This underscores the principle that IoT devices should not be allowed to communicate over the public Internet. Pretty much all cheap, Chinese-made hardware of this kind has intentional or unintentional security holes waiting to be exploited.
jwrallie 19 hours ago [-]
Better to buy devices that can work without internet and just blacklist them at the router level. Price or origin is not a good metric to ensure no leaks.
WarOnPrivacy 20 hours ago [-]
> Pretty much all cheap, Chinese-made hardware of this kind has intentional or unintentional security holes waiting to be exploited.
Why single out bad Chinese coding? Bad US IoT coding has a longer history.
forestry 20 hours ago [-]
There’s bad, and then there’s egregious.
maccard 14 hours ago [-]
Plenty of US companies have egregious vulnerabilities
izacus 6 hours ago [-]
Like iRobot recording people on the toilet and uploading the videos?
Yeah, I agree - at least Chinese Roborock gives very granular controls for privacy.
close04 11 hours ago [-]
There’s egregious and there’s malicious.
7 hours ago [-]
Filligree 11 hours ago [-]
Yeah, we’ve seen that as well.
copperx 20 hours ago [-]
All of there IoT devices will be slop coded soon, and I wonder whether that will be an improvement or not. I bet that security will be better.
shakna 17 hours ago [-]
> I bet that security will be better.
Not doxing myself, but... Company with a known name vibecoded a dashboard with Claude. Which also hardcoded a password into the client-side of the dashboard, which I caught.
I reckon security will be about the same.
fakwandi_priv 13 hours ago [-]
When I'm reading reviews of plans created by an agent especially on security boundaries it's suggesting huge matrixes to test even the very obscure situations, but then I'm also reading things like this and I just don't understand. Are we even using the same tools?
shakna 12 hours ago [-]
Management think models mean juniors can do senior work. Juniors don't know the footguns. Juniors can't read the code that the system outputs. Models get overwhelmed in any decent sized codebase.
Why would you be surprised there are failures?
budsniffer952 9 hours ago [-]
Hate to break it to you, but your pre-AI code was no better, despite how much you try to convince us otherwise.
shakna 7 hours ago [-]
Prod bugs up 260% since AI approval? Yeah, I'm gonna disagree.
BAs using AI make worse designs, management makes seniors redundant making code worse, and then QA is also laid off to make room for agentic testing. The results are not a surprise in anyway.
jknoepfler 1 hours ago [-]
Refusal to consider evidence to the contrary is certainly symptomatic of something, and it isn't a well-reasoned argument. "Us" sounds like the corporate leadership I work with that have actively pushed teams to incur mountains to tech debt. I was walking over org metrics this week and sure enough, there's a rising tide of unplanned work for bugs, performance problems, and security snafus introduced during an aggressive push into GenAI with pressure to "just make agents do it."
All of which was, of course, predicted by management, reported upwards, and ignored.
franga2000 12 hours ago [-]
A large part is also how much you read back what the model writes. The good models generally write quite secure code, but they also often implement temporary solutions that they tell you to fix later.
For example, if secret storage methods aren't specified in the prompts, a model might decide to be clever and implement a generic secret access interface, with a default implementation that hardcodes everything. It will probably tell you that this is not production ready and you should write or specify your preferred secret storage implementation, but if you don't read or understand that, you'll just leave it as is and push to prod.
titularcomment 13 hours ago [-]
1. It depends on model and tokens spent 2. Models talk the talk but not always walk the walk
orbital-decay 12 hours ago [-]
Tools are already preventing IoT companies from doing a ton of things they do, by default. It's a problem of the process, churn, and culture, not tools. I don't have any doubts that if given a coding agent that cares more than they do they'd still force it to hardcode a password or something because they feel like it's more convenient. Nobody cares there.
Namidairo 15 hours ago [-]
> All of there IoT devices will be slop coded soon
Soon?
I've already seen multiple of TP-Link's firmware engineers leave their LLM history public and indexed by search engines.
It's quite obviously them as well.
inigyou 10 hours ago [-]
How did you find that?
codedokode 1 hours ago [-]
I think no country can be trusted and therefore all IoT device communication (telemetry/updates) should go through government-controlled local servers in an unecrypted form. This way local government can enforce its policy over foreign manufacturers and has a "kill switch" if they misbehave.
