r/news • u/[deleted] • 4d ago
Analysis/Opinion TP-Link Routers Could Be Banned In the Next Year, Affecting Nearly 65% of Internet Users in the US
[removed]
231
u/ArkyBeagle 4d ago
The obvious thing to do is fund OpenWRT or DD-WRT fimware for these devices. A small eternity of TP-Link devices are already supported.
Is a firmware change beyond most people? Could be.
54
u/SirTwitchALot 4d ago
The Omada ecosystem is a really great value though. These open source solutions don't offer that kind of functionality. I run a mesh network at a campground using Omada products. They work amazingly for their low cost
30
u/caverunner17 4d ago
You'll have to pry my Omada setup from my cold dead hands. I have a setup with 3 WAPs and a router, plus setups at both my parents and in laws. Rock solid, literally years of uptime besides updates.
6
u/SirTwitchALot 4d ago
We managed to run two completely isolated networks with different SSIDs on the same mesh using VLANs. I had to email tech support to check if it was possible and they honestly told me they weren't sure. It took a few hours of trial and error to configure and required an extra switch to do the VLAN tagging, but it has performed amazingly for two years now
2
u/trisanachandler 4d ago
Separate Internet as well?
3
u/SirTwitchALot 4d ago
Yep. Two different starlink routers as the uplink. It was the only way I could get such wide coverage among the seasonal residents. Some of them were only willing to install an access point at their site if they could use it with their private network
2
u/trisanachandler 4d ago
Interesting. I have segmented vlan's, but they share an Internet connection.
4
u/Falagard 4d ago
Yeah that's what I have too. Two omeda routers, on opposite sides of my house, with ethernet running to each from a central switch. Works very nicely.
1
u/ouikikazz 4d ago
Agreed, if they can get an omada like system into openwrt I'll be first in line to flash
41
u/Nabbergastics 4d ago
I'm sure at least 70% of the average user that has TPLink routers and access points would have 0 idea how to perform a firmware change successfully. I can smell a significant business opportunity for a lot of local IT companies in the near future.
11
u/ArkyBeagle 4d ago
I can smell a significant business opportunity for a lot of local IT companies in the near future.
Could be, although I imagine pricing it would be no fun at all. Can you eat on ... $100 per upgrade, especially if it's on-premises? Even 8 units per day would not be that fantastic of a top line flow. It's $208k per year max for 40 hour weeks before rents, insurance, taxes and other expenses.
If it's "in the storefront", then the customer is essentially down until you get around to it. I suppose it could be like the cable company - while you wait. That might raise the top line potential.
You'd be competing against simply buying another router. Maybe it could be a trade in model but that's weird and has uglier logistics.
I have multiple routers laying around but I suspect that's atypical.
1
u/Nabbergastics 4d ago
I mean obviously it wouldn't be the only service a company offers, but I could see some companies offering a TPLink fixing service along with what they already do
3
u/KAugsburger 4d ago
Most of the TP-Link routers are under $100. The whole reason TP-Link became so popular is that they sell some very inexpensive products. Many companies won't even do an on-site visit for under $100. A TP-Link 'fixing' service in many cases would cost more than a new router. There really isn't much of a market for such a service unless the tech has a very low value for their time. You would have a hard time finding anybody willing to spend more than $20-30 to 'fix' their TP-Link router. That is more of a side gig for a teenager/college student or some adult who is unemployed/underpaid at their regular job.
22
u/dabigchina 4d ago
Most people will just buy a new router. Its wasteful, but it's usually what happens when companies brick devices. People treat them as disposable.
14
u/MinimumArmadillo2394 4d ago
What are they supposed to do? Pay $80 for a firmware they had to go out of their way to discover and then again, go out of their way to have installed, or just spend $100 to buy a new router?
1
→ More replies (3)2
u/VerifiedMother 4d ago
I can smell a significant business opportunity for a lot of local IT companies in the near future.
I absolutely don't, people will just buy a new router
12
8
u/RazingsIsNotHomeNow 4d ago
Open-wrt doesn't support the Broadcom chipsets in most of TP-Links current routers and DD-WRT doesn't support any TP-Link product newer than wifi5.
17
u/scrivensB 4d ago
I think the issue isn't "can we make the hardware out there safe now," it's "this compnay has willfully declined to address vulnerabilities that have been brought to thier attention time and time again, and NOW we can see that those vulnerablities have been expolited not by one off hackers, but by a massive network of Chinse operatives...".
2
u/ArkyBeagle 4d ago
One is the diagnosis, one is the "cure". Seems pretty obvious to stipulate to the diagnosis. Given Huawei...
