U.S. agencies back banning top-selling TP-Link home routers on security grounds

Posted by busymom0 1 day ago

U.S. agencies back banning top-selling TP-Link home routers on security grounds(www.msn.com)

17 points | 11 comments

mainecoder 1 day ago|

Why does this have to be a political issue the TP-Links hardware and software can be examined, this is not a difficult process that would need the greatest experts on earth a simple examination should show whether data is being sent to China or if there is any security issue that can be spoken of so far nothing. Might as well say sanction then because we need to make a distinction between a technical security flaw or economic and political reasons, if the security flaw is not articulated then it's safe to assume it is political.

halJordan 1 day ago||

If you look at the article there isn't any one claiming that tplink is in bed with the prc. Unlike say huawei or zte. It's not even that they're saying tplink could be compelled to give up data like alibaba or tencent.

Rather, it's that tplink has security vulnerabilities and those along with all other factors make it a national security threat. Other factors include, how pervasive it is in the market and how actively the Chinese are exploiting these flaws.

And to your point- soho devices are notoriously insecure, tplink especially. If youre not familiar then you simply must take your expert's advice on it.

This is more about preventing the next vpnfilter

whatevaa 1 day ago|||

In that case they should ban asus routers too.

hulitu 10 hours ago|||

> Rather, it's that tplink has security vulnerabilities and those along with all other factors make it a national security threat.

They shall start with Cisco then. Or backdoors do not count as "other factors" ?

highd 1 day ago|||

If you think identifying a hypothetical back door in something as complex as a router is not a difficult process you are simply uninformed.

mindslight 1 day ago||

> Why does this have to be a political issue the TP-Links hardware and software can be examined

Because while people are really frustrated with these issues in general, effective reforms require principled regulation (eg anti-trust unbundling of software/hardware, personal data protection) and are directly opposed by the US surveillance industry. So instead people channeled their built-up frustrations into the siren song a fascist demagogue promising to simply make it all better with the snap of his fingers, while he was actually backed by the surveillance industry eager to consolidate its power. So now the battle lines we've gotten are the US surveillance industry pitted against the Chinese surveillance industry, with US citizens losing either way.

potsandpans 1 day ago||

As an aside, something extremely annoying I've noticed about tplink is that every once in a while when I go to log into the router, it redirects to a tplink website and proxies my local router page through it.

Terrible.

zparky 1 day ago|

Yeah it's so annoying. Hitting back and stopping loading (or just hitting back) usually gets me to the page.

catlikesshrimp 1 day ago|

Msn refetence, pfft

https://www.wsj.com/politics/national-security/us-ban-china-...

https://www.cbsnews.com/news/tp-link-router-china-us-ban/#si...

>>The router-manufacturer TP-Link, established in China, has roughly 65% of the U.S. market for routers for homes and small businesses

Ban TP-link and tens or hundreds of chinese disposable brands will sell OEM TPlink routers, with even worse security.

Solution: all hardware IOT companies are responsible for any vulnerability discovered. ISPs are fined according to the number of vulnerable devices they connect. Watch responsible brands trying to cannibalize each other (discovering vulnerabilities) and ISPs actually caring about enforcing.

By "responsible" I mean recalls and replacements. Financial and penal responsibility.

IOTs will cost their actual price, without being financed by adversarial agents and bad manufacturing practices.

catgirlinspace 21 hours ago|

> ISPs are fined according to the number of vulnerable devices they connect.

That sounds like how we get ISPs only allowing ISP-provided routers and only devices from a few big manufacturers can connect. And things like phones running LineageOS not being able to connect.

catlikesshrimp 6 hours ago||

I was thinking new devices having to pass tests in the spirit of the electromagnetic interference tests for certification. Except models having to pass the tests yearly / quarterly / any time period. Such expenses would be covered by the manufacturer during the official life of the device offered by the manufacturer.

I understand your point. What you describe is happening in Australia. Hopefully any law targetting botnets and any other in the future has a clause forbidding this behavior of banning provider not approved devices when they are technically compatible.