Report: US considers banning TP-Link routers over security flaws, ties to China
- Thread starter JournalBot
- Start date
That's quite concerning, depending on how broad a brush the USG might ultimately paint with or the follow on effects. TP-Link isn't just soho, their SMB Omada lineup is the first and afaik only direct competitor with Ubiquiti's UniFi. In my testing their WiFi performance is significantly better, and they've been ahead repeatedly on a number of valuable features like PPSK despite starting from much further behind. From what I've heard their routing isn't quite as good (surprisingly, given how absolute garbage UI was for ages) but since I only use OPNsense for that aspect it doesn't matter to me. I've deployed it for a lot of clients at this point including switching away from UniFi, and I'm not sure I should be concerned about switches or WAPs. Their management VLANs being isolated certainly doesn't guarantee they couldn't establish other channels. But if the AIO routing is the only issue it'd really stink to see that baby tossed out with the security bathwater.
It also again really leaves me wishing that the government could more regularly use finer grained tools like requiring source availability (not open source), repeatable builds etc. Bans are such a sledgehammer to resolve some pretty specific concerns, and the barriers around IP are really artificial. Lack of source code for infrastructure isn't just a China problem it's an everyone problem IMO and should simply be illegal. Regulatory bodies could also be funded and empowered to check for best practices and lack of backdoors themselves just as is done in many other areas from vehicles to food. But even in the 2020s there is still just so little imagination and problem solving amongst the political classes and it's depressing.
It also again really leaves me wishing that the government could more regularly use finer grained tools like requiring source availability (not open source), repeatable builds etc. Bans are such a sledgehammer to resolve some pretty specific concerns, and the barriers around IP are really artificial. Lack of source code for infrastructure isn't just a China problem it's an everyone problem IMO and should simply be illegal. Regulatory bodies could also be funded and empowered to check for best practices and lack of backdoors themselves just as is done in many other areas from vehicles to food. But even in the 2020s there is still just so little imagination and problem solving amongst the political classes and it's depressing.
Upvote
25
(26
/
-1)
This story does beg the question, what routers are "safe" in a very general sense for home use (safe meaning being able to lock down remote access to the settings from the Ethernet, restricting access to devices already in the LAN)?
I have a TP-Link, and two of its Ethernet ports got fried when I plugged in my NAS. (I thought the router had died. Turns out the old NAS killed it for some reason.) I've yet to order a replacement, since I had plenty of switches laying around that expanded the capacity enough for me to plug in all the wires I needed to. But it would be really nice to not have to use it because it leaks light through the vent grill from all the LED's inside it. I don't need/use repeaters or AP's. Most of the connections to it are hard wired, but I do need to have wifi for the phones. I run a NAS and I do what I can to explictly block external connections from the Internet. So all incoming traffic is from sites we first connected to.
Some brands are better than others, and I'm fairly brand agnostic as long as it meets my specific needs (which are not huge since I live in an apartment, and not a house anymore). I've been considering replacing what I have for a while even though it does what I need it to, because I don't trust a crippled device for long-term survival. And this news, unwelcome as it is, is enough to motivate me to go ahead and buy a Christmas present for the family.
For routers, I usually keep a new one on hand and order a new one after setting up the one I had on hand, to minimize down time (the whining is strong in this house if the Internet is down). I'd just use the current one as the backup once the new one arrives. But what's an economical, and reliable, and usually not hacked, brand?
I have a TP-Link, and two of its Ethernet ports got fried when I plugged in my NAS. (I thought the router had died. Turns out the old NAS killed it for some reason.) I've yet to order a replacement, since I had plenty of switches laying around that expanded the capacity enough for me to plug in all the wires I needed to. But it would be really nice to not have to use it because it leaks light through the vent grill from all the LED's inside it. I don't need/use repeaters or AP's. Most of the connections to it are hard wired, but I do need to have wifi for the phones. I run a NAS and I do what I can to explictly block external connections from the Internet. So all incoming traffic is from sites we first connected to.
Some brands are better than others, and I'm fairly brand agnostic as long as it meets my specific needs (which are not huge since I live in an apartment, and not a house anymore). I've been considering replacing what I have for a while even though it does what I need it to, because I don't trust a crippled device for long-term survival. And this news, unwelcome as it is, is enough to motivate me to go ahead and buy a Christmas present for the family.