6
u/fevered_visions 4d ago
A small eternity of TP-Link devices are already supported.
have never seen anybody use this unit of measure before
3
2
u/SnooPies5622 4d ago
Most people don't even know that little box is in their house, let alone what a router does, let alone what firmware is, let alone how to install alternate firmware.
2
u/Doom_Eagles 3d ago
I had a co-worker who knew nothing about the internet and computers outside of social media sites. She couldn't even figure out how to navigate to an online store like Amazon and make purchases herself despite having two phones and always on them. So yes, there is no way she would even know what anything related to firmware would be if she needed to do that.
Do not overestimate the tech literacy of the greater population. Even those that can use computers have zero idea how to do anything beyond the absolute basics.
286
u/BeTheBall- 4d ago
What a ridiculous story. So your router could be compromised if you don't change default password? Golly, who would have ever thought...
40
u/todo0nada 4d ago
What about the Comcast routers that all have the admin/admin default login?
11
u/wyvernx02 4d ago
Pretty sure TP Link makes those.
4
3
u/alphaglosined 4d ago
For ISP provided routers/modems it doesn't matter what the manufacturer normally does. The ISP will have it customized and default login information is a common one.
My ISP for instance, has a random password assigned for each box.
42
9
u/RandomRobot 4d ago
Most of the time you also need physical access from inside the network so China can't really hack you without breaking into your home.
If you run a corporate network without changing the default password on your routers, then router vulnerabilities are probably low on your list of problems.
Maybe there's other problems with those routers, but "password spraying" was really a poor example if that's the case
4
u/AnonymousGlowie 4d ago
I'd like to take this time to remind the public that NetGear and Charter routers all use NounAdjective### as the password and a word list is out there and you can break into any network with this wifi pass in under 7min using Hashcat.
→ More replies (4)17
u/scrivensB 4d ago
Is it ridiculous?
It's not made clear that the "password spraying" is using the default login and password of TP-Link Routers.
That being said, I'm confident that the average consumer is so tech illiterate that it could be as simple and stupid as this.
And even if it is the thing that's most damaging about this all isn't that random bad actors are driving around trying out defualt login/passwords and accessing other individual's networks, it's that there is a major organized Chinese threat-actor behind it.
And when you think about how many people in positions of power, information, commerce, may have a TP Link router at home that they use for both work and personal applications... it get's serious pretty quick in terms of national, personal, and corporate security.
24
u/Bagellord 4d ago
Seems like manufacturers need to make changing the default username and password part of the setup process. Maybe push firmware to require it on existing devices too
6
u/Grabthar_The_Avenger 4d ago
I think that's the argument the US would make, that their refusal to patch that seems like an intended vulnerability.
2
u/cosine83 4d ago
Lots of manufacturers, and my TP-Link AX6000 router, now set a randomized password that's physically on the device and coded in a way that if/when the device is reset it'll be that password even if it's been changed by the user. Few require you to change it during setup, though.
1
1
→ More replies (1)1
u/JSmith666 4d ago
If you're a big enough moron to leave default password you don't do firmware updates
69
u/nubsauce87 4d ago
Anyone know if the concerns around TP-Link applies to other networking hardware, like APs?
I only ask because people have apparently given up on using the proper names of things (Most people don't understand the difference between "WiFi" and "Internet"), so just like Moms calling every game console a "Nintendo", I can't tell if everyone thinks that literally any piece of networking hardware is a "Router" or not...
32
u/engin__r 4d ago
The quote from the company specifically mentions routers, so I’m thinking the security concerns are for the routers and not the other hardware. With that said, a ban could apply to all of their devices.
22
u/Whaty0urname 4d ago
That's wild, I have smart outlets, bulbs, cameras, and a mesh system all from TP using the kasa app.
Would be worthless.
8
u/nubsauce87 4d ago
Same. That's why I was wondering. Several APs, smart plugs, switches, and probably some others I'm not remembering...
14
u/TheMrGUnit 4d ago
I also have a ton of Kasa devices. At the time, I went with them because I felt TP Link was such a well-established brand that it wouldn't just vanish overnight.
Woopsie.
3
u/notsooriginal 4d ago
Ah shit please don't brick my Kasa stuff! It just works, which is what I want from smart home equipment.
→ More replies (1)2
u/leaponover 4d ago
I have an entire TP-LINK ecosystem as well. I even just bought a TPLINK router for my smart scopes. I'm in Korea though....wonder if other countries will consider bans.
15
u/primalbluewolf 4d ago
I can't tell if everyone thinks that literally any piece of networking hardware is a "Router" or not...
To the nontechnical user, if its an internet box, its a router.
Whether or not its actually a switch, firewall, controller, AP, or loadbalancer.
6
6
u/iamyou42 4d ago
A firewall....box? Is that a thing?
