Ask HN: What network equipment to buy to avoid backdoors?

4 pointssrmatto2y ago2 comments

I want to buy network equipment for my home, but I don't want there to be existing backdoors or backdoors added later. I am concerned a company like Eero for example could be persuaded by some three letter agency to add a backdoor that can be used to snoop my network traffic. Are there good open source options?

I'm looking at https://teklager.se/ for routers. But I can't find any good options for wireless access points?

Thanks for your help!

2 comments

2 comments · 2 top-level

mydriasis2y ago

You can get a router and install OpenWRT[0] if you're concerned about the firmware. For commercial stuff without a custom firmware, there's no real telling without downloading its firmware yourself and going through it, and even then in many cases you're going to be unpacking a linux filesystem which may-or-may-not contain a backdoor in the clear. There will likely be proprietary blobs therein that you'd need to RE as well. That is a lot of effort, and that's assuming that the blobs are even available, full images, or not encrypted, which for many manufacturers many of those conditions are not met.

Then, I saw a post floating around this morning where you can build your own router from scratch. Interesting proposal... I think if you want true knowledge of whether or not something is back-doored, you'll need a lot lot lot of information on the provenance on everything in the thing :) which is a tall order.

[0] https://openwrt.org/supported_devices

Sunspark2y ago

The suggestion in the other comment about OpenWRT is the way to go, but I will also suggest you can absolutely build your own router using a PC using OpenBSD or whatever you like. That's how it is done at scale.

Of course then you go down the rabbit hole of the ME/PSP is a backdoor independent CPU and OS.. except you're reading this on a machine using it.. so..