Also, all communication and telemetry should be opt-in and turned off by default.
Government-controlled server would prevent foreign countries from collecting intelligence and pushing malicious updates.
OptionOfT 6 hours ago [-]
Which is very hard, because most of these devices don't work locally. They communicate via the cloud to your app.
In most cases companies don't want to give you Matter or HomeKit, because it means they cannot sell you more through their app.
Wyze has ads everytime you open it. So does Honeywell. Hell, even the internet-loved Ecobee has a banner that shifts everything down most of the time that you open the app. And for that last one, you _have_ to use their app to control the fan, as they don't expose separate fan controls over HomeKit...
drnick1 5 hours ago [-]
> Which is very hard, because most of these devices don't work locally.
Then don't buy those devices. All of my home devices are either Zigbee (local-only) or were bought specifically because they can be reflashed with open firmware to liberate them from the cloud.
> Hell, even the internet-loved Ecobee has a banner that shifts everything down most of the time that you open the app.
I don't want such apps. The only app I need is Home Assistant, and installing proprietary software on my phone (running GrapheneOS) is out of the question.
AnonymousPlanet 1 hours ago [-]
This is why I like Zigbee and am very uncertain about Matter that basically allows (or maybe one day requires) internet access.
qurren 19 hours ago [-]
> Chinese-made hardware
Honestly, I'd rather it leak my GPS to the Chinese government than the US government. They don't have jurisdiction over me anyway.
> should not be allowed to communicate over the public Internet
It would be a no-go for non-techies. One of the biggest draws to IoT devices for "average Joes" is being able to view and control them from remotely, and they aren't going to have the skills or know-how to set up a VPN correctly with dynamic DNS so that their phone can VPN into their home and then sideload/jailbreak their phone to load a custom app to control it. "It just works from anywhere" is a big sell for them.
afavour 19 hours ago [-]
> It would be a no-go for non-techies.
There are better solutions, like Apple’s HomeKit. I’m able to watch a camera that has no internet access because it passed through my Apple TV, which serves as a home hub. I didn’t have to set any of this up, it just works when you have the required hardware.
Rohansi 19 hours ago [-]
> I’m able to watch a camera that has no internet access because it passed through my Apple TV, which serves as a home hub.
How exactly does this prevent the same kind of issue for Apple devices? Aren't you just trusting that Apple handles your data better than TP-Link? Not saying they don't but routing through another device doesn't really add security on its own.
afavour 10 hours ago [-]
> Aren't you just trusting that Apple handles your data better than TP-Link?
I am, yes. Ultimately you’re going to need to trust some hardware, somewhere. No matter what you’re doing you have to trust that your home router doesn’t have an externally accessible SSH port with no password set.
Personally I trust Apple more than I trust TP Link with this stuff.
Rohansi 7 hours ago [-]
> Personally I trust Apple more than I trust TP Link with this stuff.
What if a TP-Link camera supported HomeKit Secure Video? You access the camera through Apple but all of these cameras are still directly connected to the internet, meaning you still need to trust the camera manufacturer.
drnick1 8 hours ago [-]
> No matter what you’re doing you have to trust that your home router doesn’t have an externally accessible SSH port with no password set.
No, you don't have to trust. I build my own routers precisely because I don't.
pessimizer 6 hours ago [-]
Pretty sure that just means that we trust Linux/Openwrt and the chip vendors.
drnick1 2 hours ago [-]
Linux and OpenWrt have an incredibly good security record compared to what ships on typical consumer devices.
astafrig 12 hours ago [-]
Doesn’t it? I do trust the manufacturer of the thing that I keep within arms reach from the moment I get it, and which knows more about me than I do, to have better security than whatever the hell a TUYA is that controls the lights.
qurren 19 hours ago [-]
HomeKit will take care of the VPN/remote access part, sure, but your devices still need to communicate with the HomeKit device, and that's usually over Wi-Fi, which puts the devices on the public internet, and carries the same security risk.