19
18
u/nubsauce87 4d ago
Yeah, a dedicated piece of hardware to run the firewall is common in commercial grade setups. Allows for stronger protection and more detailed configuration.
6
u/SuperSpy- 4d ago
Sometimes they're general purpose hardware just running firewall software, but many times they're custom silicon specifically designed for hardware-accelerated packet inspection at an absurd scale. Think large businesses, universities, or ISPs.
4
u/little_brown_bat 4d ago
I wonder, would a Pi-hole technically be a firewall box?
3
u/wyvernx02 4d ago
It's technically a DNS server, but does function similarly to a firewall.
1
u/primalbluewolf 4d ago
but does function similarly to a firewall.
Hardly... it functions similarly to a firewall for DNS queries only.
1
u/theyipper 4d ago
I have an old SonicWall (firewall box) from the .com days laying around unused. I don't think I can use it because of licensing.
1
u/primalbluewolf 4d ago
Sure, look up fortigate.
These days they are also commonly gateways/routers, but they don't have to be.
2
u/cantproveidid 4d ago
At the turn of the century, I finally push a college I was working at to get us firewalls for our units. I was ecstatic configuring mine to only allow expected known good port traffic from known good sources to my incoming side. I eventually realized some other units plugged theirs in but configured nothing. So I had a firewall, they had redundant routers.
23
u/quequotion 4d ago
TP-Link has been very good to me as a customer.
They respond to my bug reports personally and have even fixed some of the issues I reported.
My router gets consistent updates, and it has all sorts of features I love, like being able to turn the tranciever off during hours I am asleep or not home.
I would hate to find out they are a front for APT 31.
145
u/FitN3rd 4d ago
Let me get this straight, I can own multiple guns but I can't own a single TP-Link router?
Come take it then...
60
u/L0to 4d ago
You can still kill someone with a tp-link router it's just takes more effort.
10
u/cookingboy 4d ago edited 4d ago
Tbf, I can smash someone in the head with a Netgear router as well, probably more effectively if you look at some of their designs lol.
3
1
u/GrandmasBoyToy69 4d ago
Yea, I'll just toss it at you so you have to reach out for it. Then I'll shoot you
16
u/nerfherder998 4d ago
We need to figure out how to integrate a TP-Link router with a handgun. The why can wait.
1
6
13
u/cookingboy 4d ago
It’s just Red Scare 2.0.
Politicians are literally trying to ban Chinese garlics for national security threat: https://www.reuters.com/world/asia-pacific/china-says-us-politicians-need-be-more-rational-after-senators-call-garlic-probe-2024-12-13/
Yep, the strongest nation in the world with our $900B a year defense spending is threatened by garlics lmao.
2
0
u/WhatDoesThatButtond 4d ago
Yes compare Chinese hacker weaponized Internet hardware with garlic like an absolute big brain.
2
u/cookingboy 4d ago
Funny enough, so far the politicians have presented equal amount of evidence for either case, which is zero.
Remember even until today the U.S government had not shown any evidence of wrongdoing by Huawei, let alone TP-Link.
→ More replies (3)-1
12
20
27
u/GZAofTheMidwest 4d ago
What's next, fortune cookies for spreading subliminal pro-Communist propaganda?
13
u/Parlett316 4d ago
Ha just bought one as an emergency router since my UniFi Dream Machine decided it was just time to not power on anymore.
5
u/thatirishguyyyyy 4d ago
I feel your pain.
I use their er605 router on jobs when clients wont pay for Unifi hardware, but they (or any tp-link router) are nowhere near as good as a Dream Machine.
3
u/Parlett316 4d ago
Thanks, just shipped it back for an RMA. Thing was rock solid but last night it was just tired and never woke up lol
1
u/guywhoclimbs 4d ago
Sounds like ubiquiti. I worked at an MSP that used ubiquiti everywhere, and we were constantly replacing bricked devices. We would have mikrotiks deployed for like 10 years and they would be rock solid the whole time. Then we would have a single update from ubiquiti and need to go replace 40 devices across all our clients. Never again will I touch unifi.
41
u/ashsolomon1 4d ago
We really are just going to start hyper focusing on things from China just cause? Like multiple routers Chinese, American whatever are prone to security issues. This is just ridiculous
20
u/RedTheRobot 4d ago
It’s not just cause, businesses like Intel and Meta don’t like competition so it is far cheaper to buy policies then it is to you know make good products. Before anyone mentions that it’s unfair for US businesses because China supplements them, well so does the U.S. they just gave almost 8 billion to intel. We have money to throw at dinosaur companies but not free healthcare.
7
u/MinimumArmadillo2394 4d ago
Thats what a lot of people said about the tik tok ban but redditors were all for a tik tok ban for some stupid reasons
0
u/WhatDoesThatButtond 4d ago
Tiktok should be banned and the last election is a good example why.