For routers, I usually keep a new one on hand and order a new one after setting up the one I had on hand, to minimize down time (the whining is strong in this house if the Internet is down). I'd just use the current one as the backup once the new one arrives. But what's an economical, and reliable, and usually not hacked, brand?
Upvote
5
(6
/
-1)
^This. Switched to this from a Unifi platform 3 years ago. ProtectLi + OpnSense is probably the strongest "enterprise" grade router/firewall for the home. Yeah it's got a slight learning curve, but nothing that would daunt any arsian on these forums and the defaults out of the box are set for safety and simplicity. And for the technically adventurous, there is not a thing a Juniper/Cisco/Palo Alto can do that OpnSense cannot.
Upvote
6
(7
/
-1)
Damn. I really like my Deco mesh system. Hopefully it’ll last a long time because pretty much everything else I looked at was either way over kill for me or was complete garbage.
Upvote
7
(8
/
-1)
A bunch of consumers don't update their routers.
TP-Link sells popular routers.
China uses them for botnets.
...and the government thinks banning a particular brand is going to do...what, exactly?
I hate this timeline. It's fucking dumb.
TP-Link sells popular routers.
China uses them for botnets.
...and the government thinks banning a particular brand is going to do...what, exactly?
I hate this timeline. It's fucking dumb.
Upvote
54
(57
/
-3)
Yeah..... remember this? Blocking sales aren't gonna do jack shit if nation states wants to get in your router.
https://www.theguardian.com/books/2...nwald-nsa-tampers-us-internet-routers-snowden
Upvote
7
(10
/
-3)
I feel like US national security policy is more of a laughingstock every day. Ubiquiti is made in China too... where are we going to get our electronics?
I have zero interest in subsidizing American middlemen and greedy CEOs when there are perfectly good products for sale in other countries. Does anyone really think Elon Musk has America in its best interests? So what does made in USA have to do with anything??
I have zero interest in subsidizing American middlemen and greedy CEOs when there are perfectly good products for sale in other countries. Does anyone really think Elon Musk has America in its best interests? So what does made in USA have to do with anything??
Upvote
18
(21
/
-3)
Even if WiFi is needed, there are dedicated WiFi access points. Granted most of them are targeted at enterprises with enterprise pricing and configuration. The only reasonable option from what I've seen is Ubiquiti's APs, but they've pulled enough shady schenaniagains in the past that I'm not really comfortable recommending them. I do buy their networking gear, but that's only because I haven't found anything else at that price / feature point.
A dual NIC single board computer and a Unifi AP still comes in under $800.
Edit: just to be clear, all of this is a non-starter if you need something that just works out of the box.
Upvote
1
(2
/
-1)
Despite your confident tone, you haven't provided a shred of evidence for your assertions.
TP-Link omada equipment is not significantly cheaper than Ubiquiti (also made in China) and their performance is just as good. I've used their APs in commercial and residential buildings and have been pleased with their performance.
I don't need the wankery of a Ubiquiti setup.. I just want an easy to setup, rock solid reliable AP, router, switch and VLAN features so that different rooms can have their own network.
Upvote
10
(12
/
-2)
Funnily enough, TP-Link is the brand to compare against Ubiquiti. Specifically the Omada SMB line.
Upvote
4
(5
/
-1)
The US spy agencies want all comm gear to have US-made backdoors. They find it more difficult to compromise the supply chain of Chinese-made gear.
Upvote
10
(14
/
-4)
Disappointing but not terribly surprising. When networking gear is made cheap, the first thing to go is security.
Upvote
-11
(3
/
-14)
For most internet enabled routers with app controls, if you enable it's notifications (off by default) it'll ping you to update the router...
Which is way better than the old you don't know jack shit until you remember to go to their website, then manually downloading it and putting it on a thumb drive, then plugging it into the router, and then going into the router controls on a computer to install it...
I've never updated the old ass blue linksys routers before, but pretty much update my deco whenever a update comes out...
Upvote
3
(5
/
-2)
They put out frequent updates. I admit I haven't checked to see if those updates actually patch what they need to patch.
