what do you think about this news? I've used TP link for a while, should I keep using it?
US lawmakers urge probe of WiFi router maker TP-Link over fears of Chinese cyber attacks
- Thread starter Oscar0411
- Start date
what do you think about this news? I've used TP link for a while, should I keep using it?
It's fine. This is just politicians doing politician stuff.
Twiglets
Senior Member
If you are paranoid enough (read as 'Politician'), then *any* technological device made in China is a *possible* risk.
This is because the CCP has a law mandating that they can order any company to do whatever they ask. [Because 'National Security' etc.]
The real question is whether the risk is real.
With so much stuff being made in China for a huge number of companies globally, this is a hard question to answer.
Is any product made in China any safer than another also made in China and can you prove it ???
Global companies can check devices made in different countries for obvious differences *but* this is unlikely as it is too easy to spot.
Flaws in software are very hard to catch and then you have to ask are they 'deliberate' or just yet more 'Buggy Software' ... Microsoft is quite capable of producing such 'Buggy Software', for example, are they planting cyber flaws or just making mistakes like many other software companies.
At the end of the day you are having to trust *everyone* regardless of whether they are China or the USA or Europe etc etc
>>> The main question for you personally is how much of a target are you ? <<<
Are you involved in something that *would* be of interest to a foreign power or company etc ?
What is considered *safe* kit in your industry ?
Who can you trust to provide the *safe* kit ?
Who can you trust to configure the kit to your needs ?
Are you able to source the kit from a supplier that makes the kit in a *safe* country ?
Has the kit gone through any certification that you can trust ?
Can you add some form of encryption to your workflow to protect the documents/output in its own right ?
Most of these answers lead to having to pay for your assurances by buying more expensive kit that is aimed at professional use.
Big name brands tend to give some assurances of the quality of their kit ? [Again this comes down to you having to trust someone !!!]
At the end of the day noone can give assurances that you will be 100% safe using certain kit *BUT* it is reasonable to expect that the large companies that serve professional use of their kit will have a large number of people focused on keeping their kit safe, because there is a large amount of money to made.
Cheaper domestic use kit tends to be more limited in functionality, quicker to reach EOL and generally considered to be more or less disposable.
This does not mean that domestic use kit is *bad* or *useless* but you do need to understand the strengths/weaknesses and keep on top of updating firmware etc.
Most security is down to not just the kit you use but the way you work and then being aware of the risks of using the internet, in general.
The kit will fail no matter how much it costs *IF* you 'let the baddies in' yourself !!!
Research and learn about the ways people are manipulated into 'opening the door' to malware, ransomware etc.
Understand how to protect your most valuable information from loss by having a working Backup process that you test regularly ensuring the restore process works. [Think about the chaos of a few weeks ago re: Crowdstrike where restoring systems was a large part of the problem.]
To answer your question:
Unless you have *real* proof that there is a problem with your TP-Link kit, it is as safe as any other domestic grade kit.
If you have reason to be worried then invest in professional grade kit with professional grade support etc, if you consider yourself to be a worthy target.
Either way trust nothing 100% and implement your security in depth to make yourself a 'high-cost' target.
The baddies will probably focus on someone else who is quicker/easier to beat !!!
Best of luck
This is because the CCP has a law mandating that they can order any company to do whatever they ask. [Because 'National Security' etc.]
The real question is whether the risk is real.
With so much stuff being made in China for a huge number of companies globally, this is a hard question to answer.
Is any product made in China any safer than another also made in China and can you prove it ???
Global companies can check devices made in different countries for obvious differences *but* this is unlikely as it is too easy to spot.
Flaws in software are very hard to catch and then you have to ask are they 'deliberate' or just yet more 'Buggy Software' ... Microsoft is quite capable of producing such 'Buggy Software', for example, are they planting cyber flaws or just making mistakes like many other software companies.
At the end of the day you are having to trust *everyone* regardless of whether they are China or the USA or Europe etc etc
>>> The main question for you personally is how much of a target are you ? <<<
Are you involved in something that *would* be of interest to a foreign power or company etc ?
