this post was submitted on 18 Dec 2024
161 points (97.6% liked)

Technology

59982 readers
4423 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

TP-link is reportedly being investigated over national security concerns linked to vulnerabilities in its very popular routers.

top 45 comments
sorted by: hot top controversial new old
[–] Amoxtli@thelemmy.club -1 points 25 minutes ago* (last edited 20 minutes ago)

Joe Biden has turned out to be the most fascist president in recent memory. He even supports fascism abroad. When a president supports a country that blocks a certain denomination of religion, bans a whole language, and bans political parties, using Nazee propaganda as a recruitment marketing, while having no democracy. What can you say? Then he supports ethnic cleansing to make Lebensraum for another ethnic group. What a sick man this chap is and completely incompetent. Now he is banning things made by Chinese people, if that isn't racist, I don't know what is. The only thing he is exceptional at is getting others killed. Good riddance. One thing for sure, there will be no justice.

[–] remer@lemmy.world 19 points 4 hours ago (1 children)

The US government is just upset because it’s harder to place back doors in non-US hardware. It’s a US national security concern to NOT have US back doors in devices.

[–] john89@lemmy.ca 8 points 4 hours ago* (last edited 4 hours ago) (1 children)

That's not all. The US government exists to look out for the interests of wealthy americans.

Every dollar spent on a different nation is a dollar that could've been spent on them, in their eyes.

American business owners know that China is competitive because they can provide better products at cheaper prices. Americans would need to invest in making their products better or lower prices to compete with China. Both result in lower profits for owners.

This is why we will never stop seeing FUD against products that offer us a better deal than those looking to exploit us further. It's more profitable to convince useful idiots to "buy american" than it is to actually sell them products worth buying at competitive prices.

[–] atthecoast@feddit.nl 1 points 1 hour ago

This comment is suspicious to me. It’s been companies like Apple that have pioneered using Chinese labor to increase their profits. Moving jobs to the USA won’t help make them any richer. It makes economic sense but not strategic sense

[–] darkevilmac@lemmy.zip 24 points 5 hours ago (2 children)

I'd personally hope they just force open sourcing their firmwares if they want to stay in the market. I really like my Omada stuff, ubiquiti is just a tough pill to swallow on price.

[–] tty5@lemmy.world 4 points 4 hours ago (1 children)

They (FCC) forced firmwares being signed so nobody can install their own on the off chance it unlocks TX power or frequencies not allowed by FCC.

[–] john89@lemmy.ca 8 points 4 hours ago

Can't say I've ever seen an example of signed firmware that didn't exist to further exploit the working class.

[–] avieshek@lemmy.world 1 points 5 hours ago (1 children)

I honestly like the GL.iNet approach in terms of software which is kinda like Android.

[–] pirat@lemmy.world 0 points 2 hours ago

I recently bought their Flint 2 (GL-MT6000) based on multiple recommendations online when looking for a router that supports OpenWRT. That's preinstalled, with AdGuard Home and WireGuard VPN on top of it. I'm looking forward to set it up and play around with it.

What do you exactly mean when you describe their approach in software as Android-like? That it's easy to install services in OpenWRT?

[–] NegativeLookBehind@lemmy.world 80 points 7 hours ago* (last edited 6 hours ago) (2 children)

We have this really great approach to security where we allow the adversary to infiltrate a huge portion of our infrastructure for years and at many different levels, and then we say "hm, maybe we shouldn't be allowing this?"

[–] BMTea@lemmy.world 23 points 7 hours ago (1 children)

Almost like it has less to do with security and more to do with securitization of economic competition.

[–] Dark_Arc@social.packetloss.gg 19 points 6 hours ago (1 children)

If you really think this is just about economic competition, you're very wrong.

The FBI didn't recommend using encrypted messaging apps because our infrastructure being compromised is no biggie.

These are computers manufactured by and in a foreign country that's expressed mutual hostility to the US. Computers follow instructions and manufacturers are in the best positioning to add custom instructions like "if you receive this instruction, brick yourself."

After the cyber attacks in the last decade people should realize crypto scammers aren't the only one's that have an interest in shutting down important infrastructure.

