The post The New Wall: How the FCC’s Ban on Chinese Testing Labs will Inflate Flagship Phone Prices and Delay Launches appeared first on Daily CyberSecurity.

The intersection of constitutional law and cybersecurity enforcement, specifically the Seventh Amendment right to a jury trial in regulatory data privacy cases.
Central Conflict: Whether federal agencies (like the FCC, SEC, or FTC) can administratively impose monetary penalties for data misuse without a jury, or if such actions are "Suits at common law" requiring Article III court proceedings.

The post Telco Privacy Violation? Fine! No, Telco Privacy Violation, Fine. Supreme Court to Determine if FCC Can Charge Telcos for Data Breaches appeared first on Security Boulevard.

The Federal Communications Commission (FCC) is proposing stricter Know-Your-Customer (KYC) rules for robocalls as part of a broader effort to curb illegal calls and protect consumers. In a newly released Further Notice of Proposed Rulemaking, the agency outlined plans to tighten requirements for originating voice service providers, which are considered the first line of defense against unlawful robocalls. The proposal reflects growing concern that existing KYC rules for robocalls are not being consistently enforced, allowing bad actors to exploit gaps in the system. The FCC emphasized that stopping illegal calls before they enter the network remains the most effective way to reduce fraud and abuse.

Why the FCC Is Expanding KYC Rules for Robocalls

Under current FCC robocall regulations, voice service providers are required to take “affirmative, effective” steps to know their customers. However, regulators say some providers are failing to carry out adequate checks, resulting in a surge of illegal robocalls that defraud consumers and expose telecom networks to misuse. “Combatting illegal calls is our top consumer protection priority, and we are taking a holistic approach by attacking them at every point in their lifecycle.” The FCC noted that weak KYC rules for robocalls not only enable scams but also make it harder for law enforcement to track criminal activities, including drug trafficking and human exploitation that rely on anonymous communication channels.

Proposed Changes to KYC Rules for Robocalls

The FCC is seeking public comment on several measures aimed at strengthening KYC rules for robocalls and improving telecom KYC compliance. One key proposal is to require providers to collect more detailed customer information before granting access to calling services. This includes name, physical address, government-issued identification number, and an alternate contact number for all new and renewing customers. For high-volume callers, such as businesses or bulk calling services, the FCC is considering additional requirements. These may include collecting information on how the service will be used—such as marketing or political campaigns—as well as technical data like IP addresses used to place calls. The Commission believes these enhanced Know-Your-Customer rules for robocalls could deter fraudsters from entering the network and make it easier to identify them if illegal activity occurs.

Verification, Monitoring, and Data Retention

Beyond data collection, the FCC is also proposing stricter verification and monitoring under its updated KYC rules for robocalls. Providers may be required to verify customer identities using supporting documents such as government-issued IDs or business registration records. The agency is also exploring whether companies should retain KYC records for up to four years after a customer relationship ends, allowing time for investigations into illegal robocalls. Another key focus is ongoing monitoring. The FCC is considering whether providers should re-verify customer information when unusual activity is detected, such as sudden spikes in call volume or changes in traffic patterns. These measures aim to ensure that telecom networks are not continuously exploited by bad actors using false or stolen identities.

Tougher Penalties to Enforce Compliance

To strengthen enforcement, the FCC has proposed financial penalties tied directly to violations of KYC rules for robocalls. The agency is considering a base fine of $2,500 per illegal call, aligning penalties with the scale of harm caused. This per-call penalty structure is designed to discourage large-scale robocall operations, where millions of fraudulent calls can generate significant profits. The FCC believes that stronger enforcement will push providers to take telecom KYC compliance more seriously and close existing loopholes.

Recent Enforcement Highlights Gaps

The push for stronger KYC rules for robocalls comes amid ongoing enforcement challenges. In a recent case, the FCC proposed a $4.5 million fine against Voxbeam Telecommunications for allegedly routing illegal robocalls into U.S. networks. The investigation found that Voxbeam accepted traffic from Axfone, a Czech-based provider not listed in the FCC’s Robocall Mitigation Database. Under existing rules, such traffic should have been blocked, raising concerns about gaps in compliance and oversight. If adopted, the new rules could significantly reshape how voice service providers onboard and monitor customers, bringing telecom practices closer to the stricter identity verification standards already seen in the financial sector.