Upvote
11
(11
/
0)
This is nothing to do with how good or reliable-seeming the product is. The allegation is that the Chinese government mandates backdoors in the products and that TP-Link complies which is why Microsoft reported that the botnet is mostly made-up of TP-Link devices.
Yeah, just about everything is made in a Chine but that is different from the company allowing backdoors to be installed in the product.
Whether that's actually true is another matter... correlation (the botnet of routers) and causation don't necessarily jive. The botnet could be made-up of older routers which haven't been patched in ages (if you have a 5 year old router, it's pretty unlikely it's still getting updates). And if TP-Link is the most popular router, then it'd be easy to explain why there'd be a large botnet of old, un-updated TP-Link routers.
Upvote
18
(21
/
-3)
Uh.... wait until you realize that most routers regardless of where the conpany is from manufactures in China.....
The major players of Ubiquiti (American company), Cisco (american company), netgear (american company), eero (amazon owned), linksys/belkin (was american, now taiwanese), TP link (chinese) makes a lot of their equipment in China...
Most companies aren't gonna profit from this lol. The consumer pays the "tariff tax" and the government gets additional tax revenue.
Upvote
11
(12
/
-1)
RickRoyLeonPrisZhoraRacha
Ars Praetorian
Asus and Netgear are made elsewhere. And there are Ubiquiti (Unifi) products. I have Netgear (Orbi) that has been pretty reliable and allows for enet backhaul...
Upvote
3
(3
/
0)
I have around 25 of the KP125 and EP25, and my only complaint are the constant attempts to contact NTP servers in China (aliyun dot com), which are being blocked by my firewall. Looking at the total blocks since June, they average 1200 per day.
They’re also isolated in their own group for Kasa plugs, with no access to anything else on the network, or to the internet.
Upvote
6
(6
/
0)
My brother has a 3 node Deco TP Link mesh system, which has worked very well. He and his wife bought a new home recently which came with one of the small, Legrand networking enclosures and three Ethernet runs to different parts of the house. I bought them a TP Link ER605 small business wired router and an 8 port TP Link "Easy Smart" switch, which we installed in the enclosure, and put the mesh nodes into access point mode. You can use the Omada remote management service with the ER605, but we didn't enable this, and all the management is done locally. This system has worked with zero problems for a couple of months so far. Also, when I had a question about updating the firmware on the router TP Link tech support responded within a day.
This is nothing but FUD until they release some hard evidence(like exploits in source code or Wireshark logs) of TP Link devices doing something they shouldn't be.
Upvote
16
(16
/
0)
Probably would be easier to see which politicians pushing this (or their campaign donors) have interest/shareholder/stock in opposing networking companies.
Upvote
9
(10
/
-1)
Any list of which devices are compromised?
Like many others here, I own a bunch of TP-Link network devices - I bought into their Omada enterprise stuff and bought a controller, router, and a bunch of wireless access points. Everything’s nicely integrated now and outside of a tiny number of issues (no local DNS server for easy lookups?!?) they’ve worked pretty well.
Like many others here, I own a bunch of TP-Link network devices - I bought into their Omada enterprise stuff and bought a controller, router, and a bunch of wireless access points. Everything’s nicely integrated now and outside of a tiny number of issues (no local DNS server for easy lookups?!?) they’ve worked pretty well.
Upvote
4
(4
/
0)
AIUI (please correct me if I'm wrong) GL.inet have made their own fork of OpenWRT and it seems they're not all supported by mainline. So what you get there is effectively China-OpenWRT and if the things in the article concern you then that doesn't address them. If vanilla Open WRT supports the device then you can reflash that. They aren't particularly unique - a number of vendors and ISPs base their firmware on OpenWRT but if there's no mainline support (eg proprietary hardware drivers) then you can't use an open source build or it's missing key features.
Upvote
8
(8
/
0)
Actually, a lot a Cisco hardware has been hacked lately too. I would say if there is evidence any China made product is routinely high risk due to flaws or failing to respond to security issues a tariff should be set commensurate to the risk.
Also, the posts here are typically biased toward laissez-faire security and privacy standards. I suspect it's likely to be folks who are into the "don't do as I do, do as I say" computer security policy.
In other words their home kit is nailed down tight.
