Skip to content

Telecom equipment makers seek a two-year extension on security testing

  • by
  • 3 min read

In a submission to the Department of Telecommunications (DoT), Manufacturers Associated of Information Technology (MAIT) has sought a two-year deadline extension on mandatory security testing of WiFi customer premises equipment (CPE) and routers. The DoT had previously extended this deadline from January 1, 2024, to April 1, 2024, in December 2023 and then again to 1 July in March 2024.

While there’s no word from MAIT as to why the extension is being sought at the time of writing, the submission does point out that since there are only three labs accredited to carry out the testing, the cost of these tests is very high. The submission further adds that security certifications for such equipment should be done voluntarily.

These certifications were mandated to enforce new amendments to the Indian Telegram Rules in 2017. According to the amendments, every telecom equipment must undergo mandatory testing and receive due certifications before selling, imported, or used in India. The Telecommunications Engineering Center (TEC) is supposed to accredit labs that will carry out the testing, and based on the reports, the TEC will issue necessary certifications.

This is an image of router image1

The testing confirms that the equipment meets certain requirements before use. The equipment mustn’t degrade the performance of the network it’s connected to and must ensure that the end user remains protected from any breaches or data interceptions.

The requirements for WiFi CES and routers ensure that data can’t be intercepted between a WiFi router and a connected client, passwords aren’t stored in plaintext (stored as hashes or encrypted instead), and that the device is protected from brute-force and dictionary password-cracking attempts. They also directly protect end-users with requirements like users shouldn’t be verified using methods that can be spoofed like phone numbers or IP addresses. Software updates to routers should be safe and based on code-signing certificates.

The DoT has been rather active in the security field recently. It previously had instructed telecom service providers (TSPs) to block incoming calls displaying Indian mobile numbers. Earlier on May 23, the DoT also identified nearly 680,000 phone numbers as having been obtained via invalid, non-existent, or fake proof of identity, address, or KYC documents using an AI-driven analysis. This required telecom providers to re-verify all flagged subscriber accounts properly.

In the News: Researcher finds now-patched flaws in Cox Modems

Yadullah Abidi

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

Related Reads

This is an image of telecom tower

South Korea’s biggest telco discloses data breach

This is an image of chatgpt featured 21324132

Washington Post partners with OpenAI to ensure ChatGPT gets news right

This is an image of https 3344700 1280

SSL.com patches abused certificate issue vulnerability

Photo: koshiro k/shutterstock. Com

OpenAI report claims its latest models hallucinate more

What is a hack? 9 different types of hackers you must know about

New RustoBot malware hijacks routers to inject commands

This is an image of wordpress featured 9924

Ad-fraud operation monetises piracy via WordPress plugins

>