TP-Link is facing legal action from the state of Texas for allegedly misleading consumers with "Made in Vietnam" claims despite China-dominated manufacturing and supply chains, and for marketing its devices as secure despite reported firmware vulnerabilities exploited by Chinese state-sponsored actors.
The Lone Star State's Attorney General, Ken Paxton, is filing the lawsuit against California-based TP-Link Systems Inc., which was originally founded in China, accusing it of deceptively marketing its networking devices and alleging that its security practices and China-based affiliations allowed Chinese state-sponsored actors to access devices in the homes of American consumers.
Anyone who has ever ordered something from Amazon that looked like a good deal, only to discover that the photos weren't exactly depicting what you got - you know that the People's Republic of Chine (a.k.s. PRD, a.k.a. Red China a.k.a. West Taiwan) has a very different (dare we say "predatory") concept of truth in advertising than we do on these shores.
Me, I wouldn't buy one of these things on a dare. FYI, they are something like 60% of the market because they're cheap.
Can TP-Link bypass an upstream firewall?
ReplyDeletePossibly, but there should be signs. One method I can imagine is having a process on the firewall phone home periodically but otherwise be silent/paused. The session would show up in the upstream firewall log but would be swamped by all the other connections from the same (WAN IP) if the TP-Link firewall. You'd have to go in the upstream and ban all West Taiwan IP ranges to stop or even detect the problem.
DeleteRunning DD-WRT or Open-WRT firmware would remove the suspect code, assuming there wasn't anything lurking in an EEPROM somewhere.