TP-Link Said to be Sharing all Router Traffic with Third Party

[TheLostSwede]

These days, routers are quite complex devices that are doing much more than just routing data and are often the main security device on a home network. As such, we've seen a surge in third party services such as Asus' AIProtection that runs software from Trend Micro and Netgear Armor in cooperation with Bitdefender. Chinese TP-Link is likewise offering similar services, some in partnership with Trend Micro and some with Avira. It now appears that TP-Link's HomeCare service—that the company is offering in partnership with Avira—is sending data to Avira even when disabled in the UI, based on a thread over at Reddit.

The standard Avira features are meant to offer protection against malicious content, network intrusions and even against infected devices on the network that are said to be quarantined from other devices on the network. It also incorporates some basic parental control features, such as automatic content filtering and time controls. However, in this case, the issue isn't the functionality itself, but the fact that there apparently is no way to turn off the HomeCare feature, since even when seemingly disabled in the UI of the affected routers, it sends data to Avira. It seems to be a fairly large amount of data being sent as well, with the initial poster claiming over 80,000 requests in a 24 hour period. According to a review of a TP-Link product over on XDA-Developers from May last year, TP-Link said that they were working on a firmware update that would allow the Avira service to be turned off permanently.




However, it seems like no such option has materialized in close to a year since that comment from TP-Link and although it seems the data that is being sent is intended for Avira to use to improve their services, it also seems to go against the European GDPR rules to send user data to a third party, especially without the users consent. Back to Reddit, the poster contacted TP-Link, who claimed that the data sent was to check if the owner of the router had an active service with Avira or not, but this sounds rather preposterous considering that it wouldn't require 80,000 requests per day. To put it in a different context, that's close to once a second.

Multiple people on Reddit have chimed in saying that they're seeing exactly the same thing. Trying to block the requests isn't an option either, as this causes the routers in question to get stuck in a retry loop, which in turn leads to CPU usage spikes and causes issues with the general usage of the routers in question. Other users tried signing up for the trial of the paid-for service, but didn't see any changes in behavior, regardless if the service was enabled or disabled. The only slightly positive note on all of this is that Avira is a German company and could potentially be forced to amend how its service works based on the European GDPR regulation. However, it would still be up to TP-Link to issue a firmware release to the 13 or so routers that run the Avira service. Most of the routers are recent 802.11ax/WiFi 6 models and about half are part of TP-Link's Deco series of mesh systems.

View at TechPowerUp Main Site | Source

 

[zlobby]

Yeah, and I'm the crazy one buying expensive gear from reputable vendors...

 

[TheLostSwede]

Yeah, and I'm the crazy one buying expensive gear from reputable vendors...

In fairness to TP-Link, their hardware isn't all that different from their competitors.
However, I would never, as I've said before here, use one of their devices with the default software on it, as a router facing the internet.
I put OpenWRT on both of my TP-Link devices and both of them are working better with OpenWRT than they did with the TP-Link firmware.

 

[Assimilator]

It now appears that TP-Link's HomeCare service that the company is offering in partnership with Avira, is sending data to Avira, if when disabled, based on a thread over at Reddit.

@TheLostSwede this sentence makes no grammatical sense.

 

[VSG]

@TheLostSwede this sentence makes no grammatical sense.

Edited that sentence for better reading.

 

[ExcuseMeWtf]

I remember the time when Avira was actually good and go to antivirus package. It was is Win9x days though...

 

[TheUn4seen]

Last time I remember Avira being good was before the year 2006, when it didn't exist as a mainstream product.
They are now owned by Norton, after being sold to a shady investment company. What do you expect? If you buy consumer trash you're the product, the device is only there to extract value from you.

 

[TheLostSwede]

@TheLostSwede this sentence makes no grammatical sense.

Even when... My bad.

 

[Xuper]

I have TP-link W8960N .does it affect ?

 

[zlobby]

I have TP-link W8960N .does it affect ?

Put OpenWRT on it, or better ditch it.

 

[TheLostSwede]

I have TP-link W8960N .does it affect ?

It shouldn't have any kind of software like this on it, as it's an antique by now

Put OpenWRT on it, or better ditch it.