There are various non-internet protocols for IoT devices, none of them good:
* Zigbee: Requires some technical understanding to set up, devices randomly disconnect for hours even when they are 2ft from the coordinator, all-around horrible experience for non-techies
* Non-standard Zigbee variants: even worse
* Matter-over-Thread: horrendously designed from a UX perspective. Easy-to-lose barcodes stuck on cards in the packaging, weird 12-letter codes, and your non-techie cannot understand what the hell Matter or Thread is. Pairing is an absolute nightmare.
Marsymars 7 hours ago [-]
I dunno, through HomeKit, I've got a couple Zigbee networks (Hue and Ikea), a Z-Wave network (Home Assistant) and a Matter-over-Thread (Apple/Ikea) network, and they all seem pretty good?
yjftsjthsd-h 17 hours ago [-]
> devices randomly disconnect for hours even when they are 2ft from the coordinator
I don't think that's normal. Like, to the point where I'm wondering if you have a bad opinion of the whole protocol because you got a faulty device.
drnick1 8 hours ago [-]
Yes this. My experience with Zigbee is that it just works, but the setup and specific hardware probably matters. I use a SONOFF USB dongle through Zigbee2MQTT and Home Assistant.
holgerschurig 17 hours ago [-]
> Zigbee
Requires no technical understanding. At least not more than e.g. a WIFI router.
> devices randomly disconnect for hours even when they are 2ft from the coordinator,
You present this like a fact. But it is at most an anecdote. I present you a different anecdote: I have ~30 zigbee devices, in two different houses (first a house with concrete floors and cellar and level 1..3) and now one old woodwork structure house with 2 floors. Nowhere did I had even half an hour of disconnection.
> all around-horrible
... excellent experience even for my ex-spouse, which is/was non-techie.
However, that you present Zigbee here at all is weird. Zigbee doesn't have any way to transport a camera stream. It's mean for low-powered battery devices. My temperature sensors got a 1500mAh AAA chargeable batteries and they lasts now for over one year. Note that I have sensors from ~ 15 different brands. Mostly battery powered sensors and mains power switchable plugs.
I also enjoy that these Zigbee devices are by design completely disconnected from any IP traffic. This, and their (intentional) low data rate make them almost impossible to misuse. E.g. as denial-of-service originators or amplifiers.
It's like you present WIFI as long-range thingy but actually you'd want LORA for that. I'm not assuming that knowing for what kind of usage a tech was designed as "needing technical understanding". After all, no one would claim "you need technical understanding" to know that you better use a truck instead of a Porsche Cayman to transport 50 cubic meters of sand.
RetroTechie 5 hours ago [-]
> My temperature sensors got a 1500mAh AAA chargeable batteries
You meant rechargeable? You seem to know more about Zigbee than about rechargeable batteries.
qurren 17 hours ago [-]
> Nowhere did I had even half an hour of disconnection.
Well my garage door opener sensor has been disconnected for two 30 minute gaps today and my plant humidity sensors go offline for 2 weeks at a time.
So yeah, it's not ready for prime time.
> LORA
No, let's not even go there. Tech nerd protocol here that's an awkward middle ground that creates even more problems. Average Joes aren't going to set that crap up.
Arch-TK 15 hours ago [-]
Are you using a phoscon coordinator? ConBee 2 has a lot of firmware problems in my experience.
There are also some devices which advertise ZigBee compatibility but the manufacturers don't seem to test them against coordinators other than their own (and ConBee 2 seems to have the most problems in this regard).
The protocol is complex, they all are, implementing it correctly isn't a given, but I think the issues people have are more often a factor of how long a protocol has been in use than any fundamental aspect of it.
As soon as cheap hardware manufacturers get on board you get this problem.
Quality hardware works fine with ZigBee. It's by no means perfect technology, if you want that, use copper wires, but it doesn't work as badly as you claim if you are not unlucky with coordinators and devices.
robocat 13 hours ago [-]
Is your zigbee running at 2.4GHz? Everything interferes with that.
watermelon0 12 hours ago [-]
Practically all consumer Zigbee devices only support 2.4GHz. You would need to go for ZWave for the sub-GHz range.
Also, it's not like 860-930 MHz (depending on the country) is without interference.
