The Electronic Frontier Foundation (EFF) has announced plans to develop an open wireless router.
Specifically designed to support secure and shareable open wireless networks, the EFF said that this is a work in progress and is “intended only for developers and people willing to deal with the bleeding edge”.
It said that the software “aims to do several things that existing routers don’t do well or don’t do at all” and the ultimate solution will: allow small business and home users to easily enable an open network, so guests and passersby can get an internet connection if they need one, while keeping a password-locked WPA2 network for themselves and their friends or co-workers; let users share a bounded portion of their bandwidth on the open network, so guest users cannot slow down an internet connection or use a large portion of the monthly quota; and provide state-of-the-art network queuing.
From a security perspective, the EFF said this would “advance the state of the art in consumer Wi-Fi router security and begin turning back the growing tide of attacks against them” by removing cross-site scripting and cross-site request forgery vulnerabilities, which it said routers were laced with, and it will include a secure software auto-update mechanism, use HTTPS, firmware signatures and metadata that are fetched via Tor to make targeted update attacks very difficult.
TK Keanini, CTO of Lancope, said: “The EFF is one of the most reputable organisations on the internet, and I’m sure it will attract very talented folks to develop this project. But the act of trusting or not trusting is tricky because the product as it stands right now is calling all experts.
“If it takes an expert in the field to assess the trust of the system than only the experts will be able to remain secure. As this project evolves, I’m certain it will serve the non-expert well but that will take some time.
“This is a call to arms for those who like to be on the bleeding edge of technology and don’t think it will be prime time for the non-experts for a while. The problem of commercial vendors having security bugs is not something solved by this product; those devices having bugs are still a problem for everyone and should be fixed.”
Toyin Adelakun, vice president at Sestus, said: “This initiative will only make sense and gain widespread appeal if the EFF’s ‘firmware’ can be confirmed to include at least two security counter-measures: to configure the target wireless routers to maintain a strict, impregnable firewall between the public Wi-Fi network thus enabled, and secondly to harden the router against any (other) arbitrary firmware updates.
“It is arguable whether this EFF project will ‘create better, more secure Wi-Fi’. It may encourage some users to make conscious security decisions (e.g. on file-sharing on networks) and take deliberate security steps (e.g. on HTTPS and TLS). But it does not have anything in and of itself that will make Wi-Fi networks more secure. So to the mild sceptic, this might appear more a political project focused on the privacy of guests and travellers who wish to cover their tracks, rather than a technical project concerned with the security of the hosts and owners of Wi-Fi networks.”
Tim Erlin, director of security at risk at Tripwire, said: “The challenge for the EFF isn’t adoption within the tech and privacy savvy information security community, but broade
r interest from the average consumer, who would ultimately have to drive this kind of an effort towards open wireless.”