FCC Commissioner Nathan Simington called on his agency colleagues to change the Commission’s equipment authorization rules and mandate manufacturers to provide security patches for wireless devices. Not doing so puts the country’s wireless networks at risk, he says.
“Hundreds of millions of devices are in active use in this country—more every day, and in more applications—are susceptible to known security vulnerabilities, exposing us to theft of private data and to attacks on the integrity of our public and private networks. But some manufacturers and sellers of these devices plan to do absolutely nothing about it,” he told the annual Institute on Telecommunications Policy and Regulation conference on Thursday.
The Commission last month banned equipment deemed to pose a national security risk from telecom networks. “This was driven in part by concerns that the cameras, routers, and multitudes of other devices across America running software written by Chinese Communist Party controlled companies were inherently a national security risk,” he said. The software could contain backdoors or accidental vulnerabilities that hostile governments or hackers could exploit.
But Simington suggests the agency go a step further, saying the widespread industry practice of manufacturers stopping support of wireless devices while they are still in use represents a national security risk. Such unpatched devices, he argued, are not only vulnerable to data and credential theft, but also to being commandeered by attackers and turned into distributed signal jammers.
“We’re well on our way to wireless computers in every light switch and in every light bulb. And it’s not just consumer devices. The factory floor, the flight deck, the utility pole, these are all venues for the mass installation of software-controlled wireless devices,” he says.
The FCC’s equipment authorization rules don’t address “security vulnerabilities that might turn a device that behaves perfectly well on the test bench into one that spews harmful interference and, for example, takes down every WiFi network in its vicinity,” he argued. “Any vulnerability in a phone operating system, in a smart thermostat firmware, in a 5G base station, is a threat to the security of our wireless networks from harmful interference,” said the Commissioner. Simington urged the wireless industry to help the FCC develop the new rules.
By Leslie Stimson, Inside Towers Washington Bureau Chief