TP-Link routers may be banned due to national security concerns

[OVERKILL]

Can people just run OpenWrt ot Gargoyle firmware on those machines and still be fine?

OpenWRT supports 269 different TP-Link models, so I'd say yes, it's quite likely one could do that.

The problem isn't going to be the people reading this thread and asking that sort of question, but Joe Blow who doesn't and isn't interested in having to do that.

 

[TheOilWizard]

Microsoft is actually the primary source here.

The idea that TP-Link is inherently less secure is being proposed by the WSJ.

Microsoft is reporting the vulnerability and method of attack. All that Microsoft says is that the majority of the attacks were carried out using TP-Link routers, which, all things equal, would make sense since that particular brand carries the majority of the market share in the US. Google is saying 65%.

 

[OVERKILL]

NO overreacting here - been an IT guy for 35 years!
I've literally not even a HomeKit lightbulb who's firmware is not current

You sound like a perfect candidate to toss on OpenWRT.

 

[OVERKILL]

The idea that TP-Link is inherently less secure is being proposed by the WSJ.

It's being reported by the WSJ, but it's being proposed by the US government:

Investigators at the Commerce, Defense and Justice departments have opened their own probes into the company, and authorities could ban the sale of TP-Link routers in the U.S. next year, according to people familiar with the matter. An office of the Commerce Department has subpoenaed TP-Link, some of the people said.

Microsoft is reporting the vulnerability and method of attack. All that Microsoft says is that the majority of the attacks were carried out using TP-Link routers, which, all things equal, would make sense since that particular brand carries the majority of the market share in the US. Google is saying 65%.

The article also says it's 65% of the market, in large part due to the use by ISP's due to their low cost.

However, one of Microsoft's sources, linked in the Microsoft article I've shared in this thread, says the following:
https://blog.sekoia.io/solving-the-7777-botnet-enigma-a-cybersecurity-quest/

According to open-source publications, the Quad7 botnet is suspected to target different kinds of IOTs including IP cameras or NAS devices and SOHO routers, predominantly TP-Link. However, our investigation found that almost all – we cannot be completely certain – compromised assets were in fact TP-Link routers.

The bias in the analysis of compromised assets results from the fact that the operators of the Quad7 botnet try to disable the TP-Link management interface after compromising it by stopping the binary acting as a web server. Therefore, no TP-Link associated interface or banner is present in many results of online scanners such as Shodan or Censys.

 

[Hall]

OpenWRT supports 269 different TP-Link models, so I'd say yes, it's quite likely one could do that.

Just checked and my TP-Link in fact isn't supported

The problem isn't going to be the people reading this thread and asking that sort of question, but Joe Blow who doesn't and isn't interested in having to do that.

I'd venture to say that 75% of broadband users use the router their ISP supplies them so that pretty much rules them out entirely for 3rd-party firmware. Of those that buy their own router, what percentage of those are running the firmware they shipped with ? I'd say 50% are, then 45% have done at least one update (many routers now prompt you to during the initial setup), and 5% use 3rd-party firmware. Heh, 5% is probably high too !

 

[SwampSurvivor]

Anyone flashed any sort of 3rd party firmware on a Deco S4 setup?

That's what I'm using. At least it's not directly exposed to the Internet ... I have it sitting behind another NAT and it's truly only operating in access point mode.

 

[OVERKILL]

Just checked and my TP-Link in fact isn't supported

Wow, what model is it, if you don't mind me asking?

I'd venture to say that 75% of broadband users use the router their ISP supplies them so that pretty much rules them out entirely for 3rd-party firmware. Of those that buy their own router, what percentage of those are running the firmware they shipped with ? I'd say 50% are, then 45% have done at least one update (many routers now prompt you to during the initial setup), and 5% use 3rd-party firmware. Heh, 5% is probably high too !

Yeah, and I suspect this is exactly why the government is getting involved.

 

[OVERKILL]

Anyone flashed any sort of 3rd party firmware on a Deco S4 setup?

That's what I'm using. At least it's not directly exposed to the Internet ... I have it sitting behind another NAT and it's truly only operating in access point mode.

Here's the OpenWRT page for it:
https://openwrt.org/toh/tp-link/deco_s4

 

[Patrick0525]

Over the past 5 yrs, I have migrated to an opnsense router implementation, with Windscribe vpn using Wireguard, NextDNS.io, surricata, zenarmour, and AdGuard. I have been waiting for this day of reckoning.

Setting up Opnsense on an old PC is easy if u have network experience. Literally 5 min from a bootable USB stick. Other features listed require devout study and passion.

 

[y_p_w]

Just checked and my TP-Link in fact isn't supported

I'd venture to say that 75% of broadband users use the router their ISP supplies them so that pretty much rules them out entirely for 3rd-party firmware. Of those that buy their own router, what percentage of those are running the firmware they shipped with ? I'd say 50% are, then 45% have done at least one update (many routers now prompt you to during the initial setup), and 5% use 3rd-party firmware. Heh, 5% is probably high too !

Even those who buy their own equipment usually just want plug in play and have likely never accessed their equipments' setup/diagnostic/status modes where most devices install firmware updates. Most just use the default SSID and passwords printed on the label. My dad actually managed to get a new all-in-one cable modem to work by himself. All he had to do was plug it in, call up Comcast that it was plugged in, and it registered the modem.

I just wanted a quick start without having to mess with anything with a new Netgear Wi-Fi box for them, but was thrown for a loop when it didn't just connect to a known working internet source right out of the box. Turns out that I had to access the setup system for initial configuration even if it was all default settings. It forced me to enter a login password for any future access, and once it determined there was internet access it automatically downloaded the latest firmware. I don't think my dad would have been able to do this.