What is considered *safe* kit in your industry ?
Who can you trust to provide the *safe* kit ?
Who can you trust to configure the kit to your needs ?
Are you able to source the kit from a supplier that makes the kit in a *safe* country ?
Has the kit gone through any certification that you can trust ?
Can you add some form of encryption to your workflow to protect the documents/output in its own right ?
Most of these answers lead to having to pay for your assurances by buying more expensive kit that is aimed at professional use.
Big name brands tend to give some assurances of the quality of their kit ? [Again this comes down to you having to trust someone !!!]
At the end of the day noone can give assurances that you will be 100% safe using certain kit *BUT* it is reasonable to expect that the large companies that serve professional use of their kit will have a large number of people focused on keeping their kit safe, because there is a large amount of money to made.
Cheaper domestic use kit tends to be more limited in functionality, quicker to reach EOL and generally considered to be more or less disposable.
This does not mean that domestic use kit is *bad* or *useless* but you do need to understand the strengths/weaknesses and keep on top of updating firmware etc.
Most security is down to not just the kit you use but the way you work and then being aware of the risks of using the internet, in general.
The kit will fail no matter how much it costs *IF* you 'let the baddies in' yourself !!!
Research and learn about the ways people are manipulated into 'opening the door' to malware, ransomware etc.
Understand how to protect your most valuable information from loss by having a working Backup process that you test regularly ensuring the restore process works. [Think about the chaos of a few weeks ago re: Crowdstrike where restoring systems was a large part of the problem.]
To answer your question:
Unless you have *real* proof that there is a problem with your TP-Link kit, it is as safe as any other domestic grade kit.
If you have reason to be worried then invest in professional grade kit with professional grade support etc, if you consider yourself to be a worthy target.
Either way trust nothing 100% and implement your security in depth to make yourself a 'high-cost' target.
The baddies will probably focus on someone else who is quicker/easier to beat !!!
Best of luck
jerry6
Very Senior Member
nothing to worry about yet I still use TP ink products
tiddlywink
Regular Contributor
I would never use them as a router. CCP controls the hardware and controls the software, so the risk is real. You can flash a lot of TPlink routers with third-party firmware to make them safe; however, you would also have to replace the CCP controlled uboot as well.
tiddlywink
Regular Contributor
"TP-Link Global Inc. (US) and TP-Link Corporation PTE. Ltd. (Singapore) now function as the dual global headquarters of TP-Link Corporation Group."
May 11th, 2024
www.tp-link.com
Meanwhile in 2024, Tplink is moving from their old Shenzhen headquarters into a brand new place in Shenzhen:
www.kpf.com
www.skyscrapercity.com
May 11th, 2024
TP-Link Corporation Group Announces Completion of Corporate Restructuring, Marking a New Era in its Future Evolution
TP-Link Corporation Group (TP-Link®), a global leader in high quality networking products, announces that it has completed a global restructuring marking a significant milestone in positioning TP-Link to advance key growth initiatives.
Meanwhile in 2024, Tplink is moving from their old Shenzhen headquarters into a brand new place in Shenzhen:
TP Link Headquarters
TP Link’s new headquarters in Shenzhen reimagines the traditional office environment to meet the needs of one of the world’s most influential technology companies. Promoting flexibility and activity, the building serves as an epicenter of the city’s growing global reputation for technology...
www.kpf.com
SHENZHEN | TP Link Headquarters | 136m | 30 fl | Com
Aren't quite a few of the router manufacturers Chinese and therefore if there is a political risk with TP Link, it would also apply to several other manufacturers ?
I'd also imagine my ISP supplied router is designed & made by some Chinese company.
The list of non-Chinese router makers seems quite short.
I wold think that as long as they're selling routers, there's an incentive not to harm regular customers. If a major war kicked off, the rate of hacking might increase somewhat.
