U.S. agencies back banning top-selling home routers on security grounds

Submitted ⁨⁨5⁩ ⁨hours⁩ ago⁩ by ⁨silence7@slrpnk.net⁩ to ⁨technology@lemmy.world⁩

https://www.washingtonpost.com/technology/2025/10/30/tp-link-proposed-ban-commerce-department/?pwapi_token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJyZWFzb24iOiJnaWZ0IiwibmJmIjoxNzYxNzk2ODAwLCJpc3MiOiJzdWJzY3JpcHRpb25zIiwiZXhwIjoxNzYzMTgyNzk5LCJpYXQiOjE3NjE3OTY4MDAsImp0aSI6ImYyNjFiMjQ2LTljMjEtNGNhZC1hMWFjLTU1YTdmNGU1ODY5NiIsInVybCI6Imh0dHBzOi8vd3d3Lndhc2hpbmd0b25wb3N0LmNvbS90ZWNobm9sb2d5LzIwMjUvMTAvMzAvdHAtbGluay1wcm9wb3NlZC1iYW4tY29tbWVyY2UtZGVwYXJ0bWVudC8ifQ.yVmfgNagaRlMjOLm68wQa4SgkZbs41iFHkEswFwzYcE

The Commerce Department has proposed barring sales of TP-Link products, citing a national security risk from ties to China, people familiar with the matter said.

Access options:

source

Comments

Sort:hotnew top

tal@lemmy.today ⁨40⁩ ⁨minutes⁩ ago
I think that, TP-Link aside, consumer broadband routers in general have been a security problem.

They are, unlike most devices, directly Internet-connected. That means that they really do need to be maintained more stringently than a lot of devices, because everyone has some level of access to them.

People buying them are very value-conscious. Your typical consumer does not want to pay much for their broadband router. Businesses are going to be a lot more willing to put money into their firewall and/or pay for ongoing support. I think that you are going to have a hard time finding a market with consumers willing to pay for ongoing support for their consumer broadband router.

Partly because home users are very value-conscious, any such provider of router updates might try to make money by data-mining activity. If users are wary of this, they are going to be even more unlikely to want to accept updates.

Home users probably don’t have any sort of computer inventory management system, tracking support for and replacing devices that fall out of support.

People buying them often are not incredibly able to assess or aware of security implications.

They can trivially see all Internet traffic in-and-out. They don’t need to ARP-poison caches or anything to try to see what devices on the network are doing.

My impression is that there has been some movement from ISPs away from bring-your-own-device service, just because those ISPs don’t want to deal with compromised devices on their network.
source
chronicledmonocle@lemmy.world ⁨2⁩ ⁨hours⁩ ago
All WiFi routers should run OpenWRT or another open source solution. There is nothing in these black boxes that needs to be closed source. They’re WiFi and NAT FFS.

source
- Venator@lemmy.nz ⁨37⁩ ⁨minutes⁩ ago
  You could say that about almost anything with a computer in it…
  
  source
cardfire@sh.itjust.works ⁨5⁩ ⁨hours⁩ ago
Things are getting Hua-wei out of hand!

source
- FauxLiving@lemmy.world ⁨2⁩ ⁨hours⁩ ago
  I xi what you did there
  
  source
jubilationtcornpone@sh.itjust.works ⁨5⁩ ⁨hours⁩ ago
With TP-Link, I would say the bigger concern is that they are reeaaaalllyyy slow to patch vulnerabilities, if they do it at all.

source
masterofn001@lemmy.ca ⁨5⁩ ⁨hours⁩ ago
They want to take away your ovens!!!

source
darkevilmac@lemmy.zip ⁨3⁩ ⁨hours⁩ ago
Right after I upgrade my omada setup…

source