I also remember setting up home internet for the first time using ASDL. That was definitely not plug and play. The DSL modem needed a username and password, which could be provided by a computer or by most gateways. I had to enter a specific address via a webpage (a bunch of numbers) and then set it up to use PPPoE with the username/password. That was really painful too since it took about three weeks of calls to customer service before it finally worked because of some "provisioning" issue. But I didn't need to pay until it finally logged in and provided an internet connection.

 

[OVERKILL]

Over the past 5 yrs, I have migrated to an opnsense router implementation, with Windscribe vpn using Wireguard, NextDNS.io, surricata, zenarmour, and AdGuard. I have been waiting for this day of reckoning.

Setting up Opnsense on an old PC is easy if u have network experience. Literally 5 min from a bootable USB stick. Other features listed require devout study and passion.

Yup, and you can also e-bay/marketplace some older commercial gear that can be reprovisioned with Opnsense or PFSense, breathing new life into it for very little money.

 

[Patrick0525]

Yup, and you can also e-bay/marketplace some older commercial gear that can be reprovisioned with Opnsense or PFSense, breathing new life into it for very little money.

The most cost effective method is a refurb eBay Dell PC -$150 and a dual lan Intel nic 1Gb - $20.
No Realtek nic chip unless u like dropped packets.

 

[BMWTurboDzl]

The government let most of the country's industrial base go to China but routers and Tic Toc are evil. Makes sense to me.

https://www.investopedia.com/ask/answers/09/law-comparative-advantage.asp

 

[PandaBear]

My gut feeling is TP Link tends to use just reference firmware without too much adjustment, and has maybe slightly worse reliability because of that vs other consumer brands.

Security wise consumer brands are all pretty much the same. I'm sure all of them have some sort of similar flaws and the groups doing the worse is probably not CCP, but they probably are the only one who has a consumer electronics industry. The rule of "if you are important enough you will get hacked by someone" always apply. Pager made in Taiwan contractor get explosive installed by Israel and then blew up a terrorist network is pretty much what could happen to everyone if they really want to go after you.

Just FYI, I used to work in a US chip company and we had a policy of specifically not using Samsung branded electronics at work. I don't think Samsung is a national security issue but that's just common sense security measure. We all still use Samsung stuff for personal phones and home stuff without problem.

 

[PandaBear]

I agree with @alarmguy 's post. And also keep in mind that the WSJ is the primary source here.

Journalism is a career without much technology background. I remember BusinessWeek (or another small fly publication) that said SuperMicro had spy chip installed in PCB between layers in the past without fact checking that it is not something that can be done with existing technology and not being discovered (reliability will be a problem as well as QA will fail). Nobody come back for an apology after they tank SuperMicro's stock for no reason after that. The only explanation I can think of is some pump and dump financial scheme for SuperMicro or its competitors' share holders (HPE? Dell? Who knows). Don't trust a financial journalist for tech reporting.

Now SuperMicro is an AI darling and everyone wants in. Money talks.

 

[OVERKILL]

My gut feeling is TP Link tends to use just reference firmware without too much adjustment, and has maybe slightly worse reliability because of that vs other consumer brands.

They all use "spins" on busybox, customized in-house usually with the GUI and whatever other crap they feel like lumping in, like OpenVPN support for example. Whether their equipment is more vulnerable due to incompetence or malicious collaboration is of course an unknown at this juncture, but ultimately something needs to be done.

 

[OVERKILL]

The most cost effective method is a refurb eBay Dell PC -$150 and a dual lan Intel nic 1Gb - $20.
No Realtek nic chip unless u like dropped packets.

Yes, though not the most space efficient, but typically the best "bang for buck".

Here's a Sophos XG firewall converted to Opnsense I did:

Thread 'Sophos XG105 teardown'

Feb 27, 2024

Was cleaning out around my reload workstation and found this stuffed down the side of the UPS.

This was a pull from an SMB client of mine a few years back now. The unit never really performed all that well and it requires a subscription. The (Sophos) access point that was purchased with it was hot garbage and ended up being replaced with an Aruba unit (which is still doing the job, firewall is now Cisco). The WebUI was dreadfully slow and it was ultimately just very disappointing.

What caught my eye was the HDMI port:

Pulled the cover, nothing exotic in...

• OVERKILL
• Replies: 7
• Forum: Computers

• 

 

[y_p_w]

My gut feeling is TP Link tends to use just reference firmware without too much adjustment, and has maybe slightly worse reliability because of that vs other consumer brands.

TP-Link has been trying to pass themselves off as a "not Chinese" company. They claim that their sole "global headquarters" is now in Irvine, California. But the previous headquarters were theoretically in Singapore.

https://www.tp-link.com/us/press/news/21390/

I'm not sure what to make of it, since it's assumed that it's a Chinese company. I remember hearing that Broadcom's headquarters were in Singapore, which seemed kind of strange. Or Marvell's headquarters in the Cayman Islands (I think).

 

[BrendanC]

perfect timing. scheduled to demo all of the Omada gear out of my uncles house and go back in with ubiquiti. another reason to toss on the fire.

 

[eljefino]

Yeah, this whole scheme isn't about finding out Big Bill secretly likes to watch cat shows, it's about leveraging consumer infrastructure inside a geographic area to circumvent restrictions placed on traffic from known bad actors. While it's possible that some of these compromised devices might be exploited in a way that gains access to sensitive traffic, that's not the overarching goal, which is to gain a presence on networks that won't be restricted from accessing important domains within a country/region and then using that presence to exfiltrate information gleaned from these organizations through compromise/penetration.

In short, they're using our cheapo routers as a free VPN for their shenanigans.