TP-link is reportedly being investigated over national security concerns linked to vulnerabilities in its very popular routers.

  • Dark Arc@social.packetloss.gg
    link
    fedilink
    English
    arrow-up
    20
    arrow-down
    2
    ·
    edit-2
    5 hours ago

    It’s a good idea, but there’s going to be firmware at lower levels (roughly the BIOS) that could still be compromised. It’s best to just not buy Chinese hardware designed and manufactured by a Chinese company with no western involvement when you can avoid it.

    • frankgrimeszz@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      edit-2
      1 hour ago

      I’m not sure, but with routers, I think OpenWRT installs/flashes at the firmware level. There could be hardware level vulnerabilities I suppose.

      In the case of Lenovo laptops used in Iraq (2004), China had additional hardware chips snooping and sending data back via Ethernet cable.

    • DominusOfMegadeus@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      3
      ·
      3 hours ago

      This didn’t even occur to me when I bought my new router recently. I just went with one of the best-reviewed models that had all the features and speed I needed.

        • LifeInMultipleChoice@lemmy.world
          link
          fedilink
          English
          arrow-up
          1
          ·
          12 minutes ago

          Out of curiosity, what would happen with older models. Also other devices, like I don’t have a TPlink router but I do have a TPlink Ethernet to power to Ethernet I bought when I lived in an appartment and didn’t want to drill holes in the walls. (Wifi ran from center of house, but outed it to a 110 in the wall and hardwired to a PC into a RAP for work in bedroom at the time.

    • Avid Amoeba@lemmy.ca
      link
      fedilink
      English
      arrow-up
      1
      ·
      4 hours ago

      An even better way is to leave vulnerable pieces in all parts of the firmware / software stack. E.g. old version of SSH with a known vulnerability or two, old web server, etc. Then just exploit as needed.

      • Dark Arc@social.packetloss.gg
        link
        fedilink
        English
        arrow-up
        1
        ·
        3 hours ago

        The examples you gave are all at the OS level and installing OpenWRT would fix them. The firmware/BIOS level is much more custom and can be susceptible to attacks the OS is completely unaware of (effectively pre-installed rootkits). Hence why I mentioned it may not be enough to install OpenWRT.

        • Avid Amoeba@lemmy.ca
          link
          fedilink
          English
          arrow-up
          1
          ·
          2 hours ago

          Yes of course, you’re right. The point I’m making is that wherever you’re putting in backdoors, instead of backdoors, you can just leave unlatched vulnerabilities. Gives you solid plausible deniability.