News U.S. lawmakers request probe into Chinese router manufacturer TP-Link — letter cites cybersecurity vulnerabilities with TP-Link routers

[COLGeek]

Folks, stay on topic, please. No political banter. Thank you.

 

[t3t4]

Yep, ain't that always the way..... I just switched to TP link about a month ago and then woke up this morning to find this article kicking me dead square in the nuts! Ya me and my impeccable timing.

 

[Notton]

Yep, ain't that always the way..... I just switched to TP link about a month ago and then woke up this morning to find this article kicking me dead square in the nuts! Ya me and my impeccable timing.

install open WRT firmware on it, if you want peace of mind.

 

[t3t4]

install open WRT firmware on it, if you want peace of mind.

I just might do that once diagnostics are complete. I'm currently running a highly specialized diagnostic firmware to find the thing that keeps kicking me offline. Once found and fixed, then I can finally move on with other things like Open WRT.

 

[vanadiel007]

You can never achieve 100% test coverage, so it's no guarantee a device doesn't have backdoors or critical bugs. Not only that, but each firmware update should be tested on each hardware model, with the same rigor. That does seem like a tall order, given that 100% assurance can never be achieved.

In the age of cyber warfare, I don't see why IT suppliers shouldn't be subject to roughly the same policies as suppliers of conventional weapons systems.

If you can never achieve 100% test coverage, than you can never be sure and therefore it would not matter which manufacturer you would go with as the risk factors would be the same regardless of manufacturer.

 

[bit_user]

If you can never achieve 100% test coverage, than you can never be sure and therefore it would not matter which manufacturer you would go with as the risk factors would be the same regardless of manufacturer.

Uh, no. Just because you don't know about a risk doesn't mean it's not there. What you're advocating is basically a policy of: "ignorance is bliss". Millennia of military history has shown this to be a poor tactic. If intelligence were not a strategic asset, we would not need spies.

Getting back to specifics, people do penetration testing precisely because it needn't be perfect to still provide worthwhile benefits.

 

[TJ Hooker]

If you can never achieve 100% test coverage, than you can never be sure and therefore it would not matter which manufacturer you would go with as the risk factors would be the same regardless of manufacturer.

This is utterly incorrect reasoning. Saying 'neither probability is 100%' does not imply 'both probabilities are the same'.

Neither investing in the stock market nor buying lottery tickets are 100% guaranteed to make you money. Does that mean that they are equally risky, and therefore there is no reason to prefer one over the other? That putting all of one's retirement savings into lottery tickets is just as reasonable as investing it?

 

[logainofhades]

I have seen the TP link are cheap comments, and have to disagree. Mine was quite expensive when I bought it 3yrs ago, and it still isn't cheap.

https://www.amazon.com/dp/B07L56SN8M/ref=dp_iou_view_item?ie=UTF8&th=1

 

[bit_user]

I have seen the TP link are cheap comments, and have to disagree. Mine was quite expensive when I bought it 3yrs ago, and it still isn't cheap.

https://www.amazon.com/dp/B07L56SN8M/ref=dp_iou_view_item?ie=UTF8&th=1

A weird thing about router pricing seems to be the exponential price curve, as they incorporate newer standards and more features. Seems to have been the case for at least the better part of a decade.

For instance, Netgear's wifi 7 mesh router kit (3 nodes) has a list price of $2300!! Even just the satellite node costs $900!

Orbi 970 Series Quad-Band WiFi 7 Mesh System - 3 Pack - Black - RBE973SB - NETGEAR Exclusive

The future of WiFi has arrived. Unprecedented 360° coverage. 10 Gig speeds with pure WiFi 7 performance. Up to 27Gbps & 10,000 sq.ft. coverage. Meet the most powerful Orbi yet

www.netgear.com

Anyway, my point is that, depending what people mean by "expensive", the best way to determine this might be by comparing prices against a unit with comparable specs & features. When doing that, your router might turn out to be a better bargain than you thought it was.


P.S. not all of Netgear's wifi 7 routers are so pricey. I just grabbed one of these, on sale for $300:

RS300 - Nighthawk WiFi 7 Router - NETGEAR

The RS300 WiFi 7 Router provides up to 2,500 sq. ft. of coverage with up to 9.3Gbps WiFi speeds and max speeds for up to 200 connected devices. Buy now!

www.netgear.com

 

[vanadiel007]

This is utterly incorrect reasoning. Saying 'neither probability is 100%' does not imply 'both probabilities are the same'.

Neither investing in the stock market nor buying lottery tickets are 100% guaranteed to make you money. Does that mean that they are equally risky, and therefore there is no reason to prefer one over the other? That putting all of one's retirement savings into lottery tickets is just as reasonable as investing it?

You only need 1 issue to cause total havoc. Just ask CrowdStrike.
When it comes to security issues, the probability of exposure is the same regardless of how many security issues you have you have, as you only need 1 to become vulnerable.

 

[bit_user]

You only need 1 issue to cause total havoc. Just ask CrowdStrike.
When it comes to security issues, the probability of exposure is the same regardless of how many security issues you have you have, as you only need 1 to become vulnerable.

Not all security vulnerabilities are:

1. equally easy to exploit.
2. grant you the same level of access.

Quite often, it's necessary to stack multiple exploits, in order for a remote attacker to gain root access on a device or system. There's also a question of whether the exploits will be known and attempted by the typical attacker.

If two devices undergo the same level of penetration testing, a big difference in the result can tell you that one was poorly-engineered. It can also tell you whether the sorts of vulnerabilities most widely-known and likely to be attempted are present. It's not a worthless exercise.

Finally, if one is concerned about back doors, that's probably not something penetration testing will find. That doesn't mean you shouldn't worry about backdoors. Instead what it says is that you should take into account different considerations, such as supply chain.