DeluluDon 12 hours ago [-]
Anything any government can access, motivated criminals can too.
Pissed off script kiddies have been confused as government plenty of times by unsuspecting victims.
petra 19 hours ago [-]
Consumers just don't care about security. It is what it is.
tjoff 14 hours ago [-]
There is no reasonable way to assess security for the average consumer.
petra 10 hours ago [-]
I agree. The market doesn't work well around this.
You can ask chatgpt.not a great way.
And when you ask it you the secure answers cost 3x more. And than require an installar. And some(Google) require a monthly subscription.
And even about the good systems, the chat recommends, since there's no mathematical guarantee for security, that you "Switch them off or physically cover the lenses while you are home.".
drdaeman 13 hours ago [-]
Even if there’d be a way, there’s no culture of asking questions about how things work, especially outside the single “happy” path.
tjoff 12 hours ago [-]
Because there are too many things. We've built society on the notion that you don't have to know. Which of course unethical corporations try to exploit.
But if people knew how easy it was to use the camera they bought to spy on their family, then I bet many would care.
petra 6 hours ago [-]
True, that's probably the biggest issue.
But the only solution here is very expensive marketing, so...
alexloom 11 hours ago [-]
[flagged]
locknitpicker 15 hours ago [-]
> This underscores the principle that IoT devices should not be allowed to communicate over the public Internet.
TP-Link is a prominent maker of network hardware, including home and mesh routers.
inigyou 10 hours ago [-]
And their network hardware is illegal to import into the USA because it's full of backdoors.
BLKNSLVR 5 hours ago [-]
So, TP-Link isn't sold as consumer level devices in stores in the US?
It's had the Huawei treatment?
It's one of the primary networking electronics brands in Australia.
inigyou 4 hours ago [-]
Yes it had the Huawei treatment
ssl-3 3 hours ago [-]
What are the details of that treatment?
As I write this, there are all kinds of TP-Link routers, mesh nodes, and cameras (oh my!) in stock at a nearby Wal-Mart, with pickup promised within a few hours from now.
routers could solve this for consumers with a checkbox for "intranet only"
99% of consumers won't know how to setup a firewall but could handle a checkbox
only problem I have is I can't seem to punch a hole for time sync and it won't use my local intranet time server
ssl-3 3 hours ago [-]
Time server can be specified with DHCP, if you want. Options 4 [deprecated, but that doesn't matter] and 42.
No idea if that helps with your particular devices; they are, of course, free to ignore those fields.
gruez 21 hours ago [-]
The report seems obviously AI generated, so I can't be bothered to read in its entirety, but based on my quick skim, "leaked home GPS" makes it sound worse than it is. Unless you're dumb enough to set DMZ on this device, this won't be exposed to the internet, and if it's LAN only, don't you already know the location? Even for a remote attacker who somehow got LAN access remotely, they can probably deduce the location through other means (eg. using crowdsourced wifi databases).
locknitpicker 15 hours ago [-]
> Unless you're dumb enough to (...)
It sounds like you are blaming the user for providing data that a service can leak. That's like blaming a user for writing personal emails when faced with an email provider that leaks emails.
arjie 14 hours ago [-]
Really enjoying the picture of this user who logs into his router and decides that all unsolicited network traffic from the internet should go to his network camera. Absolute legend. God amongst men.
maccard 14 hours ago [-]
This user doesn’t know what they’re enabling, they’re following steps from a blog post or something to allow access from outside their home.
DMZs as a solution to port forwarding issues have been a misunderstood part of online games troubleshooting for at least 20 years.
bobmcnamara 13 hours ago [-]
Heck I've seen it admins do this, then I rooted the camera and pivoted into their data center and put it into the report, "security contractor told is they needed it"
locknitpicker 12 hours ago [-]
> Really enjoying the picture of this user who logs into his router and decides that all unsolicited network traffic from the internet should go to his network camera. Absolute legend. God amongst men.
