Drilling down on Uncle Sam's proposed TP-Link ban

Posted by todsacerdoti 11 hours ago

Drilling down on Uncle Sam's proposed TP-Link ban(krebsonsecurity.com)

138 points | 134 commentspage 2

jwsteigerwalt 3 hours ago|

We are unfortunately getting to the point where the only option for non-power users will be to create an online account to run local hardware you own; just like Windows 11.

I run OPNsense with a collection of Unifi radios (local controller) with great success.

shanecp 4 hours ago||

This is a very one sided article. Shouldn't there be a comparison with TP-Link and all other brands available in-terms of security? Otherwise they're just targeting a company for political reasons.

Johnny555 2 hours ago|

The article is in response to a very one-sided government ban (well, reported ban) on TP-Link products. The company is being targeted for what appears to be political reasons, the article even said so in the first paragraph:

Experts say while the proposed ban may have more to do with TP-Link’s ties to China than any specific technical threats

cflewis 9 hours ago||

I've been really happy with the TP-Link smart plugs. I keep upgrading them as The Latest Standard That's Definitely The Real One This Time Trust Us Bro comes out, and the Matter ones are excellent. Getting an instant response from them is really nice. I see no reason to buy others.

I would buy only Hue but that's because I have more money than sense, and they don't actually make smart plugs last time I looked, they make plugs but label them all as lights in the app, which is more annoying than it sounds.

The real problem to solve ditching TP-Link _routers_ is that all routers are uniformly fucking awful, and all you are doing is choosing your particular poison. This is especially true after Apple exited the game so long ago. I use Google Wifi because it mostly works most of the time, but that's not glowing praise. But the world has become trained that rebooting a router once a week and praying that it works when it comes back is a perfectly normal state of affairs and we couldn't possibly do this any better.

microtonal 9 hours ago||

I would buy only Hue but that's because I have more money than sense, and they don't actually make smart plugs last time I looked,

Ikea makes Zigbee smart plugs with power monitoring (Inspelning) that are ~10 Euro here (probably $10 in the US). Also Zigbee does not have all the security issues, since it is purely local and will talk with whatever hub/bridge you choose, e.g. Homey, Hubitat, or if you want to go free software Home Assistant or zigbee2mqtt.

It's somewhat insane to me that people use WiFi plugs for actuating things that actuate real-life electrical devices. Even more from companies that have a bad security reputation. Zigbee or Z-Wave all the way or possibly Matter over Thread, but the only Matter device that I had (an upgraded Eve Energy plug) has been a pain.

I switched to Unifi gear (Cloud Gateway Max, two of their U7 access points, and a bunch of their managed switches) and they are a dream to set up. Making VLANs, associating VLANs with SSIDs, etc. is so easy. I had a TP Link managed switch and the interface was a huge pile of crap and I saved it several times after misconfiguration by virtue of it having a serial console. I only used it for two months or so because it was so frustrating.

hsbauauvhabzb 5 hours ago||

Iirc ikea zigbee range have been discontinued in favour of matter

tom_alexander 3 hours ago|||

> all routers are uniformly fucking awful [...] the world has become trained that rebooting a router once a week and praying that it works when it comes back is a perfectly normal state of affairs

My OPNsense router currently has 74 days of uptime, and that's just because I ran an update 74 days ago. I've never rebooted it to solve a problem. The only wrinkle is OPNsense (and pfSense) is at least an order of magnitude more complicated than your average consumer router.

OTOH, my ubiquity access point reboots itself every time I change any setting at all.

dmoy 1 hour ago|||

> all routers are uniformly fucking awful,

The mikrotik I've been using has been pretty solid, and super super customizable.

iamacyborg 9 hours ago|||

Eve smart plugs are solid and don’t have any unnecessary cloud stuff.

add-sub-mul-div 9 hours ago|||

I have some TP-Link smart plugs and was happy with them for a long time because their app could be used without an account. Then I recently got the new version of the app and it forces an account, there's no more guest mode. I'm done with TP-Link now.

throwaway173738 7 hours ago||

I bought a dedicated router and separate WAPs and cable modem and it works really well. The converged devices are terrible though.

giantg2 5 hours ago||

Regardless of what TP-Link says, the damage is done. I was recently looking for a bigger switch. I went with a use switch instead of buying a new TP-Link because I don't trust them. Now I just need more projects to fill my extra ports on the 24 port switch haha

garganzol 3 hours ago|

An unmanaged switch is not going to realistically have exploitable vulnerabilities, the chances of that are dim.

A router, a managed switch or something having an OS is another story.

giantg2 2 hours ago||

It's managed. I don't know, but I would bet that unmanaged switches have vulnerabilities too. Maybe they just aren't targeted.

