The Commerce Department has proposed barring sales of TP-Link products, citing a national security risk from ties to China, people familiar with the matter said.

Access options:

  • chronicledmonocle@lemmy.worldEnglish
    391·
    22 hours ago

    All WiFi routers should run OpenWRT or another open source solution. There is nothing in these black boxes that needs to be closed source. They’re WiFi and NAT FFS.

  • tal@lemmy.todayEnglish
    8·
    20 hours ago

    I think that, TP-Link aside, consumer broadband routers in general have been a security problem.

    • They are, unlike most devices, directly Internet-connected. That means that they really do need to be maintained more stringently than a lot of devices, because everyone has some level of access to them.

    • People buying them are very value-conscious. Your typical consumer does not want to pay much for their broadband router. Businesses are going to be a lot more willing to put money into their firewall and/or pay for ongoing support. I think that you are going to have a hard time finding a market with consumers willing to pay for ongoing support for their consumer broadband router.

    • Partly because home users are very value-conscious, any such provider of router updates might try to make money by data-mining activity. If users are wary of this, they are going to be even more unlikely to want to accept updates.

    • Home users probably don’t have any sort of computer inventory management system, tracking support for and replacing devices that fall out of support.

    • People buying them often are not incredibly able to assess or aware of security implications.

    • They can trivially see all Internet traffic in-and-out. They don’t need to ARP-poison caches or anything to try to see what devices on the network are doing.

    My impression is that there has been some movement from ISPs away from bring-your-own-device service, just because those ISPs don’t want to deal with compromised devices on their network.

    • jubilationtcornpone@sh.itjust.worksEnglish
      2·
      4 hours ago

      A long time ago, for whatever reason, I decided to do a port scan on my entire WAN subnet. That’s how I discovered that a certain brand of DSL modem (I don’t recall which) made the admin portal accessible from the WAN. And of course the credentials were admin/admin.

      I think most hardware providers do better now but it was just mind boggling to me that it even happened in the first place.

      • tal@lemmy.todayEnglish
        1·
        3 hours ago

        Honestly, even limiting it to, say, the WiFi network, having a default admin login is not great.

        Like, Android isolates apps from the rest of your Android system, but not from touching the rest of the network. If any random app I install on my phone can reflash my WAP’s firmware or something like that, that’s not great.

    • Jason2357@lemmy.caEnglish
      5·
      19 hours ago

      Yes, this really is a situation where ISP managed devices could really be the right option for most -if they weren’t such terrible companies.

      • Phoenixz@lemmy.caEnglish
        7·
        19 hours ago

        That last part says it all, though.

        The ISPs are horrible companies, mostly, and that alone warrants that users should be able to have their own router

        I need a better router than my ISP wants to give me, then just give me the modem, I’ll do the rest

        • Jason2357@lemmy.caEnglish
          1·
          19 hours ago

          I agree, but for the reasons above, it’s a terrible outcome for everyone on the internet. The number of people who will keep their router up to date with security patches are abysmal. Fix the ISPs and it would work, but you can’t fix the situation where the majority of residential humans suck at managing routers.