One week after the FCC banned sales of new foreign-made Wi-Fi routers over national security risks, new details emerge on implicated cyberattacks and growing criticism of the broad policy's effectiveness.
The FCC's public notice explicitly targets routers linked to recent cyberattacks, including Volt, Flax, and Salt Typhoon, which breached networks handling sensitive court-authorized wiretaps. The agency deems foreign-made routers—those with any key manufacturing, assembly, design, or development overseas—as posing 'unacceptable risks,' impacting nearly all new models amid global supply chains. For instance, Netgear produces in Vietnam, Thailand, Indonesia, and Taiwan, while Starlink touts newer routers assembled in Texas.
The FCC directs inquiries to its Covered List FAQ, with manufacturers pursuing conditional approvals amid market jitters. More clarity on affected companies is anticipated in one to two months, per industry watchers.
Critics are vocal. William Budington of the Electronic Frontier Foundation labeled the ban 'an extremely blunt instrument' harming benign products too. Alan Butler of the Electronic Privacy Information Center cautioned it might degrade security post-deadline, rendering routers 'pumpkins' without updates. Cybersecurity experts largely support router safeguards but decry the sweeping approach: Thomas Pace of NetRise pointed to vulnerabilities across all brands, and Sergey Shykevich of Check Point Research noted default credentials fueling mass hacks.
