Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
Prospective router customers have gotten a little more breathing room, as the Federal Communications Commission will allow foreign-made routers to continue receiving software and firmware updates until at least January 1, 2029. According to the extension Announced on May 8.
When the FCC announced its sweep Block foreign-made Wi-Fi routers On March 23, it said companies could continue to issue security patches only for pre-approved models until March 1, 2027. Since nearly every router available in the US is considered “foreign-made” by FCC standards, this has left US customers facing the prospect of purchasing a new router only to discover that it may become obsolete within a year.
“A large percentage of network routers are not produced in the United States. So, a lot of them will turn into pumpkins within a year, unless they extend this waiver.” Alan Butlera senior advisor at the Electronic Privacy Information Center told me at the time.
Less than two months later, we’ve already seen some significant rollbacks from the FCC’s initial blanket ban. Along with a two-year extension of the deadline for software updates, two prominent router companies, Netgear and Eero, were granted exemptions from the FCC ban altogether — moves that came with mandatory timelines for restarting their manufacturing operations.
“There is no local supply chain for the final product at the moment,” he says. Kevin O’HanlonVice President of the Global Electronics Industrial Trade Group. “This extension is a bit of a relief, but at the same time it doesn’t change the basic timeline that the industry is working on to get the technology to market. There’s not much we can do to speed that up.”
The FCC’s move to ban an entire category of consumer products was completely unprecedented, but it was not necessarily unwarranted. the The committee said That routers produced abroad were “directly involved” in the Volt and Linen crimes Salt hurricane Cyberattacks Over the past few years, cybersecurity experts I spoke with said routers have become an increasingly attractive entry point for hackers.
“A router occupies a privileged position within any network, but especially in a home network. All of your connections, all of your traffic, has to go through that device,” he says. Rick Fergusonvice president of security intelligence at cybersecurity company Forescout.
But without the ability to receive security updates that address vulnerabilities exploited in cyberattacks, most routers will become less secure to use after a ban, not more. Last month, the FBI took an unusual step Reset old routers remotely That has stopped receiving software updates.
The FCC’s notice of the extension states that it “will recommend, as soon as practicable, that the full Commission consider codifying this waiver through rulemaking.”
This means the waiver will become permanent, allowing foreign-made routers to continue receiving updates indefinitely. Before that can happen, it must go through the FCC’s rulemaking process, which may include a public comment period on the proposed changes.
This is why you should put off buying a new router for now
When the FCC ban was first announced two months ago, I recommended that you postpone purchasing a new router So we learned more. The risks of purchasing a new router that would not be able to receive new updates after a year were too high.
This extension changes that calculation, but it’s not enough for me to change my advice. In a worst-case scenario, you could still spend hundreds of dollars on a router today that may stop receiving critical security patches two and a half years from now.
“The risk is very real,” Ferguson said. “If you find yourself in a situation where the update pipeline has been turned off, you should definitely consider whether you want to continue using that device.”
Everyone has a different tolerance for cybersecurity risks. Purists may say that you shouldn’t spend a day using a router that can’t get security patches, but the truth is that most people don’t update their firmware regularly as it is. However, routers are a large enough investment that I think it’s worth exercising some patience here if you can.
We have already seen significant revisions to the initial ban imposed by the FCC. Both Eero and Netgear have been granted waivers, and the deadline for security updates could be extended indefinitely.
Unless you have your heart set on a router from Eero or Netgear – which are some of the… The best routers we’ve tested -You will certainly have better information to help you make your decision two months from now.
How to keep your router safe in the meantime
Keeping your home network secure is relatively simple, but many of us fail to follow some basic cybersecurity best practices when it comes to our Wi-Fi routers.
Here are some of the most effective steps you can take to protect yourself, whether you’re in the market for a new router or not:
- Keep your firmware updated: You’re probably tired of hearing about firmware updates by now, but it’s the most important tool we have for keeping your router secure. You can ensure that your router has the latest firmware by enabling automatic updates in your router settings or by downloading updates manually in the app or web portal.
- Boost your credentials: The most common way hackers gain access to your router is by using the default login credentials provided by the manufacturer. “There’s a whole underground economy of vendors just harvesting credentials,” Ferguson says. This is different from your Wi-Fi network name and password; It’s the factory-set credentials that usually appear on the bottom of your router. Most brands have an app that lets you update your login credentials from there, but you can also type your router’s IP address into the URL. as always, The longer and more random the password, the better.
- Consider using a VPN: A VPN provides an extra layer of security by encrypting all your Internet traffic and preventing your Internet provider (or anyone else) from seeing the websites or apps you use. Find CNET’s picks for The best VPN services are here.