TP-Link faces ban from US. Hijacked TP-link routers being hacked by Chinese state hackers.

Do you know if this is applicable just to routers or does it affect boosters / repeaters also?
 
  • Like
Reactions: DBK
That’s a shame. They make some good kit and I have found their support to be excellent.
 
Do you know if this is applicable just to routers or does it affect boosters / repeaters also?
I suspect the software is shared across platforms and would all be suspect.

Subscribers  do not see these advertisements

 
I have a GL-inet Chinese mifi. Love it. How would I find out if it has the same deliberate design/vulnerabilities?
 
I have a GL-inet Chinese mifi. Love it. How would I find out if it has the same deliberate design/vulnerabilities?
I am sorry I can't help on that one.
 
I don't really understand the details of this. We have a portable sim unit we use abroad. What problems could we have? we connect our phones and use the wifi data. Maybe look at our security cameras now and again.
 
PS: My advice would be to dump tp-link. This has been the case for a while now.

PS: My advice would be to dump tp-link. This has been the case for a while now.
Yep, they have good products at reasonable prices… however through my work, which can at times involve sensitive and valuable personal data, I’d been made aware of the undertones around TP Link and possible snooping and vulnerability risks, and instructed to swap out the TP Link devices (Router and the WiFi Boosters) that had originally supplied to me for my home working set up - this wasn’t down to any specific incident I know of, just the possible threat of something sinister, and the risk of damage it may cause - so I’m not surprised to see this coverage coming up more widely.

Networking and communications devices like domestic routers, internet boosters, WiFi cameras etc. where your data gets managed for you on the data systems of such overseas organisations as TP-Link, are well up there for the potential of sinister activities, and it a risk area worth thinking about - I agree with the OP- if you can, look at other alternatives to this particular brand for home internet routers and boosters…

Subscribers  do not see these advertisements

 
I don't really understand the details of this. We have a portable sim unit we use abroad. What problems could we have? we connect our phones and use the wifi data. Maybe look at our security cameras now and again.
We too have a portable TP link router for travelling and will do some bank transfers whilst away so not good to hear. I wonder if they will be looking at our holiday phtos too !
 
I don't have a TP Router but have WiFi boosters and cameras that run from virgin router. Not being a technophobe can anyone tell me what the risks are for online use eg banking.My laptop uses WiFi but runs from virgins WiFi .
 
Back in 2020 the US has banned a lot of Chinese network equipment over concerns around security.

The cynics would say they have done it so there own companys can step in. I believe the UK had issues with Huawei on the 5G networks and banned those.

From Tinternet

There advice was If you are using IT technology from Chinese companies, it would be a good idea to start looking at alternatives. The China-based companies currently under the ban are:

  • Huawei
  • ZTE
  • Hytera
  • Hikvision
  • Dahua
Companies not under ban that make comparable IT equipment are (as of this writing):

  • Microsoft (U.S.)
  • IBM (U.S.)
  • Oracle (U.S.)
  • HP (U.S.)
  • Cisco (U.S.)
  • Juniper Networks (U.S.)
  • Arista Networks (U.S.)
  • TCS (India)
  • Nokia (Finland)
  • Samsung (South Korea)
  • Ericsson (Sweden)
 
Gromett This is an interesting watch, it's long and takes a little awhile to get to the nitty gritty.

 
I had a TP router for years, until it failed. Now I use the one supplied by my internet provider. How would I know who's made it?

Subscribers  do not see these advertisements

 
I had a TP router for years, until it failed. Now I use the one supplied by my internet provider. How would I know who's made it?
You don't need to worry if it was supplied by your internet provider. They will provide security updates and if not available send out a replacement.
Security becomes their responsibility. They are for the most part good on this.
 
A lot of TP-link routers allow you to install third-party firmware.
I played with open-wrt many years ago. Probably a good way to resurrect old or vulnerable routers.
However, maybe not for the tech novice perhaps? I always had a couple of spare routers lying around in case I messed thing up and needed to reset.
 
Gromett This is an interesting watch, it's long and takes a little awhile to get to the nitty gritty.


I tried but he is so slow and ponderous. I gave it 5 minutes and couldn't bear doing another 25 sorry :(

Subscribers  do not see these advertisements

 
I also have a TP-link booster, should I worry about that?
I personally wouldn't trust tp-link anymore.

Basically the problem is that they allow vulnerabilities to persist for a long time sometime never fixing them. This leaves you open to having it hacked.
 
I tried but he is so slow and ponderous. I gave it 5 minutes and couldn't bear doing another 25 sorry :(

The practical interesting stuff to do with the actual hardware and how he hacks it starts about 5.30. It's ineresting that he unsolders the chip for the firmware extraction.
 
The practical interesting stuff to do with the actual hardware and how he hacks it starts about 5.30. It's ineresting that he unsolders the chip for the firmware extraction.
If it requires hands on of the device it is not a security issue I would worry about to be honest. EVERYTHING is hackable if you can take possession like that.
There is no such thing as perfect security.

However, remote execution vulnerabilities. Such as the CVE-2024-5035, as a single example would be really scary one.


The first rule of writing secure code is NEVER trust user input. It should always be filtered, validated and restricted to specific inputs.

If they are having issues with this first rule, then I am not sure how much trust can be given to the rest of their code.

As you can see from the article and I repeat here.

1734795115151.webp


The appear to kill of security updates pretty quickly.
 
I would like to see a new law where any device connected to the internet has to have at least the following.
For 5 years from time of sale to the end user - guaranteed and timely security updates for all security issues no matter how minor.
A user interface that will notify the user of an available security update.
A user interface that will notify the user when such updates are no longer being produced with a warning of the implication.
Each device must ship with a unique username and password combo not a default setting. OR must force the user to select one before going active.

For routers without a screen, the notification may be a simple bright red flashing LED.

The manufacturers of these devices need to take more responsibility for the damage they cause to the internet by weak security.
 

Join us or log in to post a reply.

To join in you must be a member of MotorhomeFun

Join MotorhomeFun

Join us, it quick and easy!

Log in

Already a member? Log in here.

Latest journal entries

Back
Top