[–] eskimofry@lemmy.world 8 points 5 hours ago (2 children)

This comment of yours immediately evokes the idea of the right hand that doesn't know what the left hand is doing.

The right hand is the security theatre that the west is showing its citizens against foreign adversaries who hack their devices and introduce vulnerabilities.

Meanwhile the left hand has been doing mass layoffs and moving manufacturing off-shore ever since the 60s and 70s and trying to fuck over it's own labour forces to make exponential profits.

Whats funny here is that you guys are bitching about "foreign adversaries" while also handing over the blueprints of your entire infrastructure to said adversaries without giving them anything valuable in return for their cheap labour cost and weak laws.

What did you expect to happen?

[–] Dark_Arc@social.packetloss.gg 6 points 5 hours ago* (last edited 5 hours ago)

The right hand doesn't know what the left hand is doing; that's just it you're right.

There's no conspiracy where the left and right hand have carefully coordinated this system or conspiracy to protect companies from their legitimate competition. We're not saying this about Taiwan or European devices (even though many of them are better than the Chinese and American devices) and that's kind of "case and point" that it's about more than the economy.

Basically the politicians just screwed up and didn't think through their decisions and effects of trusting a foreign power to do all this manufacturing for important pieces of infrastructure that "think" ... and now there's a problem.

[–] avidamoeba@lemmy.ca 1 points 5 hours ago

Yes, this is what a capitalist, non-centrally-planned economy does. There are multiple hands and the hand of the capitalist class is often the strongest and it will do all the things you mentioned, while the gov't hand is trying to do damage control, but only able to the point where it hurts capitalists.

[–] LifeLemons@lemmy.ml -4 points 7 hours ago (1 children)

Well its just natural for coubtries to do this at this point when they dont like each other

In an off topic, I often prefer a open hardware router like raspberry pi router as it gives me control! For me it's safer to use as documentation is open like pfsense and openwrt.

[–] avieshek@lemmy.world 0 points 5 hours ago (1 children)

I don’t understand why doesn’t Raspberry Pi make a router when they’ve ideas like the 500 🤦🏻‍♂️

[–] avidamoeba@lemmy.ca 5 points 5 hours ago

There's already OpenWrt for Pi. All you need is to add a switch or a USB ethernet adapter.

[–] frankgrimeszz@lemmy.world 22 points 7 hours ago (1 children)

Running OpenWRT is generally a good idea. I’m not gonna lie and say it’s easy to setup. But it’s worth it.

[–] Dark_Arc@social.packetloss.gg 18 points 6 hours ago* (last edited 6 hours ago) (3 children)

It's a good idea, but there's going to be firmware at lower levels (roughly the BIOS) that could still be compromised. It's best to just not buy Chinese hardware designed and manufactured by a Chinese company with no western involvement when you can avoid it.

[–] frankgrimeszz@lemmy.world 1 points 3 hours ago* (last edited 3 hours ago)

I’m not sure, but with routers, I think OpenWRT installs/flashes at the firmware level. There could be hardware level vulnerabilities I suppose.

In the case of Lenovo laptops used in Iraq (2004), China had additional hardware chips snooping and sending data back via Ethernet cable.

[–] Reverendender@sh.itjust.works 3 points 4 hours ago (1 children)

This didn't even occur to me when I bought my new router recently. I just went with one of the best-reviewed models that had all the features and speed I needed.

[–] paraphrand@lemmy.world 1 points 4 hours ago (2 children)

Did you get a TP Link?

Last time I was in the market, they were a top pick.

Out of curiosity, what would happen with older models. Also other devices, like I don't have a TPlink router but I do have a TPlink Ethernet to power to Ethernet I bought when I lived in an appartment and didn't want to drill holes in the walls. (Wifi ran from center of house, but outed it to a 110 in the wall and hardwired to a PC into a RAP for work in bedroom at the time.

[–] Reverendender@sh.itjust.works 2 points 2 hours ago

Sure did. The Archer BE1100 Pro.

[–] avidamoeba@lemmy.ca 0 points 5 hours ago (1 children)

An even better way is to leave vulnerable pieces in all parts of the firmware / software stack. E.g. old version of SSH with a known vulnerability or two, old web server, etc. Then just exploit as needed.

