this post was submitted on 18 Dec 2024
323 points (97.9% liked)

Technology

60112 readers
2202 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

TP-link is reportedly being investigated over national security concerns linked to vulnerabilities in its very popular routers.

top 50 comments
sorted by: hot top controversial new old
[–] sadTruth@lemmy.hogru.ch 2 points 5 days ago

When your router's chips are made in China, flashed in China with closed source firmware and the money you pay goes to Chinese companies, then it's backdoored.

When your router's chips are made in China, flashed in China with closed source firmware and the money you pay goes to American companies, it's bulletproof.

Just open your "secure" "American" router and look where they are made and flashed. I bet it's not USA.

[–] NegativeLookBehind@lemmy.world 119 points 1 week ago* (last edited 1 week ago) (10 children)

We have this really great approach to security where we allow the adversary to infiltrate a huge portion of our infrastructure for years and at many different levels, and then we say "hm, maybe we shouldn't be allowing this?"

[–] BMTea@lemmy.world 45 points 1 week ago (1 children)

Almost like it has less to do with security and more to do with securitization of economic competition.

[–] Dark_Arc@social.packetloss.gg 26 points 1 week ago (1 children)

If you really think this is just about economic competition, you're very wrong.

The FBI didn't recommend using encrypted messaging apps because our infrastructure being compromised is no biggie.

These are computers manufactured by and in a foreign country that's expressed mutual hostility to the US. Computers follow instructions and manufacturers are in the best positioning to add custom instructions like "if you receive this instruction, brick yourself."

After the cyber attacks in the last decade people should realize crypto scammers aren't the only one's that have an interest in shutting down important infrastructure.

[–] eskimofry@lemmy.world 15 points 1 week ago (2 children)

This comment of yours immediately evokes the idea of the right hand that doesn't know what the left hand is doing.

The right hand is the security theatre that the west is showing its citizens against foreign adversaries who hack their devices and introduce vulnerabilities.

Meanwhile the left hand has been doing mass layoffs and moving manufacturing off-shore ever since the 60s and 70s and trying to fuck over it's own labour forces to make exponential profits.

Whats funny here is that you guys are bitching about "foreign adversaries" while also handing over the blueprints of your entire infrastructure to said adversaries without giving them anything valuable in return for their cheap labour cost and weak laws.

What did you expect to happen?

[–] Dark_Arc@social.packetloss.gg 8 points 1 week ago* (last edited 1 week ago)

The right hand doesn't know what the left hand is doing; that's just it you're right.

There's no conspiracy where the left and right hand have carefully coordinated this system or conspiracy to protect companies from their legitimate competition. We're not saying this about Taiwan or European devices (even though many of them are better than the Chinese and American devices) and that's kind of "case and point" that it's about more than the economy.

Basically the politicians just screwed up and didn't think through their decisions and effects of trusting a foreign power to do all this manufacturing for important pieces of infrastructure that "think" ... and now there's a problem.

[–] avidamoeba@lemmy.ca 7 points 1 week ago

Yes, this is what a capitalist, non-centrally-planned economy does. There are multiple hands and the hand of the capitalist class is often the strongest and it will do all the things you mentioned, while the gov't hand is trying to do damage control, but only able to the point where it hurts capitalists.

[–] Blackmist@feddit.uk 4 points 1 week ago (1 children)

Does it matter now? The alternatives are either Chinese companies, made in China, or filled with Chinese parts.

I'll give China credit, they've stitched everyone else right up, and we slurped it down because we're a sucker for cheap shit.

load more comments (1 replies)
load more comments (8 replies)
[–] remer@lemmy.world 43 points 1 week ago (2 children)

The US government is just upset because it’s harder to place back doors in non-US hardware. It’s a US national security concern to NOT have US back doors in devices.

[–] john89@lemmy.ca 19 points 1 week ago* (last edited 1 week ago) (3 children)

That's not all. The US government exists to look out for the interests of wealthy americans.

