this post was submitted on 30 Oct 2025
65 points (98.5% liked)

Technology

76500 readers
5159 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
65
U.S. agencies back banning top-selling home routers on security grounds (www.washingtonpost.com)
submitted 1 day ago by silence7@slrpnk.net to c/technology@lemmy.world
16 comments fedilink hide all child comments
 

The Commerce Department has proposed barring sales of TP-Link products, citing a national security risk from ties to China, people familiar with the matter said.

Access options:

you are viewing a single comment's thread
view the rest of the comments
[–] tal@lemmy.today 9 points 1 day ago (5 children)

I think that, TP-Link aside, consumer broadband routers in general have been a security problem.

  • They are, unlike most devices, directly Internet-connected. That means that they really do need to be maintained more stringently than a lot of devices, because everyone has some level of access to them.

  • People buying them are very value-conscious. Your typical consumer does not want to pay much for their broadband router. Businesses are going to be a lot more willing to put money into their firewall and/or pay for ongoing support. I think that you are going to have a hard time finding a market with consumers willing to pay for ongoing support for their consumer broadband router.

  • Partly because home users are very value-conscious, any such provider of router updates might try to make money by data-mining activity. If users are wary of this, they are going to be even more unlikely to want to accept updates.

  • Home users probably don't have any sort of computer inventory management system, tracking support for and replacing devices that fall out of support.

  • People buying them often are not incredibly able to assess or aware of security implications.

  • They can trivially see all Internet traffic in-and-out. They don't need to ARP-poison caches or anything to try to see what devices on the network are doing.

My impression is that there has been some movement from ISPs away from bring-your-own-device service, just because those ISPs don't want to deal with compromised devices on their network.

[–] jubilationtcornpone@sh.itjust.works 3 points 19 hours ago (1 children)

A long time ago, for whatever reason, I decided to do a port scan on my entire WAN subnet. That's how I discovered that a certain brand of DSL modem (I don't recall which) made the admin portal accessible from the WAN. And of course the credentials were admin/admin.

I think most hardware providers do better now but it was just mind boggling to me that it even happened in the first place.

[–] tal@lemmy.today 2 points 19 hours ago* (last edited 19 hours ago)

Honestly, even limiting it to, say, the WiFi network, having a default admin login is not great.

Like, Android isolates apps from the rest of your Android system, but not from touching the rest of the network. If any random app I install on my phone can reflash my WAP's firmware or something like that, that's not great.

load more comments (3 replies)