The FCC has updated its Covered List — the registry of communications equipment deemed national security threats under the Secure and Trusted Communications Networks Act — to include consumer routers manufactured in adversarial foreign countries. Previously, the list targeted enterprise and carrier-grade equipment from companies like Huawei and ZTE. This expansion brings the ban down to the consumer and small-business tier.
For developers and infrastructure teams, this matters in two concrete ways.
First, if you're running a home lab, a remote office, or any BYOD environment that touches production systems, your router hardware now has regulatory implications. Cheap TP-Link routers (manufactured in China and commanding roughly 65% of the US consumer router market by some estimates) are squarely in the crosshairs. The FCC's move follows months of pressure from Congress after reports that TP-Link routers were exploited in Chinese state-sponsored botnet campaigns, including the Volt Typhoon operation that targeted US critical infrastructure.
Second, this accelerates a supply chain reckoning that enterprise networking already went through. Remember when the US government banned Huawei from 5G networks starting in 2019? Carriers spent billions ripping and replacing gear. Now a version of that is coming to the consumer market — and to every small company whose 'network infrastructure' is a $40 router from Amazon.
The practical question is what replaces them. US-manufactured consumer routers are essentially nonexistent at scale. The realistic alternatives are routers from allied countries (ASUS from Taiwan, Netgear designed in the US but manufactured in Vietnam/Taiwan) or open-firmware approaches like OpenWrt on commodity hardware. For dev teams running anything serious on their home or small-office networks, flashing OpenWrt on known-good hardware was already the right call — this just adds regulatory tailwind to that decision.
The deeper signal here is that the US government is extending its hardware trust boundary from carriers and enterprises all the way down to consumers. That's a significant policy shift. The Covered List was designed for telecom providers receiving federal subsidies — applying it to retail routers means enforcement mechanisms are still unclear. The FCC can prohibit the equipment from being authorized for import and sale, but there's no recall mechanism for the millions of units already deployed.
For anyone managing infrastructure: audit your remote workers' network gear. For anyone running a homelab that touches anything sensitive: treat your router as part of your threat model, not just a commodity appliance. The era of 'it routes packets, who cares who made it' is officially over.
<a href="https://docs.fcc.gov/public/attachments/DOC-420034A1.pdf" rel="nofollow">https://docs.fcc.gov/public/attachments/DOC-420034A1.pdf</a><p><a hr
→ read on Hacker NewsThe FCC maintains a list of equipment and services (Covered List) that have been determined to “pose an unacceptable risk to the national security Recently, malicious state and non-state sponsored cyber attackers have increasingly leveraged the vulnerabilities in small and home office routers produc
Next they'll come for our OpenWRT-flashable equipment.I've already done everything the article says to do years ago, but what happens when this equipment dies? Can I get a replacement, and is it flashable? I currently use "routers" as access points because it's the cheapest
This part of the press release seems pretty crucial:> Producers of consumer-grade routers that receive Conditional Approval from DoW or DHS can continue to receive FCC equipment authorizations.In other words, foreign-made consumer routers are banned by default. But if you are a manufacturer, you
This is the same thing they did to drones. It's corruption. It doesn't even make sense from an extreme isolationist point of view, because there's no path to create domestic manufacturing.I'm guessing the rest of this looks like drones, too: FCC approval is given only to American
Top 10 dev stories every morning at 8am UTC. AI-curated. Retro terminal HTML email.
Seems like now is as good a time as any for people who know how to do this to build their own routers with Pfsense, Opnsense, ClearOS, or one of the many other firewall/router distros out there.You can get an old desktop or laptop that's more than good enough to be a router for basically n