I'd also imagine my ISP supplied router is designed & made by some Chinese company.
The list of non-Chinese router makers seems quite short.
I wold think that as long as they're selling routers, there's an incentive not to harm regular customers. If a major war kicked off, the rate of hacking might increase somewhat.
tiddlywink
Regular Contributor
No, there is a short list of vertically integrated Chinese consumer router manufacturers i.e. design, build, and control the software. TPlink, Huawei, and Xiaomi.
There is nothing wrong with these products so long as you replace the software including the uboot.
e.g.
openwrt.org
openwrt.org
openwrt.org
They operate under the CCP which tells them what to do and when.
There is nothing wrong with these products so long as you replace the software including the uboot.
e.g.
[OpenWrt Wiki] TP-Link
[OpenWrt Wiki] Xiaomi
[OpenWrt Wiki] Huawei
They operate under the CCP which tells them what to do and when.
Can I ask also about Cudy routers? I read this article and it is making me a bit aprehensive? I also worry about AOMEI backup software though unrelated to article. Cudy is mentioned by a user below. I am not necessarily saying I agree with the article but I am just curious as to what people here think https://cybernews.com/security/walm...n-china-contain-backdoors-to-control-devices/
tiddlywink
Regular Contributor
Do not buy nor use no-name Chinese routers unless you can replace the software and uboot.
If your model is supported, you should flash your device today or replace it.
openwrt.org
If your model is supported, you should flash your device today or replace it.
[OpenWrt Wiki] Cudy
Thanks.Do not buy nor use no-name Chinese routers unless you can replace the software and uboot.
If your model is supported, you should flash your device today or replace it.
[OpenWrt Wiki] Cudy
This is the model I have
https://openwrt.org/toh/hwdata/cudy/cudy_wr3000_v1 / technically my model is WR3000s but only difference is that it is white and has an 4 LAN ports instead of 3 that the base WR3000 has.
I have not even opened it. So technically I can still return it. But it is good specs for the price, but of course dont want to be penny wise/pound foolish
So I am happy to keep it and flash openwrt but what do you mean by uboot? How do I know if I can replace that ?
tiddlywink
Regular Contributor
I would return it just for "Flash MB: 16." It's cheap for a reason. If you bought this from amazon, the only reviews for it are from people who got the units for free. "Vine Customer Review of Free Product" Giant red flag.
If you can hold off, Asus is about to launch at least four cheap filogic based routers $50-$100.
Dynalink is an asus (Taiwan) subsidiary:
Can't vouch for the WRX36, but a lot of people like it after flashing openwrt. $59 USD only. No need to flash uboot.
Slightly difficult installation though:
openwrt.org
If you can hold off, Asus is about to launch at least four cheap filogic based routers $50-$100.
Dynalink is an asus (Taiwan) subsidiary:
Can't vouch for the WRX36, but a lot of people like it after flashing openwrt. $59 USD only. No need to flash uboot.
Slightly difficult installation though:
[OpenWrt Wiki] Dynalink DL-WRX36
One of the reasons I like Cudy is because they let you modify ttl without a script. Which I need to hide hotspot data.I would return it just for "Flash MB: 16." It's cheap for a reason. If you bought this from amazon, the only reviews for it are from people who got the units for free. "Vine Customer Review of Free Product" Giant red flag.
If you can hold off, Asus is about to launch at least four cheap filogic based routers $50-$100.
Dynalink is an asus (Taiwan) subsidiary:
Can't vouch for the WRX36, but a lot of people like it after flashing openwrt. $59 USD only. No need to flash uboot.
Slightly difficult installation though:
[OpenWrt Wiki] Dynalink DL-WRX36
Similar threads
Latest threads
-
-
-
Is RT-AX86U Pro meshed w/ RT-AX3000 (satellite) still a good option?- Started by SR-71
- Replies: 1
-
Best 600m2 3 floor mesh system for good coverage
- Started by Maanu1131
- Replies: 4
Support SNBForums w/ Amazon
If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!