What are the chances there's a hardware backdoor/exploit in many of these routers?

"Open source" is always "to a point" as virtually nothing is built out of raw gates anymore. Whether it's visible blobs of firmware, burned into the device during production, mask programmed, or just in the design itself, there's parts of the system that are "firmware" that you just have to trust.

It wouldn't surprise me if there are more "backdoors" out there discovered, as generally complex systems need testing that can't be done "black box" and at least development versions are often laden with coprocessors and testing hooks. There's only so much that ASIC simulation can do -- especially when you're down at the scale of today's chips when physics starts getting strange.

That's not what I asked. We are not talking the faceless FISA courts that rubber stamps surveillance warrants on its citizens.

This is purely a technical speculative talk about the security of commoditized consumer routers.

OK, let's speculate.
There's neither hardware, nor software without bugs, and some of them may lead to security vulnerabilities.
Would it be intentionally or unintentionally - the cause doesn't really matter.
And even if there're no bugs today, it doesn't mean there will not be any tomorrow.
The power of OpenWrt as a part of OSS is higher possibility to find and fix those bugs faster.

Well there's always bugs within every piece of software but do you think a 'god' mode exists for arm processors within these routers? You guys work close to the metal so I figured you would have some insight.

A responsible person wouldn't share such information in this way if they knew it anyway

https://cve.mitre.org/

Dunno, ask your friends at Huawei what's in their production silicon that isn't on the datasheet.

In my opinion, far too easy to break SOHO devices without any hardware exploits so as to push any intentional efforts to the desktop and above, especially networking gear, and even more interestingly that on the backbone.

Why doesn't openwrt/lede start designing and manufacturing hardware? I'd imagine alot of people would be willing to shell out a premium for a open source designed hardware/software package. Plus there wouldn't be any more of those threads asking "what the best router for LEDE/openwrt". It would help fund development and even could put several people fulltime on development.

As far as hidden hardware backdoors from china, would simply randomly select routers to be x-rayed in the production line. It's not impossible, just a matter of money and will.

I am not familiar with the LEDE/openwrt community and haven't done any firmware development myself but the business opportunity is mouth watering. Think of all those people with cryptocurrency, sensitive government documents, etc. It's a huge vacuum in the market.

You can't "X-ray" to find this kind of hardware flaw (intentional or otherwise). When they say, for example, that there is a coprocessor on the chip, you're talking about tens or hundreds of thousands of gates in among the hundreds of millions, or billions in the chip. The size of a gate is now around 10 nm -- a millionth of a millimeter.

Looking at a very powerful core, compared to what is needed to provide access to the inner workings of a modern SoC:

Arm processor with a total floorplan area of 0.007 mm2 in a 40nm technology process

Something like a Z80 core is vanishingly small, and could easily "poke" a JTAG-like interface.

I guess if you don't own a foundry then all points of security is mute.... There must be a way.

Or, for that matter, get one with transistors you can see

Been a couple of years since I sat in front of a PDP box with my hair blowing in the warm breeze, tru-blu ma bell *nix was special, the HW not so much. Maybe just dust off a 6502 dev box.

There's a huge business opportunity here to have lede endorsed hardware even if you can't guarentee securty.

That comes up from time to time, yet nobody has been able to put forward even a marginal business plan that I've seen for either how a small firm could profit from it, or why any major manufacturer would consider it. Should you have something interesting, there are many funding sources available.

Once again, I have no actual idea on developing firmwares for routers other than that most routers have the same hardware and that is how you are able to develop custom firmwares for many different routers.

Having a community lead development of hardware would be a first and definitely would valuable to many people that use openwrt/lede.

The popularity behind OpenWrt is been able to use it on any hardware you wish from various manufactures for either extending functionality or extending the life of a product once the OEM stop releasing firmware updates.

I wouldn't purchase an OpenWrt branded/designed/built/endorsed router because I find that there is plenty of choice of quality compatible hardware on the market.

OpenWrt is already successful and the best way to support it, is to make donations to the project.

I still think a so called "endorsed" router even if you don't manufacture it would be great for the project as it allows people that aren't savy to pick hardware that will work without frustration. For example I picked up the NETGEAR R6700 from best buy the other day to find that I am unable to flash with openwrt/lede. Apparently it wasn't supported even though its bigger brother(nighthawk r7800) was. It's a bit of stupidity on my part but many wouldn't have this problem you came out and officially endorsed certain hardware. People want the security of an open source project while non of the tech headaches that come along with it.

I know it's a open source project and people develop it with their free time so I shouldn't be asking for anything...

Table of Hardware: Ideal for OpenWrt

What router do you test openwrt/lede on?

I assume you ask this because you want to figure out of a consumer router running standard firmware is better or openWRT can guarantee you safety.

I think the future will proof the safety is 0% in reality.

There is no safety at all. History has proven us, that backdoors, mistakes in programming, etc. were always discovered after the product was released.

Be that the KRACK hack, or intel chips with Meltdown, or whatever. History has proven us nothing is 100%. There will always be ways where your safety CAN be compromised and thus 0% safety.

The real question is IF and WHEN an open door is found and thus can be misused, how fast can you close the gap?

Most hacks and open doors when they are discovered find their way among those that are specialized in this field very fast. But how fast companies are in implementing fixes, either temporarily of permanent fixes, is usually something you can ignore and many companies on older hardware don't even publish firmware updates.

Golem.de had a nice article about this a few weeks ago that most hardware manufacturers actually are extremely slow in closing gaps, if at all!

I found in the time I'm using LEDE-openWRT that once errors have been found, they fix them within hours! You just recompile your own firmware with latest submissions and case closed.

Thus using openWRT and keep your firmware up to date when news hits the public about backdoors, etc there is a very small time-frame where hackers actually can abuse the available info to hack your router.

The experience I made with openWRT how they close gaps in the security within hours while I'm waiting on hardware manufacturers for months or even indefinitely before they bring out firmware with fixes made me to believe I only buy routers which support openWRT and first thing I do on every router is install latest firmware from openWRT.

I think if you keep your openWRT up-to-date that's the best course of action, but again, if you wanna know what to do to get 100% safety, I advise to forget about it as I personally think that will never happen.

This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.