The Commerce Department has proposed barring sales of TP-Link products, citing a national security risk from ties to China, people familiar with the matter said.

Access options:

  • tal@lemmy.todayEnglish
    7·
    5 months ago

    I think that, TP-Link aside, consumer broadband routers in general have been a security problem.

    • They are, unlike most devices, directly Internet-connected. That means that they really do need to be maintained more stringently than a lot of devices, because everyone has some level of access to them.

    • People buying them are very value-conscious. Your typical consumer does not want to pay much for their broadband router. Businesses are going to be a lot more willing to put money into their firewall and/or pay for ongoing support. I think that you are going to have a hard time finding a market with consumers willing to pay for ongoing support for their consumer broadband router.

    • Partly because home users are very value-conscious, any such provider of router updates might try to make money by data-mining activity. If users are wary of this, they are going to be even more unlikely to want to accept updates.

    • Home users probably don’t have any sort of computer inventory management system, tracking support for and replacing devices that fall out of support.

    • People buying them often are not incredibly able to assess or aware of security implications.

    • They can trivially see all Internet traffic in-and-out. They don’t need to ARP-poison caches or anything to try to see what devices on the network are doing.

    My impression is that there has been some movement from ISPs away from bring-your-own-device service, just because those ISPs don’t want to deal with compromised devices on their network.

    • Jason2357@lemmy.caEnglish
      2·
      5 months ago

      Yes, this really is a situation where ISP managed devices could really be the right option for most -if they weren’t such terrible companies.

    • jubilationtcornpone@sh.itjust.worksEnglish
      2·
      5 months ago

      A long time ago, for whatever reason, I decided to do a port scan on my entire WAN subnet. That’s how I discovered that a certain brand of DSL modem (I don’t recall which) made the admin portal accessible from the WAN. And of course the credentials were admin/admin.

      I think most hardware providers do better now but it was just mind boggling to me that it even happened in the first place.

      • tal@lemmy.todayEnglish
        1·
        5 months ago

        Honestly, even limiting it to, say, the WiFi network, having a default admin login is not great.

        Like, Android isolates apps from the rest of your Android system, but not from touching the rest of the network. If any random app I install on my phone can reflash my WAP’s firmware or something like that, that’s not great.