Hacker News new | ask | show | jobs
by alpb 3108 days ago
My most recent frustration with TP-LINK was they they DO NOT provide their firmware updates over HTTPS. They do not provide checksums for their firmware files either. (When I asked for these things, their support weren't helpful on Twitter.)

So you're expected to download some unsigned binary over an untrusted connection and trust that with all your traffic.

Definitely not buying TP-LINK next time. Good to know this there's a bandwidth problem like this!
7 comments
snuxoll 3108 days ago
TP-Link does a pretty good job on basic Layer 3 Lite switches and desktop wireless cards, but the junky software on their routers and repeaters is enough to make me not use them. Unfortunately they do the same thing worth firmware upgrades for their switches as well, no signatures, no hashes, no TLS.
link
flyinghamster 3108 days ago
Good to know. While I've liked their dumb switches, if they can't be bothered to secure their firmware downloads, there's no way I'm buying one of their "smart" products.
link
cleeus 3108 days ago
I consider that a feature ;)

TP-Link plastic routers have nice cheap hardware and they make it really easy for you to flash it with LEDE/OpenWRT.

link
mort96 3108 days ago
Well, it's not a feature. You can both provide official firmware over HTTPS (or provide checksums for them, or both), and let people flash custom firmware, at the same time.
link
cleeus 3108 days ago
Your are right, of course.

Maybe what I wanted to express was more like this: TP-Link has a sloppy attitude towards the security of their stock firmware. It might work, but it is full of security holes. HTTPS and checksums/signatures wouldn't change that.

Maybe they could do everything right with their firmware and provide top notch security and updates. But then their firmware would be a factor for market differentiation and at that point they would be incentivized to put effective code signing schemes in place. Other market players do that. Look at AVM Fritz Box products - nice hardware, security updates for many years and the result is: they are known GPL offenders and have strong code signing in place.

Instead TP-Link delivers you crap firmware on nice and cheap hardware and they don't care what you run on it.

link
ce4 3108 days ago
Just install https://lede-project.org firmware, the successor of OpenWRT.
link
tobbyb 3108 days ago
It's not so clear cut. You need to benchmark before and after.

Often acceleration modules on Broadcom, Qualcomm, Mediatek etc are proprietary and without acceleration in OpenWrt/Lede the router is going to be dog slow.

The wifi modules are also proprietary and need be well supported by Openwrt/Lede or you will see throughput drops.

Of late it's just best to use what's in the router and not bother. And we move to faster connections on consumer routers with slow main SOCs the proprietary accelerators will become even more important.

link
ce4 3108 days ago
You're right. I always consult LEDE's supported hardware wiki first before making a purchase decision. It's not user friendly at all and since EU's Radio Equipment Directive [1], things haven't become easier.

[1]: http://www.etsi.org/technologies-clusters/technologies/regul...

link
Tepix 3108 days ago
> Of late it's just best to use what's in the router and not bother.

Depends on what your priorities are - high performance or high security.

link
d2wa 3108 days ago
Did you see this one too? https://www.ctrl.blog/entry/tplink-firmware-outdated-downloa...
link
naasking 3108 days ago
Yikes. I've generally had good experiences with TP-LINK, so this is a bummer. But as others have noted, open source firmwares are available, so there's an upside.
link
problems 3108 days ago
What makes you think they're unsigned? Surely there's at least some basic checksumming if not cryptographic signatures inside of that blob? There's no reason to even bother with delivering it over https if you put a good signature on the blob itself.
link
DSMan195276 3108 days ago
I would assume it does not do those things, or else creating/flashing custom firmware like DD-WRT would presumably be impossible. They could be doing some verification in the firmware itself, but obviously that only saves you from bad downloads - anybody serving you up a malicious firmware can easily just serve one up without the verification checks inside.
link
problems 3108 days ago
This is not the case anymore.

https://github.com/xdarklight/mktplinkfw3/blob/master/README...

Their firmwares for newer devices do indeed include signature support. A malicious firmware on their server will fail the signature check and not be flashed. Signature checks occur only in the flasher, not in the bootloader, but that would require physical access to the device, at which point all bets are off anyways.

link
joering2 3108 days ago
Given most of your traffic goes via HTTPS pipes, that over-reacting a little, no?
link
jnbiche 3108 days ago
No. The point is, you could be downloading a corrupted copy of the firmware with exploits, for example. If your firmware has such exploits, what good is the fact that most of your traffic goes over https?
link
moreless 3108 days ago
Not to side with him, but I think what GP was trying to say is that exploit on router firmware doesn't necessarily mean that your computer will get owned too - which is true. However owning a router makes further attacks much easier. Also, owning a router is advantageous for attacker in itself.
link