affected Devices WiFi Access points Other devices which use WiFi and can use Access Point mode Smartphones Tablets

Problems (incomplete list) Usually vendors only provide updates for a short time, so after a vendor stops shipping security updates the device becomes prone to attack Innovations Bufferbloat IPv6 development Open Mesh networks many more

Discussion