Every dollar spent on a different nation is a dollar that could've been spent on them, in their eyes.

American business owners know that China is competitive because they can provide better products at cheaper prices. Americans would need to invest in making their products better or lower prices to compete with China. Both result in lower profits for owners.

This is why we will never stop seeing FUD against products that offer us a better deal than those looking to exploit us further. It's more profitable to convince useful idiots to "buy american" than it is to actually sell them products worth buying at competitive prices.

load more comments (3 replies)
load more comments (1 replies)
[–] frankgrimeszz@lemmy.world 37 points 1 week ago (1 children)

Running OpenWRT is generally a good idea. I’m not gonna lie and say it’s easy to setup. But it’s worth it.

[–] Dark_Arc@social.packetloss.gg 24 points 1 week ago* (last edited 1 week ago) (9 children)

It's a good idea, but there's going to be firmware at lower levels (roughly the BIOS) that could still be compromised. It's best to just not buy Chinese hardware designed and manufactured by a Chinese company with no western involvement when you can avoid it.

[–] Reverendender@sh.itjust.works 7 points 1 week ago (8 children)

This didn't even occur to me when I bought my new router recently. I just went with one of the best-reviewed models that had all the features and speed I needed.

load more comments (8 replies)
load more comments (8 replies)
[–] darkevilmac@lemmy.zip 35 points 1 week ago (4 children)

I'd personally hope they just force open sourcing their firmwares if they want to stay in the market. I really like my Omada stuff, ubiquiti is just a tough pill to swallow on price.

[–] tty5@lemmy.world 9 points 1 week ago (2 children)

They (FCC) forced firmwares being signed so nobody can install their own on the off chance it unlocks TX power or frequencies not allowed by FCC.

[–] john89@lemmy.ca 13 points 1 week ago (8 children)

Can't say I've ever seen an example of signed firmware that didn't exist to further exploit the working class.

load more comments (8 replies)
[–] AlexWIWA@lemmy.ml 5 points 1 week ago

They should undo this and just prosecute people who abuse the firmware

load more comments (3 replies)
[–] Gerudo@lemm.ee 28 points 1 week ago (17 children)

So who tf is left who makes good wireless routers? When I bought my tp-link it was top rated and recommended by everyone.

[–] CaptPretentious@lemmy.world 11 points 1 week ago (1 children)

Yeah, most of those sites end up recommending the same brands over and over, which causes people to buy them and talk about them. I don't want to say, a scam, but it feels... scummy.

They never talk about other brands like Ubiquiti. Which isn't a perfect brand either, but I've never seen it compared. Or even a low end Netgate. It's always TP-Link, Asus, Netgear, Linksys, or D-Link... the same brands that have existed for the last 20 years offering crap. But Ubiquiti, Hawking, Belkin, etc. you basically never see.

I just googled it. Top 3 sites were wired.com, pcmag.com, and reddit.com/r/HomeNetworking (with a top comment pointing to cnet.com and nytime.com). And if you guessed TP-Link was recommended no.1 on all of them, you'd be right. To me, with the absolute garbage reviews on all of them, and the stupidity small sample size, it feels like TP-Link just buys the reviews because customers will read the reviews and buy their garbage. There was a mattress company that did something very similar years ago. The deck is stacked against customers.

And especially scummy, is TP-Link offers some cheaply made, highly marked up garbage that underperforms. They also are notorious for not delivering consistent updates to their routers. Maybe one or two updates, and they certainly don't care if all the features don't work. Just looked up one I bought from them before I wised up, the Archer C5400. 2 updates on a $200 router, that came highly recommended. Checked the v2, and also just 2 updates. I doubt it'll ever see another.

On top of their terrible support and pathetic hardware... they also moved to a cloud SaaS config model. They want you to sign up for an account and use TP-Link Tether. Here's something written up 3 years ago on [reddit](https://www.reddit.com/r/hardware/comments/tbthjj/psa_newer_tplink_routers_send_all_your_web/}

My general suggestion for most people who want something that just works and is easy to use... the Ubiquiti Dream router isn't a bad option. It's not the best, but if you don't want to really get into how networking works, it's a good option.

