We just bought a Deco mesh system a few months ago, when the Orbi died. I wonder if it’s compromised?
15 thoughts on “TP-Link”
Comments are closed.
We just bought a Deco mesh system a few months ago, when the Orbi died. I wonder if it’s compromised?
Comments are closed.
TP-Link makes a lot of great products. Are Americans capable of making what TP-Link does at a price people can still afford?
Buying items that are both internet-connected and have chipsets from China is never a good idea. Yes, plenty of non-Chinese products have massive security flaws by design, but Chinese products are the worst of the lot.
I’m currently trying to buy a laptop, and am running into this issue. Worse, it’s very hard in some cases to find out where something is actually made, especially when it comes to finding out where the chipsets come from (It might be assembled in, say, Ireland, but using Chinese chipsets).
I’m fine with stuff from Taiwan, but not China. (I also can’t stand anything that spies on my systems, no matter by whom, and that, alas, includes modern Windows systems).
I would assume it’s totally compromised. What better way for an entity KNOWN for hacking the US to continue to do so?
Rand, I haven’t been following this too closely, but I believe part of the vulnerability lies with HomeShield (IIRC that’s what it’s called.) If you don’t use that, you’re less at-risk.
If it’s possible to replace the firmware with OpenWRT (DD-WRT’s successor) I think that eliminates the vulnerability.
Excellent point Rick. Years ago I reflashed a Linksys-WRTG54 router with DD-WRT to give it transparent wireless repeater capability to order to connect a wired only desktop to a wifi cable router in a different room of a house. It worked perfectly. Something the native Linksys firmware did not support. And saved us from drilling holes and running cable.
IIRC we used it to also connect an ethernet wire only printer as well that was in the same room. Instead of their old USB wireless NIC on the desktop which was a true abomination.
I still have a couple of those lying around and a Netgear print server boxlet. I finally put awy my old CrystalView travel router in favor of the Starlink one.
I have used the Deco Mesh system for years. This is the first I’ve heard of the issue. I hope Rick C is right, because I have never used HomeShield. I am skeptical of most cyber protection programs, because they all seem a compromise of who they’ll let in versus letting you control who stays out.
In my quest to gain control over my Starlink (no web app, no server app, just Android and iOS apps!), and given I have no use for a Smart Phone I bought a Juedur R500 tablet running Android 14 for a hundred bucks. It works fine, but the invasion of privacy involved in setting it up was appalling. Creating a web interface would be a day or two’s work for a reasonably competent programmer, “We’ve deprecated that,” says Starlink customer support. I was a bit surprised.
Why is it necessary to create a Google account to use my Nest thermostat?
Nor can I talk to it with my Smartphone app, being hand held not two feet away with my wifi working perfectly but with my ISP (Comcast) down. Now it still operates as a thermostat w/o internet and responds to its “dial”. But I wonder for how long after some unseen firmware “upgrade” I have no control of? Fortunately my furnace install manual tells me what two wires to short.
Why? Because Google bought Nest several years ago.
William, ESP32 microcontrollers make decent platforms for something like this; most models have built-in wifi.
Yeah, seen an article in The Reg on a DIY WiFi garage door opener. All to get around the mfg.’s MyQ tomfoolery. Guess I’m just too lazy for my own good. I can always reset the thing to not use wifi.
I suspect if I looked I could find a WiFi thermostat that doesn’t rat me out to Google. If they screw with it behind my back so I can’t run my furnace my way it will come off that wall faster than you can say 404 Error…
Don’t forget what else “smart” thermostats can do; take orders from your power and gas company to disable your heating and cooling during demand peaks – or any other time they feel like it.
As an added fringe benefit, they can also be bricked at any time.
I’ve gotta ask (and I’m not trying to be snarky), what are the advantages of “smart” (internet-connected) thermostats that make them worth the risks?
I had a thermostat fail a few months back, so I replaced it with a Heagstat brand thermostat (more common in commercial buildings, but I like ’em) that’s been really great, and is totally not connected to the internet in any way (doesn’t have the capability to do WiFi). It was also around half the price of the “smart” types.
And BTW, to anyone with ANY kind of thermostat in their house, my suggestion is to keep an old working one as a backup. I put a very old mercury-switch dial type in as a temporary while looking for a replacement to buy, and it worked just fine (Much handier to have an old one that works than having to manually jump wires.)