The part anti-tariff, one world, globalists conveniently forget is the flip side of tariffs is subsidies which are collected by the government and disbursed in ways presumably favorable to the people. Also, that many, many products have tariffs on them now and yet the USA is doing just fine, thankyou.
Last, there is a very legitimate issue with production of electronics which is simply China is very, very good at building consumer grade electronics, quickly and at a cheap price. It's likely the USA alone could not "on-shore" their system whatsoever. However, there are places where factories could be built with the right resources and cost structure that do not have CCP political and economic overhead built into every product; Viet Nam, Malaysia, Phippipenes come to mind.
Also, the posts here are typically biased toward laissez-faire security and privacy standards. I suspect it's likely to be folks who are into the "don't do as I do, do as I say" computer security policy.
In other words their home kit is nailed down tight.
The part anti-tariff, one world, globalists conveniently forget is the flip side of tariffs is subsidies which are collected by the government and disbursed in ways presumably favorable to the people. Also, that many, many products have tariffs on them now and yet the USA is doing just fine, thankyou.
Last, there is a very legitimate issue with production of electronics which is simply China is very, very good at building consumer grade electronics, quickly and at a cheap price. It's likely the USA alone could not "on-shore" their system whatsoever. However, there are places where factories could be built with the right resources and cost structure that do not have CCP political and economic overhead built into every product; Viet Nam, Malaysia, Phippipenes come to mind.
Upvote
-18
(1
/
-19)
Woo! I just received my Archer AXE75 and haven't even set it up yet... Should I be nervous?
Upvote
-3
(1
/
-4)
I have a router exactly like the one pictured in this piece.
It ended up dying at an inconvenient time…and I ended up being a Ubiquiti convert.
A UniFi Cloud Gateway, a U6- or U7-series AP (or two), and some Ethernet* are really all that’s needed for a solid setup with zippy speed and good coverage for most homes. Overkill? Maybe.
Their tools and apps are also pretty decent.
* = PoE+ switches are great here if PoE injectors are undesirable.
It ended up dying at an inconvenient time…and I ended up being a Ubiquiti convert.
A UniFi Cloud Gateway, a U6- or U7-series AP (or two), and some Ethernet* are really all that’s needed for a solid setup with zippy speed and good coverage for most homes. Overkill? Maybe.
Their tools and apps are also pretty decent.
* = PoE+ switches are great here if PoE injectors are undesirable.
Upvote
-3
(2
/
-5)
I know people like tp link and d link because they're cheap, but I've been suspicious of them for years due to their shoddy firmware and have never put one of their devices into my home network as a result
Upvote
-16
(3
/
-19)
Because TP link keeps pushing out garbage firmware and then just shrugs about fixing it once devices are hacked, they don't give a rats ass if they're products are being used for an active botnet, heck I almsot wouldn't be surprised if someone at the company is a CCP agent ensuring that it remains the case
Upvote
-17
(4
/
-21)
also wouldnt the obvious solution be to force manufacturers to enable software that allows consumers to update/replace the software easily using open source software like dd-wrt
Last edited:
Upvote
-1
(3
/
-4)
I have a pair of Deco XE200’s as APs, and they work great. They also can’t talk to the internet unless I allow it from the firewall, and internet is only needed to use the Deco app, get updates, etc.
Until someone publishes receipts, this feels like more CCP hysterics. That said, it’s not a great time to be tech illiterate. I’d be more concerned with a router/wifi device from a US ISP like AT&T, Verizon or Charter/Spectrum. Those clowns can’t even secure their own networks.
Until someone publishes receipts, this feels like more CCP hysterics. That said, it’s not a great time to be tech illiterate. I’d be more concerned with a router/wifi device from a US ISP like AT&T, Verizon or Charter/Spectrum. Those clowns can’t even secure their own networks.
Upvote
5
(6
/
-1)
Synology claims to make their equipment in Taiwan. I could probably have gotten by with just their router, but I added the mesh unit and it works fine. Much more user-friendly than the Microtik Routerboard I'd been using before. Microtik is a Latvian company and claim "European based manufacture" on their current product pages.
(I wasn't trying to avoid made in China... just worked out that way!)
(I wasn't trying to avoid made in China... just worked out that way!)
