Designing for reuse
Doghouse – FOSS Firmware
Adopting FOSS firmware can keep your hardware out of the landfill.
Recently, an article by Bruce Schneier, CTO of IBM Resilient, came across my desk discussing some of the issues around home broadband routers. Apparently, on May 25th, the FBI asked people to "reboot their routers" as various pieces of malware were running in these routers and causing havoc with the Internet. The malware was very sophisticated, to the point where it had (more or less) a software backplane and could install new "plugins" to create even more mischief. Mr. Schneier stated that the malware was probably not the creation of your classic "basement cracker" but was instead a product of an intense program by a government.
Unfortunately, rebooting the router did not really fix the problem, as the malware was still infecting the lower levels of the router firmware, so at a minimum, the user would have to "reset to factory settings" (destroying the sometimes complex set of configuration and passwords) or (more likely) install new firmware, which is completely outside the abilities of most residential users of broadband routers, even assuming that the makers of the router are still updating the firmware or are even in business.
Mr. Schneier therefore recommended that, if the router does not have firmware updates, the best course of action is to throw away the old router and buy a new one, which is what several of my less computer-savvy friends did.
Part of this issue is that these problems have been known for a long time. The reason that the FBI wanted people to reboot their router was that a rebooted router would call to the mother ship of the crackers and try to download malware again. The FBI (who had intercepted the mother ship) wanted to see how many routers were affected. Apparently there were a lot. The list of known routers that might be affected can be found online [1].
There were several other security-related articles that flashed across my computer screen over the past two weeks, one of which had to do with some of the Internet of Things (IoT) devices we are now deploying in our homes. A technique known as DNS Rebinding, which has been known for at least a decade, can affect modern devices such as Roku streaming devices, Sonos wireless speakers, smart home thermostats, Google Home, and Chromecast (the last two I have in my home). These issues keep surfacing because people bring out new devices and, in the interest of making them as "self-configuring" and easy to set up as possible, overlook the techniques used to allow these devices to be taken over by crackers.
Many of these devices do not use strong encryption and authentication to make sure that the software talking to them should have the right to interact with them. People who program them assume that, since they are installed behind secure broadband router gateways (cough), the security on these streaming devices can be relaxed.
Now imagine that there is not only ONE of these devices in your home, but dozens, or hundreds. I have twelve Google Minis, a Google Home, and a Google Max in my house. Yes, I know that "Google can listen to me." I have much fewer issues with Google listening to me than I have with crackers trying to steal my identity or credit card information. Fortunately, my router is up to date with its firmware, and I have configured it well.
Which brings about the issues of FOSS firmware on routers and IoT devices.
Sometimes, I think I am sounding like a broken record (people who have never heard a vinyl record may not understand, understand, understand…) when I say that not buying hardware that can run FOSS is just asking to help build the junkyard of old and forgotten electronics in the future. Eventually the company or solution provider who last built the software for the device will either go out of business or lose interest in updating the software.
Caninos Loucos [2], the LSITEC project in which OptDyn is collaborating, has a long-term plan of making 100% open hardware and software, even to the point of allowing others to make their own CPU (following an open architecture, of course) so they can make sure there is no malware in the system.
Caninos Loucos is designing a sensor computer the size of a dime, with the goal of complete openness. Their other "dog" computers, at this point the Labrador and Bankhar (whose design as the Subutai Broadband Router was contributed to the project) are also as open as modern components allow. The design focus is to document the hardware interfaces so the FOSS communities can support them forever, or at least make the hardware useful even if the upper levels of functionality change.
Unless we want an electronic mountain higher than Everest, we need to design for repurpose and reuse.
Infos
- Affected routers: https://www.symantec.com/blogs/threat-intelligence/vpnfilter-iot-malware
- Caninos Loucos: http://caninosloucos.org
Buy this article as PDF
(incl. VAT)
Buy Linux Magazine
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters
Support Our Work
Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.
News
-
Plasma 6.3 Ready for Public Beta Testing
Plasma 6.3 will ship with KDE Gear 24.12.1 and KDE Frameworks 6.10, along with some new and exciting features.
-
Budgie 10.10 Scheduled for Q1 2025 with a Surprising Desktop Update
If Budgie is your desktop environment of choice, 2025 is going to be a great year for you.
-
Firefox 134 Offers Improvements for Linux Version
Fans of Linux and Firefox rejoice, as there's a new version available that includes some handy updates.
-
Serpent OS Arrives with a New Alpha Release
After months of silence, Ikey Doherty has released a new alpha for his Serpent OS.
-
HashiCorp Cofounder Unveils Ghostty, a Linux Terminal App
Ghostty is a new Linux terminal app that's fast, feature-rich, and offers a platform-native GUI while remaining cross-platform.
-
Fedora Asahi Remix 41 Available for Apple Silicon
If you have an Apple Silicon Mac and you're hoping to install Fedora, you're in luck because the latest release supports the M1 and M2 chips.
-
Systemd Fixes Bug While Facing New Challenger in GNU Shepherd
The systemd developers have fixed a really nasty bug amid the release of the new GNU Shepherd init system.
-
AlmaLinux 10.0 Beta Released
The AlmaLinux OS Foundation has announced the availability of AlmaLinux 10.0 Beta ("Purple Lion") for all supported devices with significant changes.
-
Gnome 47.2 Now Available
Gnome 47.2 is now available for general use but don't expect much in the way of newness, as this is all about improvements and bug fixes.
-
Latest Cinnamon Desktop Releases with a Bold New Look
Just in time for the holidays, the developer of the Cinnamon desktop has shipped a new release to help spice up your eggnog with new features and a new look.