Within the Volt Typhoon and Flax Typhoon assaults, the routers themselves weren’t compromised as a result of they have been foreign-made routers. Removed from it! They have been compromised as a result of they have been unpatched, Web-exposed, and end-of-life. The router producers have been no extra responsible of opening the doorways to those assaults than Microsoft is on your firm’s Home windows 7 PCs being hacked in 2026.
Solely the Salt Typhoon assault on Cisco IOS XE software program, which was working on enterprise-grade routers—particularly, ASR 1000 Sequence, ISR 4000 Sequence, and Catalyst 8000 Sequence edge platforms—could be linked on to Chinese language-made routers.
Guess what, although? You possibly can nonetheless purchase, use, and deploy this Cisco {hardware}, which is used as core routers by high American telecoms resembling AT&T, Verizon, and T-Cell. Uncle Joe desires to exchange his router with a brand-new Wi-Fi 7 mannequin router? Nope, he can’t do it. Multi-billion-dollar corporations determine to exchange important infrastructure routers that carry billions of messages each day? Positive, go for it!
, if it have been me, I’d be taking an extended, laborious take a look at the precise fashionable enterprise networking gear that we all know has been breached. Why isn’t the FCC doing this? Darned if I do know.
Even the FCC acknowledges that a few of Cisco’s issues don’t have anything to do with who made the {hardware} and the place it was constructed. For instance, the actually terrible CVE-2023-20198 vulnerability, with its CVSS rating of 10, was all a couple of boneheaded safety gap in Cisco IOS XE Internet UI, not the firmware or {hardware}.
The FCC argues, nevertheless, that client routers pose distinctive dangers as a result of they’re deployed in tens of millions of houses with minimal safety oversight, thus making them supreme for botnet infrastructure. I can’t argue with that. However that has nothing to do with who made these gadgets and the place.