Upvote
7
(7
/
0)
I keep dancing around Ubiquiti because of the price, and because my home network is complex enough that it's a pricey endeavor. I finally went with Omada which seemed to be similar functionality at about half the price, but now of course I'm debating if that was the wrong move...
I'll probably stay the course for now, Ubiquiti seems to be going the Synology route with great products but a bit of product lock-in that I find unseemly. But then again I deal with this crap at work because they pay me for it. I want my home stuff to Just Work.
Upvote
6
(6
/
0)
uesc_marathon
Ars Scholae Palatinae
I'm really not a fan of authoritarian china, but man, when they complain that this is 'sinophobia' I might be scratching my chin and going 'yeah, you might be right'. TP-Link is fine, I've been using them for years in both business environments and at home, they're a sight better than Netgear and way more cost-effective than Asus. I can tell you stories about actual cheap network garbage and TP-Link isn't it.
China's control of speech, unfree press, 'social ranking' system, public surveillance, massive human rights violations, putting minorities in work camps where they get sterilized, and aggressive violation of international borders to attack dissidents and protestors is the problem, not China itself. I don't think these 'government authorities' are thinking about any of that, though, just 'China bad!'.
China's control of speech, unfree press, 'social ranking' system, public surveillance, massive human rights violations, putting minorities in work camps where they get sterilized, and aggressive violation of international borders to attack dissidents and protestors is the problem, not China itself. I don't think these 'government authorities' are thinking about any of that, though, just 'China bad!'.
Upvote
-6
(4
/
-10)
You're missing the key issue here. It isn't about where the product is manufactured. It isn't even about security. It's always been about profit.
The manufacturing and assembly of a product is a very small portion of the overall value-added. The lion share of the profit is always in the design and marketing of the product. This is why, despite the vast majority of Apple product being assembled in China, the profit mostly stay in the US. The value-added by the factory workers in China is actually very low, around like $40 per iPhone sold. Most of the value added is in Cupertino in the R&D and marketing.
This is why the US had no problem with China making most of our things all the way until a few years ago. The arrangement had always been that the rest of the world will provide the raw materials and low-cost labor to the US, while the US provide high-value like R&D and branding. This way, both side wins. Americans make lots of money doing the most profitable part, while lowly paid Chinese people help scale up American corporation's product which allow them to make even more money.
After a while, Chinese businesspersons realize that why must we stay making low cost items? Why can't we do the R&D and branding ourselves? And this is where you have companies like Huawei, TP-Link, DJI, who were able to use the vast manufacturing infrastructure in China to their advantage while also keeping the R&D in-house.
There's no surprise that these are the companies that the US is going after. They want Chinese people to keep making cheap stuff for them. But Americans want Chinese people to know their place, and not do how profit things that should only be reserved for Americans. This is the core of the conflict.
That is why they're citing security and democracy while going after these Chinese companies, trying to get them banned across the world. Because it's not enough to just protect the American market. They need to kill them in the rest of the world too, so as to not take profit away from the American encumbents.
Upvote
10
(15
/
-5)
Upvote
7
(12
/
-5)
Hey, my Linksys WRT1900 is a great router. Well, became great after I evicted the factory firmware for OpenWRT, turned the WiFi radios off and unscrewed the antennae, then added Ubiquiti and later Aerohive APs with a PoE switch.
At some point I'm going to grandfather's axe it, but might just call the replacement by the same name on the network, just because something that works so perfectly out of the box as to be worthy of the listed upgrades has sentimental value, you understand?
(Seriously, with the right software, the router hardware is very stable and capable).
Upvote
1
(1
/
0)
Still using mine. On OpenWRT 24.10 RC2, it handles 450Mbps no problem, but turn on SQM QoS, and it tops out at around 380Mbps while maxing out one of the two cores. Fine for now, because I'm only paying for 400Mbps, but in the future...
The SoC in the WRT1200AC is clocked at 1.2Ghz, but the manufacturer spec sheet says it should go up to 2Ghz, though I haven't found anyone that's ever reported being able to bump the clock speeds. It'd require a heat sink fan to be installed, but fortunately a fan header is already available.
What I'd really rather have is a Raspberry Pi 5 or CM5 with a dual 2.5Gbps ethernet hat/carrier with a nice little case, and then I could just keep the WRT1200AC as a dumb AP.
Upvote
0
(0
/
0)