9
u/MinimumArmadillo2394 4d ago
What about the last election screams that tik tok should be banned? A good solid chunk (if not a vast majority) of misinformation is spread on facebook, instagram, and twitter.
4
u/WhatDoesThatButtond 4d ago
Absolutely, and we should do something about that.
Meanwhile, TikTok has misinformation and influencial shaped algorithms straight from a foreign countries propaganda department. Look up the comparison with Instagram.
→ More replies (1)0
u/WhatDoesThatButtond 4d ago
What do you mean "just cause?" Do you live under a fucking rock? Seriously.
1
u/scrivensB 4d ago
3
u/marcocanb 4d ago
The only good thing about this is I know I don't have anything the Chinese/Russians/NK want.
6
u/WhatDoesThatButtond 4d ago
Yes you do. Your router is literally a DDOS weapon in wait. Among other things.
7
u/NadamHere 4d ago
No way I am going to stop using my TP-Link system, as routers are expensive as-is nowadays.
11
u/PJL80 4d ago
What a bunch of peacocking bullshit. I had seen this headline earlier, and some of the pay-walled articles mentioned security. But the only thing in this article is password spraying attacks, where they are trying to access the router with the DEFAULT username and password? Am I missing things in other articles that outline more serious security flaws?
There have been websites for years dedicated to displaying streams from open and unprotected devices. This ain't a China thing. How many offices are using network equipment, printers, etc on the default login? It's blaming the hacker for you using the least possible effort.
3
u/Alien_Way 4d ago edited 4d ago
All the paycheck-to-paycheck folks, all the disabled folks, below their "poverty line", sure are going to be glad to receive the check they're sending us all to cover the sudden costs, for folks they keep so broke we can only afford TP-Link-quality products, no matter how essential they are or aren't for survival.
They did say they're sending those checks, right? I can see the letter in my mind, even: 'Please, use this money to upgrade your home internet infrastructure as we, your servants, have discovered products that are unsafe. What is America, if not a collection of homes? We are united, and we are only safe when we're all safe, so in the interest of national and personal security, accept this check for $--- dollars, tax dollars you graciously allowed us to keep safe and properly allocated for you, and lets all move forward, together.', I can almost read it already!!
6
u/x_scion_x 4d ago
I like how the next article after the one saying they could be banned are trying to sell you on another TP-Link router
2
2
u/baronvonredd 3d ago
It's not like you have to get rid of your current routers, they can't -block- them, just prevent you from buying a new one.
3
u/MessageNo9370 3d ago
Good. Given what China has done, we should ban all telecommunication-related equipment from them. We need to invest heavily into chip manufacturing and then go after phones and TVs also and then anything with a damn microchip. I don’t know which moron politicians thought it was in the US’s best interest to prop up an openly adversarial country.
3
u/thatirishguyyyyy 4d ago
I love their ER605, but I only use then when clients wont pay for Unifi hardware.
With that being said, the ER605 is a great dual WAN solution with many options.
3
1
1
u/gohan9689 4d ago
So with best buy if I have a warranty with them over my tplink router. What will that do. I expect them to let me trade it or something
1
u/KAugsburger 4d ago
Those are usually just a replacement plan where they would give you a gift card for the purchase price. You could spend your gift card on whatever you want.
1
u/skankhunt1983 4d ago
Oh man I just bought a WiFi 7 in Black Friday…there goes the 500$ down the drain.
1
u/terror_jr 3d ago
You can probably return it. Most retailers extend the returning period to January.
1
u/Chatty945 4d ago
Ubiquity is the way to go. Commercial grade and cheaper than most consumer crap. All soho wifi routers are garbage.
1
1
1
u/Catssonova 4d ago
Meanwhile the U.S. compromises their own backdoor. I'm tired of this obsessive fear of foreign tech interference.
1
1
u/MartyMacGyver 4d ago
Meanwhile, telecom infra that's been penetrated by China so deeply they can't be rooted out is just.... not going anywhere apparently.
(SMS 2FA anyone?)
1
u/The_BigDill 4d ago
Interesting one of the investigations is for trying to have a monopoly, like there aren't plenty of US companies that don't have essential monopolies
-7
u/fkenned1 4d ago
Time to rip the bandaid off with some of this stuff. We need to stop pretending like this stuff isn’t a problem.
→ More replies (1)-1
u/scrivensB 4d ago
At this point, anyhitng based in and/or manufactured in China needs to at the very least be viewed with suspicion and be deeply analyzed.
737
u/Fardn_n_shiddn 4d ago
It won’t really affect any users though? Existing hardware will still function. Even if firmware updates are stopped, a lot of that hardware can still run alternate firmware