.png)
The “black box” in your hallway exacerbates a power imbalance. At the FOSSASIA Summit 2026 Dheeraj Reddy Jonnalagadda is going to show us how to level the playing field.
Much of the history of the open source movement — and particularly the Free Software Movement — is a history of redressing power imbalances. When software is closed and code is kept secret, it becomes a tool for organizations to exert control over individuals. It allows vendors to compel costly upgrades, block interoperability, and hide vulnerabilities. For most of my adult life, I have worked to reduced these asymmetries, because I believe that the systems we rely on for our civil liberties must be transparent to be trustworthy.
In few places is this power imbalance more physical, or more intrusive, than the plastic box sitting in your hallway: the ISP-supplied router.
The Hidden Cost of the “Black Box”
We are asked to trust these devices implicitly. They mediate our banking, our private communications, and our work. Yet, for most users, they are total black boxes. We cannot audit the code they run. We cannot verify if they are patched against the latest CVE. We are effectively tenants in our own digital infrastructure, renting access from a landlord who holds all the keys.
But the cost isn’t just security; it’s sovereignty.
- Want to block ads network-wide? You can’t, because you don’t have root.
- Want to segregate your insecure IoT lightbulbs from your work laptop? You can’t, because VLANs are locked out.
- Want to use encrypted DNS to stop your ISP from selling your browsing history? Good luck changing those settings.
This is why, when we were curating the Cybersecurity & Privacy track for FOSSASIA 2026, we looked for talks that didn’t just discuss security in the abstract, but offered practical tools to reclaim it.
Meet the Speaker: Dheeraj Reddy Jonnalagadda
Dheeraj is a Senior Flight Software Engineer at Pixxel, where he builds embedded systems for space technology — a domain where “trust” isn’t a sentiment, but a verifiable engineering constraint. If code fails in orbit, the satellite is dead. He applies that same rigorous skepticism to the terrestrial hardware we use every day.
The Session: “Don’t Trash It, Hack It”
On Monday, March 9, Dheeraj is leading a session titled Don’t Trash It, Hack It: Reverse engineering secrets & repurposing ISP Routers.
This session is a masterclass in auditability. Dheeraj will demonstrate the process of:
- The Teardown: Analyzing the binary structure of a locked-down firmware image.
- The Breach: Uncovering hard-coded backdoor credentials (the ultimate breach of trust that vendors often leave behind).
- The Repurpose: Gaining root access to transform the device from a passive “ISP endpoint” into an active “User-Controlled Firewall.”
Why This Matters
This isn’t just about saving a few dollars on hardware or reducing e-waste (though keeping plastic out of the landfill is a noble bonus). It is about the fundamental principle that you cannot secure what you cannot understand.
If we want an Internet that is trustworthy — one that protects individuals rather than just serving as a vector for surveillance or crime — we need to start by owning the edge of the network. We need to move from blind faith in our ISPs to verified Trust.
Dheeraj is giving us the crowbar to open the black box. I hope you’ll join us to see what’s inside.
Join Us in Bangkok
- Session: Don’t Trash It, Hack It
- Track: Cybersecurity & Privacy
- When: March 9, 08:45 AM
- Tickets: EventYay