FCC Delays Security Update Ban for Foreign Routers and Drones to 2029
The Federal Communications Commission (FCC) has pushed back the deadline for banning security updates on certain foreign-made routers and drones. Originally set for March 1, 2027, the prohibition on these updates will now take effect no earlier than January 1, 2029. This delay, announced by the FCCโs Office of Engineering and Technology (OET), provides a longer window for organizations and consumers to adapt.
This decision impacts devices from vendors deemed a national security risk, primarily those with ties to adversarial nations. While the intent is to mitigate supply chain risks and prevent potential backdoors, extending the deadline means these devices will continue to receive patches for an additional two years. The Record by Recorded Future highlighted this shift, noting the original deadline would have meant a hard cutoff for security support.
For defenders, this is a double-edged sword. It grants more time to plan replacements and transition away from affected hardware, reducing immediate operational disruption. However, it also means a prolonged reliance on devices from vendors already flagged as high-risk, potentially extending exposure to state-sponsored compromise if vulnerabilities are exploited before the ban takes full effect. CISOs need to factor this extended timeline into their hardware refresh cycles and risk assessments.
What This Means For You
- If your organization relies on foreign-made routers or drones that may fall under the FCC's ban, you now have an extended window until 2029 to plan for replacements. Do not see this as a reprieve to ignore the problem. Instead, use this time wisely: audit your inventory, identify affected devices, and accelerate your strategic shift to trusted hardware. The attacker's calculus remains the same โ exploit the weakest link, regardless of government deadlines. Prolonged reliance on high-risk devices means prolonged exposure.
Written by SCW Research
Related coverage on
Google: AI Used to Develop Zero-Day Exploit for Web Admin Tool
Researchers at Google Threat Intelligence Group (GTIG) have identified a zero-day exploit for a widely used open-source web administration tool that was likely developed using...
Cl0p Ransomware: UK Water Company Fined for Two-Year Undetected Breach
The UK's Information Commissioner's Office (ICO) has levied a significant fine against South Staffordshire Water following a protracted breach by the Cl0p ransomware group. The...
Dirty Frag: Linux Kernel Hit by Second Major Flaw in Weeks
The Linux kernel is facing a critical new vulnerability, dubbed 'Dirty Frag,' allowing local privilege escalation. This is the second major flaw in the kernel's...