@neurovagrant
Their products are vulnerability free, so clearly there's nothing to see here.

@wdormann @neurovagrant The silver lining is that many if not all of those routers can be flashed with dd-wrt or openwrt

@wdormann

Never. Challenge. Hackers.

@neurovagrant

@troed @neurovagrant

I'm not sure that hackers could stop laughing long enough to consider it a challenge.

Vulnerability-free software...
😂

@wdormann @neurovagrant FTR, some fine Talos advisories:

https://talosintelligence.com/vulnerability_reports/TALOS-2024-1947
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1861
https://talosintelligence.com/vulnerability_reports/TALOS-2023-1888

@wdormann @neurovagrant Adding the boilerplate to my next network assessment now: "Finding: Severity: Critical. Customer is not using tp-link routers everywhere. These are the only routers that are vulnerability free[1]. Failure to use them is a network design flaw. Recommend rip and replace of all core and branch routers with comparable tp-link offerings."

@reverseics @wdormann @neurovagrant https://x.com/neiltyson/status/551378648578916353

@r0k @wdormann @neurovagrant

TP-link has earned a reputation as a producer of insecure routers. They seem to push things out as soon as the code is functional without any security testing. Yeah, they're absolutely a security risk.

But there's some additional context required here. Pretty much all the other Small Office/Home Office (SOHO) routers do the exact same thing. People want cheap devices and there's no independent security testing reports that consumers can use to tell which ones are actually more secure. So they choose based on price and thus the companies focus on price instead of security.

Second, there's reason to question the threat to national security. These routers aren't secure, but they are also not used in big companies for anything important (if in use at all). Companies are well aware that home offices are not necessarially secure and they keep the data on their server where they have proper protections in place. Attackers getting into home networks is kinda expected and planned for.

Small businesses are at risk, as they generally don't have any cybersecurity. But again, this is not unique to TP-Link nor is a mom & pop shop getting hacked a matter of national security.

@d30ea98ea65e953f91ab93f6b30ea51eb33c506f87d49f600a139aef00aa9511 @neurovagrant

I mean, my home wifi is tp-link, I work from home, and while I never touched gov systems my co-workers certainly do/did. I've touched pleeenty of very high impact systems that while they aren't gov would have been very interesting targets...

@neurovagrant @d30ea98ea65e953f91ab93f6b30ea51eb33c506f87d49f600a139aef00aa9511

I will humbly submit that infosec isn't my niche so yeah, no idea.

Did anything ever happen with the supermicro secret spy chip thing from a few years back?

People like a concrete target.