On Monday, the Federal Communications Commission (FCC) updated its list of insecure equipment, outlining its reasons for adding all consumer-grade routers made outside the US.

Effectively, this would stop foreign-made routers from being imported unless their manufacturers obtain an exemption, due to what the FCC called an “unacceptable risk to the national security of the United States or the safety and security of United States persons.”

We applaud decisions that make people more secure, but this one raises some serious questions.

Almost all routers

Virtually all consumer-grade routers are produced outside of the US, including those marketed by American companies. This doesn’t pose an immediate problem, because the ban would only apply to future imports. Products already in use or currently on sale could still be used.

But with no US-manufactured routers readily available, people may hold on to older, less secure devices for longer than they normally would due to a  lack of alternatives. That means routers that have reached end-of-life (EOL) might remain in use without updates or support.

The real danger

Although it makes sense to scrutinize untrusted routers in government and critical infrastructure environments, I don’t think banning SOHO (small office/home office) routers is likely to have a big impact on national security.

At first glance, you might think this kind of move is aimed at taking down some major botnets which thrived on internet-connected devices like cameras, routers, and video recorders. And the National Security Determination does mention these botnets.

But in most cases, the reason these routers can be used in botnets isn’t because they were made abroad, but because they are shipped with default credentials and unclear directions on how to change them.

Untrusted routers could lead to espionage and denial of service at critical times, especially where countries of origin have laws prescribing mandatory backdoors (like China). In those cases, it makes sense to avoid those routers in organizations that are “critical for maintaining functional communications, critical infrastructure, and emergency services.”

But many routers are manufactured in countries that have no such laws, and where there is little to gain from state-level espionage targeting US consumers.

Alternative safety measures

Before buying a new router, check with your Internet Service Provider (ISP) which models work with their services. Many ISPs publish lists of approved modems, and sometimes gateway devices, but they usually allow customers to use their own standalone router as long as it connects via Ethernet and supports the WAN type (DHCP, PPPoE, VLAN tags, etc.).

In practice, the best router for national security isn’t the one with a “Made in USA” label, but the one that gets patched as soon as a vulnerability is disclosed.

If you can afford it and haven’t already, upgrade to Wi-Fi 7 to help future-proof your setup while current models are still in stores.

You should also:

• Change your router’s default credentials to something less easy to guess.
• Check the vendor’s website for updates and confirm the EOL date.

For technically confident users, replacing vendor firmware with open-source alternatives like OpenWrt or DD-WRT can extend a router’s secure lifespan. But this comes with risks, including voiding warranties or potentially bricking your device. You should only do this, or have it done, if you’re comfortable troubleshooting.

---

We don’t just report on privacy—we offer you the option to use it.

Privacy risks should never spread beyond a headline. Keep your online privacy yours by using Malwarebytes Privacy VPN.

The FCC has officially added foreign-made consumer routers to its restricted Covered List, citing major cybersecurity risks. Find out what it means for your current devices.

The FCC will ban new foreign-made routers in the U.S. over security risks, unless approved by DHS or defense authorities.

The U.S. FCC announced a ban on importing new foreign-made consumer routers, citing unacceptable cyber and national security risks. The decision, backed by Executive Branch assessments, means such devices can no longer be sold or marketed in the U.S. unless they receive special approval.

Routers will be added to the Covered List, with exceptions only for those cleared by the Department of Homeland Security or defense authorities after the Department of Homeland Security or defense authorities verify they pose no threat to communications networks.

“Today, the Federal Communications Commission updated its Covered List to include all consumer-grade routers produced in foreign countries. Routers are the boxes in every home that connect computers, phones, and smart devices to the internet.” reads the announcement published by FCC. “This followed a determination by a White House-convened Executive Branch interagency body with appropriate national security expertise that such routers “pose unacceptable risks to the national security of the United States or the safety and security of United States persons.””

The U.S. “Covered List” is a security list maintained by the Federal Communications Commission under the Secure and Trusted Communications Networks Act.

It identifies communications equipment and services that pose national security risks to U.S. networks. Anything placed on this list is effectively banned from being authorized, marketed, or sold in the United States.

U.S. authorities warn that foreign-made routers create serious supply chain and cybersecurity risks, potentially disrupting the economy, critical infrastructure, and national defense. Policy guidance stresses reducing dependence on foreign components for essential technologies.