[–] Gerudo@lemm.ee 7 points 1 week ago (1 children)

I'm a techie, but I'm past the point where I want to tinker and mess with my stuff for hours or days to get it up and running. I'm sure the enterprise grade options are better, but I just want some plug and play option that at least allows me access to the more detailed stuff if needed. This looks like a solid recommend.

load more comments (1 replies)
load more comments (16 replies)
[–] dutchkimble@lemy.lol 25 points 1 week ago (1 children)

law that prohibits attempts at monopolies

Why hasn't this law been used before for so many other things, like all cash burn tech startups such as Uber, etc? Genuine question not being sarcastic...

load more comments (1 replies)
[–] ComradeMiao@lemmy.dbzer0.com 23 points 1 week ago (2 children)

Wait until they hear where all electronics come from. Are they gonna ban Apple?

[–] KoalaUnknown@lemmy.world 14 points 1 week ago (3 children)

Apple has been slowly shifting production to India for years now, and the software is made domestically.

[–] disguy_ovahea@lemmy.world 4 points 1 week ago* (last edited 1 week ago)

More importantly, the hardware is designed and inspected by Apple’s engineers. Security vulnerabilities would be Apple’s failure regardless of the origin of the parts.

load more comments (2 replies)
load more comments (1 replies)
[–] Erasmus@lemmy.world 20 points 1 week ago (3 children)

Someone in the comment section posted a good question. Which specific routers that TP-Link makes are the issue?

Is it all routers that they make or is this just because they are selling inexpensive routers that have become a large part of the US market?

Does someone have an article that isn’t biased one way or the other that gives a list of effected routers ?

[–] Buelldozer@lemmy.today 6 points 1 week ago

Which specific routers that TP-Link makes are the issue?

They are presumably talking about CovertNetwork-1658 and the reason there's no list of routers is because no one has publicly described the vulnerability that is being leveraged.

My guess is that the vulnerability is present on most of their routers. I'm basing that opinion on the fact that previous CVEs issues against TP-LINK have impacted their most popular product lines like Archer and Deco.

It's possible that this is related to CVE-2024-21833 which was open in January of 2024, update in July of 2024, then updated again in late November of 2024.

[–] technocrit@lemmy.dbzer0.com 5 points 1 week ago* (last edited 1 week ago) (5 children)

Does someone have an article that isn’t biased one way or the other

We're literally inside an imperial core.

that gives a list of effected routers ?

If there was a list of effected routers, TP-Link would most likely have patched them.

load more comments (5 replies)
load more comments (1 replies)
[–] cupcakezealot@lemmy.blahaj.zone 17 points 1 week ago (1 children)

maybe the us should try actually investing in their own infrastructure instead of just relying on rabid xenophobia and sinophobia

load more comments (1 replies)
[–] AlexWIWA@lemmy.ml 7 points 1 week ago

Damn, maybe we should have some kind of privacy law that could have prevented this behavior from ever being allowed in the first place.

[–] Tylerdurdon@lemmy.world 7 points 1 week ago

So they're going to flush the TP?

[–] Dark_Arc@social.packetloss.gg 5 points 1 week ago (5 children)

I feel sorry for D-Link, they're probably going to get caught in the crossfire via people thinking they're the same company.

[–] lemmyng@lemmy.ca 19 points 1 week ago (1 children)

So you're saying that D-Link's reputation will increase as a result?

load more comments (1 replies)
[–] funkajunk@lemm.ee 14 points 1 week ago (2 children)
load more comments (2 replies)
load more comments (3 replies)
[–] gnygnygny@lemm.ee 5 points 1 week ago

Why so late ? Of course this should have been zone before. It's a question of sécurité.

load more comments
view more: next ›