ZeroConcerns 10 hours ago||

I don't have any particular opinion on TP-Link (never used their products), but the idea that a low-cost vendor targeting home and SMB users is somehow a state-level agent trying to compromise those users... needs evidence.

I mean, in the case of actors like Huawei, you can at least credibly make the argument that the continued access of their support staff to internal provider networks is a significant risk, but that vector is entirely absent here.

Sure, embedded firmware has been, is, and will continue to be a tire fire prone to embarrassing compromises, but containing those is mostly about notification and containment by government agencies (which the current US administration is doing their utmost best to kneecap) and/or large ISPs (which in the US have traditionally never cared).

Forcing "foreign" products off the market in favor of "domestic" replacements with the exact same, if not worse, flaws won't fix a thing, unless you put some pretty significant controls into place that nobody is willing to enforce or even outline.

hekkle 4 hours ago||

^^^THIS 100%. They are manufacturing low-cost products for home users. That is, if these claims are true, they have neglected a poignant question, why would they bother? They are targeting poor people's personal data, not businesses, not high-profile people, not government bodies.

thfuran 9 hours ago|||

But it does provide ample opportunity to profit personally, and that’s much more of a priority for the current federal administration than fixing anything.

abridgett 9 hours ago||

I'll just leave this little NSA intercepting Cisco products reminder here: https://arstechnica.com/tech-policy/2014/05/photos-of-an-nsa...

misiek08 9 hours ago||

But Sir! We are talking here between USA <eagle sound> versus rest of the world that’s unsafe and all the time attacking USA people privacy. Cisco is India based, not American!

disclaimer: not connected in any way with Cisco, just disappointed business customer.

kotaKat 8 hours ago||

SSL added and removed here! :)

neuroelectron 2 hours ago||

Seems hard to overestimate their market when if you go to Walmart 75% of the routers they have in stock are TP link

shmerl 7 hours ago||

OpenWRT is the way to go. If it doesn't run on it, I'd skip such router.

dangus 5 hours ago|

OPNSense on a dual NIC mini PC, the your WiFi comes from dumb APs.

Separating routing from WiFi has been the best thing I’ve ever done for my network.

shmerl 4 hours ago||

OPNsense is decent too. Problem is that running anything open on those AP will still be a mess unless they support something like OpenWRT ;)

Separating router from the AP was something I considered too for building a 10 Gbps network, since I haven't found any WiFi router that could also handle 10 Gbps wired without some accelerator chip requiring non upstream mess to work.

vjvjvjvjghv 10 hours ago|

If only there were US manufacturers that could produce things at a decent price and didn't actively hate their customers.

medoc 9 hours ago||

The fact that TP-Link products are vastly better and cheaper than all their numerous competitors is indeed a bit strange. You have to either think that all the people at Linksys, Netgear, D-link, etc. are incompetents or that something a bit out of the ordinary is going on at TP-Link...

tacticus 55 minutes ago|||

the other companies want higher profit margins.

vjvjvjvjghv 7 hours ago||||

I see that at the company I work at. US management at many companies is about doing the absolute minimum for a maximum of profit. It doesn’t allow for competence or long term investment so companies turn into empty shells.

dangus 5 hours ago|||

It’s not that unheard of. Does anyone make a better $999 laptop than Apple? Nope, the MacBook Air is faster and gets better battery life with zero fans and basically nothing on the market compares. That doesn’t make Apple “suspicious” more than any other company.

TP-Link is the best for the same reason Apple is the best. They just have the momentum of being in the lead.

I would also say that TP-Link isn’t wildly and unrealistically cheaper or anything.

Their prosumer/business Omada lineup is clunky and kinda sucks compared to Ubiquiti.

Zyxel WiFi 7 APs are more competitively priced than basically anything last I checked.

silisili 10 hours ago|||

Eero used to be pretty close. Years ago, I used to stalk the subreddit despite never owning an Eero just because the (US based) devs would often drop knowledge bombs. AFAIK they wrote the entire software stack in house.

I have no idea if that's still the case, especially post AMZ, but worth looking into if so.

havaloc 7 hours ago||

I miss the insider information. Some Redditors were not nice and they all left Reddit and their insider information stopped flowing, it's a shame, it was cool to see behind the development veil.

hdgvhicv 10 hours ago|||

I’m sure there’s some way to inject advertising - otherwise it’s just leaving money on the table.

ZeroConcerns 10 hours ago|||

I'm old enough to remember most cable modems and set-top boxes being manufactured in the US.

They were... not great...

blitzar 7 hours ago||

I am pretty sure the companies that made those, had a monopoly on them and charged $500 a piece went bankrupt too.

system2 10 hours ago||

There is, but corporate greed doesn't allow it.

More comments...