The US is trying to do to TP-Link what they did to Huawei. Even though, as the article mentions, TP-Link devices have a US-based supply chain and are manufactured in Vietnam. This is literally just the US not allowing China to own any value-added consuming facing products in the US.
Americans need to be wary of the CIA and NSA, not the CPC. It's that simple.
It's incredible how much this flies over the heads of the average person I talk to about security shit.
All the stuff Snowden leaked about the US government owning everyone’s shit has been suppressed in favour of pro-US propaganda about China maybe doing the same thing, without any real publicly provided evidence.
yeah I'm guessing it's most of the anglosphere. five-eyes stay watchin.
Please don't tell me Xiaomi has this issue because I've got a mesh system from them
Oh it does. Diagnosis: Terminally Chinese, not under control of western intelligence for planting backdoors.
Xiaomi was one of nine companies designated as a CCMC on Jan. 14, 2021.
Xiaomi filed a lawsuit over its inclusion on Jan. 29, 2021, against DoD and its Secretary, the U.S. Department of the Treasury and its Secretary, and the U.S. president in the District Court (Xiaomi Corporation v. U.S. Department Of Defense et. al., Complaint; Civil Docket No. 21-cv-00280).
On March 12, 2021, Judge Contreras issued an order preliminarily enjoining the implementation and enforcement of the prohibitions against Xiaomi, which the U.S. government decided not to appeal.
Instead, the DoD indicated that it would settle the lawsuit and remove Xiaomi from the CCMC list.
I found a YouTube link in your comment. Here are links to the same video on alternative frontends that protect your privacy:
I'm not ready to buy into all of the hype, however, the scary thing about such a supply-chain hack is that it could potentially be deep in the firmware or even the hardware itself. I have a couple of TP-Link devices flashed with OpenWRT, but even that wouldn't necessarily be enough to stop a really dedicated bad actor. If TP-Link or some state actor working with them wanted to, they could certainly still have hidden hardware tweaks that would let them brick the device with a well-crafted packet or the like. Taking it over for some botnet or spying purpose would be harder but not out of the question. Bottom line, if you can't trust the hardware itself, you can't trust anything happening on the hardware either.
I think the problem here is that an entirely US based supply chain doesn't solve this problem, which is the justification being made for potentially banning these devices. We would require a massive overhaul of the electronics manufacturing process to eliminate all chance for these sorts of hypothetical backdoors.
Well, an entirely US supply-chain means that the US gets to potentially backdoor the devices, not China, and that sort of argument does well these days :)
And honestly the "telemetry" that most vendors already send back with our full knowledge is barely a step away from this anyway.
Bottom line, if you can't trust the hardware itself, you can't trust anything happening on the hardware either.
True, but where are you going to find trustworthy hardware? The US is at least as likely to backdoor hardware as China.
I've got a TP-Link router, and my main gripe is that it doesn't do NAT hairpinning, which limits the value of a VPN to my home network.
I'm not convinced either way. But do you know how much notoriety would come out of proving a massive malware campaign in a major, worldwide brand!? I have a hard time believing the talented, security-minded people checking these devices out have all missed something, every single time. It would take one proven example to tank the entire brand and then it's not even a viable malware distributor, much less profitable...
CNET has several TP-Link models on our lists of the best Wi-Fi routers and will monitor this story closely to see if we need to reevaluate those choices. While our evaluation of the hardware hasn't changed, we're pausing our recommendations of TP-Link routers until we learn more.
It's pretty lame for CNET to say "we've evaluated the hardware, it's good, but we won't recommend them while the US Government is investigating them." Obviously it'd be a different thing if they were all proven to be more insecure than other brands by cyber security experts...
yeah it's really more that they'e indicating to the government thst they'll toe the government line