I doubt that would work, as it's got an ADSL2+ modem built in.

 

[thegnome]

Well pretty sketchy, good thing TP-Link is only good for the cheaper end of the router market. Would probably go for Asus or Netgear once some new standards roll out.

 

[FreedomEclipse]

Yeah, and I'm the crazy one buying expensive gear from reputable vendors...

Do you really think Netgear, Linksys, Asus etc etc dont have backdoors to your router or collect your data anonymously and share with 3rd parties? Of course they do.

 

[Assimilator]

Do you really think Netgear, Linksys, Asus etc etc dont have backdoors to your router or collect your data anonymously and share with 3rd parties? Of course they do.

No, they don't. If they did, people would've noticed it and called them out for it.

 

[zlobby]

No, they don't. If they did, people would've noticed it and called them out for it.

Yet even a quick search through most vulnerability databases reveal a shocking amount of flaws in their software. While it's all mostly patched by now, it trully shows how much these vendors 'care' about the security of their products. They do care about the brand image all right, but not real security per se.

It shouldn't have any kind of software like this on it, as it's an antique by now


I doubt that would work, as it's got an ADSL2+ modem built in.

Come on, you know by now that I'm a sucker for networking gear (and any gear for that matter), and I just get an urge to hate bad security practices/zero security by design.

 

[Assimilator]

Yet even a quick search through most vulnerability databases reveal a shocking amount of flaws in their software.

That's nowhere near the same thing as the firmware being deliberately written to report users' browsing habits. Don't spread FUD by incorrectly conflating the two.

 

[bonehead123]

In fairness to TP-Link, their hardware isn't all that different from their competitors.
However, I would never, as I've said before here, use one of their devices with the default software on it, as a router facing the internet.
I put OpenWRT on both of my TP-Link devices and both of them are working better with OpenWRT than they did with the TP-Link firmware

In all fairness to them, many many years ago, I have found toilet paper's products, both hard & soft, to be just that, butt-wiper grade stuff....and have not touched them since and won't now either....

Almost every router vendor has had some issues here & there, both hardware, firmware, and software-wise, however, their attention to fixing them has been relatively good overall.

Over the past 8-10 years or so, I have found Netgear's (consumer) stuff to be somewhat better in this regard.

The fact the open-source firmware works better on tp's crap is both a testament to the OSS community, and big, black, bloody eye for tp IMHO

 

[Max(IT)]

Trust in a Chinese company… sure

 

[Auxityne]

Well, they must have forgotten my particular model (Archer AX4400) because my DNS gateway shows no traffic to Avira. At all. Of any kind.

And pre-emptively blocking that domain results in no performance issues.

 

[zlobby]

That's nowhere near the same thing as the firmware being deliberately written to report users' browsing habits. Don't spread FUD by incorrectly conflating the two.

Eh, sometimes developers just forget some administrative access. Who can blame them?

 

[Verpal]

Well, they must have forgotten my particular model (Archer AX4400) because my DNS gateway shows no traffic to Avira. At all. Of any kind.

And pre-emptively blocking that domain results in no performance issues.

Only those ''High end'' router with home care service shoved in have the privilege of being deemed important enough for telemetry.

 

[lexluthermiester]

I remember the time when Avira was actually good and go to antivirus package. It was is Win9x days though...

It still is. One of the best. While I disagree with and find unacceptable TP-Link sharing peoples data, at least Avira is a reasonably trustworthy company. They could have been sharing with Symantec or some other pathetically awful company.

Forget they had been bought by NLL..

 

[Dr. Dro]

I have an Archer AX50, apparently it has the Trend Micro version of the HomeCare software. It is disabled, but it would be highly appreciated of TP-Link to come clean and issue FW updates to all affected devices. Their hardware is affordable and has been relatively reliable to me, so it would be a shame to lose them to shenanigans like this.

 

[Voluman]

Well, Avira has bought by AVG if i remember correctly (or vicaversa). AVG had in the TOS, that they share data with 3rd party, i think Avira had it too. So it's not a big surprise for me if that is true in some way.

 

[Steevo]

The only thing I trust TP Link for is Ethernet over power adapters, they are invisible and everything sent on the network has to go through a router that reports it.