[–] Dark_Arc@social.packetloss.gg 0 points 4 hours ago (2 children)

The examples you gave are all at the OS level and installing OpenWRT would fix them. The firmware/BIOS level is much more custom and can be susceptible to attacks the OS is completely unaware of (effectively pre-installed rootkits). Hence why I mentioned it may not be enough to install OpenWRT.

[–] Mondez@lemdro.id 1 points 1 hour ago

You are talking about the boot loader, but even that is pretty standard. There could be hardware exploits in place, sure, but we are mostly talking about a very low margin product and the volume of data that you'd need to retrieve and process to sift out anything useful would be massive and obvious so in general I think this is mostly conspiracy level thinking. Any shenanigans is going to be done in small targeted batches if it's done at all to try to infiltrate specific targets and reduce risk of some curious researcher or enthusiast accidentally stumbling across it and ruining it.

[–] avidamoeba@lemmy.ca 0 points 3 hours ago

Yes of course, you're right. The point I'm making is that wherever you're putting in backdoors, instead of backdoors, you can just leave unlatched vulnerabilities. Gives you solid plausible deniability.

[–] Erasmus@lemmy.world 16 points 7 hours ago (2 children)

Someone in the comment section posted a good question. Which specific routers that TP-Link makes are the issue?

Is it all routers that they make or is this just because they are selling inexpensive routers that have become a large part of the US market?

Does someone have an article that isn’t biased one way or the other that gives a list of effected routers ?

[–] Buelldozer@lemmy.today 2 points 1 hour ago

Which specific routers that TP-Link makes are the issue?

They are presumably talking about CovertNetwork-1658 and the reason there's no list of routers is because no one has publicly described the vulnerability that is being leveraged.

My guess is that the vulnerability is present on most of their routers. I'm basing that opinion on the fact that previous CVEs issues against TP-LINK have impacted their most popular product lines like Archer and Deco.

It's possible that this is related to CVE-2024-21833 which was open in January of 2024, update in July of 2024, then updated again in late November of 2024.

[–] technocrit@lemmy.dbzer0.com 2 points 6 hours ago* (last edited 6 hours ago) (1 children)

Does someone have an article that isn’t biased one way or the other

We're literally inside an imperial core.

that gives a list of effected routers ?

If there was a list of effected routers, TP-Link would most likely have patched them.

[–] avieshek@lemmy.world -2 points 5 hours ago

Most likely old routers still sold on Amazon instead of the latest WiFi 7 models on the website~

[–] ComradeMiao@lemmy.dbzer0.com 18 points 7 hours ago (2 children)

Wait until they hear where all electronics come from. Are they gonna ban Apple?

[–] KoalaUnknown@lemmy.world 11 points 6 hours ago (2 children)

Apple has been slowly shifting production to India for years now, and the software is made domestically.

[–] disguy_ovahea@lemmy.world 0 points 1 hour ago* (last edited 1 hour ago)

More importantly, the hardware is designed and inspected by Apple’s engineers. Security vulnerabilities would be Apple’s failure regardless of the origin of the parts.

[–] avieshek@lemmy.world 1 points 5 hours ago

I am from India actually, long way to go honestly.

[–] thesohoriots@lemmy.world -3 points 6 hours ago

If that happens and the factory layoffs come, those nets are gonna be full

[–] Tylerdurdon@lemmy.world 6 points 6 hours ago

So they're going to flush the TP?

[–] Dark_Arc@social.packetloss.gg 5 points 6 hours ago (2 children)

I feel sorry for D-Link, they're probably going to get caught in the crossfire via people thinking they're the same company.

[–] lemmyng@lemmy.ca 14 points 6 hours ago (1 children)

So you're saying that D-Link's reputation will increase as a result?

[–] Dark_Arc@social.packetloss.gg 0 points 5 hours ago

Oof, fair 😅

[–] funkajunk@lemm.ee 8 points 5 hours ago (1 children)
[–] avieshek@lemmy.world -1 points 5 hours ago

That’s also true, they’re like the Dell of home routers~

[–] Luci@lemmy.ca 1 points 7 hours ago

So many MSPs are gonna panic if tplink is banned