These routers have already been exploited by threat actors for hacking, espionage, and intellectual property theft, and were linked to major cyber espionage campaigns like Volt Typhoon, Flax Typhoon, and Salt Typhoon targeting U.S. infrastructure.

Manufacturers can still request Conditional Approval if their devices are proven safe. The rules apply only to new models, meaning existing routers already in use or previously approved can still be sold and used without restrictions.

Currently, only a few products, like drones and software-defined radios from SiFly Aviation, Mobilicom, ScoutDI, and Verge Aero, are approved. Router manufacturers can seek Conditional Approval, while U.S.-made devices such as Starlink routers are exempt.

The FCC warns foreign routers pose major supply chain and cybersecurity risks, potentially disrupting infrastructure and the economy. Weak security in home and small office routers has already been exploited for hacking, espionage, and data theft, and can also turn devices into botnets for large-scale cyberattacks.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, router)

The router sitting in your home — the one connecting every phone, laptop, and smart device on your network to the internet — is almost certainly made overseas. As of March 23, no new model of that device can receive U.S. market authorization unless it clears a security review by the Department of War or the Department of Homeland Security first.

The Federal Communications Commission updated its Covered List to include all routers produced in a foreign country, following a National Security Determination received on March 20 from a White House-convened Executive Branch interagency body.

The determination concluded that foreign-produced routers introduce a supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense, and pose a severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons.

The FCC's Covered List — established under the Secure and Trusted Communications Networks Act — carries real enforcement teeth. Equipment on the Covered List is prohibited from receiving FCC equipment authorization, and most electronic devices require FCC equipment authorization prior to importation, marketing, or sale in the U.S. Covered equipment is banned from receiving new equipment authorizations, preventing new devices from entering the U.S. market.

The national security determination cited three Chinese state-sponsored cyber campaigns by name. Routers produced abroad were directly implicated in the Volt, Flax, and Salt Typhoon cyberattacks, which targeted critical American communications, energy, transportation, and water infrastructure.

Salt Typhoon penetrated multiple U.S. telecommunications carriers and persisted inside their networks for months; Volt Typhoon pre-positioned itself inside U.S. critical infrastructure for potential future disruption; and Flax Typhoon operated a 260,000-device botnet largely built from compromised consumer routers.

Unlike prior Covered List entries that targeted specific entities such as Huawei and ZTE, this update applies categorically based on place of production, not manufacturer identity. That distinction matters enormously for the industry.

Virtually all routers are made outside the United States, including those produced by U.S.-based companies like TP-Link, which manufactures its products in Vietnam. It appears that the entire router industry will be impacted by the FCC's announcement concerning new devices not previously authorized by the FCC. Netgear, Amazon Eero, Google Nest WiFi, Asus, Linksys, and D-Link all manufacture in Asia. The one apparent exception is the newer Starlink Wi-Fi router, which the company says is manufactured in Texas.

The action does not strand existing users. Consumers can continue using any router they have already purchased, and retailers can continue selling previously authorized models already in their supply chains. Firmware updates for covered devices remain permitted at least through March 1, 2027.

The disruption falls entirely on new product cycles — which in a fast-moving consumer networking market means the freeze begins almost immediately.

A rule that bans new foreign router models while leaving millions of existing foreign-made devices completely untouched does not make U.S. networks measurably more secure today. Security researchers have noted that the Volt Typhoon attacks cited by the FCC as justification, primarily targeted Cisco and Netgear hardware — U.S.-designed products — pointing to software patching failures rather than manufacturing origin as the operational vulnerability.

A Conditional Approval pathway exists for manufacturers willing to pursue it. The Conditional Approval pathway requires companies to commit to establishing or expanding U.S. manufacturing for the products they want to bring to market. That is a significant industrial policy commitment on top of any security review, and one that smaller router vendors may find prohibitive.

The December 2025 drone ban used an identical framework — and as of publication, it had cleared exactly four non-Chinese drone systems while leaving major Chinese manufacturers fully blocked.

Also read: FCC Set to Reverse Course on Telecom Cybersecurity Mandate

The FCC bans new foreign-made routers over national security risks, a move that could reshape the US tech supply chain and impact pricing and availability.

The post US Bans New Foreign-Made Routers, Citing ‘Unacceptable’ Security Risks appeared first on TechRepublic.