If that idea surprises you then you definitely need to touch grass. Even cloud computing engineers are surprised to see random internet requests hitting services,and here you are assuming that any regular consumer that just wants a security camera to work will somehow have deep understanding of networking and DevSecOps and trying to ridicule those who don't.
forestry 20 hours ago [-]
[flagged]
pudgywalsh 17 hours ago [-]
Security professionals - the progenitors of unrealistic expectations - also expect homeowners to buy $800 Axis cameras while they stroke their beards.
When they get down to the $20 price point like the Chinese schlock, let me know, I'll be first in line to buy them.
inigyou 10 hours ago [-]
Quality costs money, but money doesn't guarantee quality. Maybe the $800 camera is worth saving up for. But in this market for technological lemons, it's more likely they'll just buy the $20 camera and resell it to you for $800 and you're the sucker in the transaction.
wolvoleo 19 hours ago [-]
A random post on hacker news isn't going to make a dent in TP-Link's camera marketshare positive or negative. If the GP really has bad motives they wouldn't really accomplish anything with that. But I doubt they do. I use these cams myself too. They're ok if you limit their internet access. I limit all my TP-Link stuff anyway since they suddenly removed local access for their switched power plugs in an auto firmware update.
It's not the best company but they're cheap.
lostmsu 15 hours ago [-]
> since they suddenly removed local access for their switched power plugs in an auto firmware update.
AFAIK it was because it was an unencrypted protocol and you can just manually turn it back on in device settings.
justsomehnguy 18 hours ago [-]
There is only two ways to receive this unencrypted data:
- to do the song and dance to allow the whole Internet to access this cam - and 'security professionals' have been advising no to do that no matter what vendor it is
- to sit on your wire, literally and sniff everything
Unencrypted personal data is not good but if you have a habit of leaving your car with the open doors, windows and a key in the ignition - don't run around telling horror stories what someone didn't close the lid on a cookie jar.
fragmede 18 hours ago [-]
That's because you live in a shitty place where your can't do that with your car, and think that's normal. There are places in the world where you can just leave your car unlocked with cash sitting out, and no one steals it. Yeah, the Internet is not such a place, so we can't act that way here, but in the physical world, there are safe places where you can relax.
justsomehnguy 12 hours ago [-]
> . There are places in the world where you can just leave your car unlocked with cash sitting out,
And most of the time it's because there is only a couple humans and bears out there. But sure, attacking me would get your point across, Mr. Beautiful Garden citizen.
ericpauley 11 hours ago [-]
A shocking number of devices are continuously reporting location data over random unencrypted protocols. What’s worse, they’re often sending the data to cloud IPs that aren’t even controlled by the company, so some random person is getting your real-time location.
joshspankit 7 hours ago [-]
Definitely curious about the breakdown of data-broker relationship for each link in the chain. Unencrypted data is easy to store and share so it’s reasonable to assume that even the most stringent privacy policy for an IoT device is essentially meaningless if it’s unencrypted PII passes through a single tracking server (including the user’s ISP who may have a direct relationship with multiple brokers)
nubinetwork 13 hours ago [-]
The fact that a firmware upgrade bricked the camera doesn't bode well for their other products...
inigyou 10 hours ago [-]
Some of those products are banned from import into the US and will be destroyed by customs at the border. Because they're so full of probably intentional backdoors.
BobbyTables2 20 hours ago [-]
That disclosure timeline is brutal…
mlhpdx 5 hours ago [-]
Good, they used UDP for a one off request /response (maybe) exchange. Bad, they included precise location information.
I can see how rough location information is helpful for support and business information. Maybe country, maybe even zip code. But precise GPS was a bit overkill. Maybe it was easy, maybe it was nefarious, but not encrypting it over the wow was just plain dumb. I guess there is a razor for that.
How would this exfiltration happen though? Aren’t these cameras going to be behind a firewall? Without a request originating internally no external packet will make it past, right? Does the firmware make the first request? If so, I missed it.
I’m more mystified by the fleet wide certs. Old manufacturing tech that makes per-device firmware difficult, perhaps?
BadChemical 4 hours ago [-]
The UDP is through the broken, since 2016, TP link smart home protol. Exfiltration would require a precursor network foothold for a pure network vector, or for local 2nd hand markets the data is returned from the device broadcasted AP which is used for account binding.
maxlin 6 hours ago [-]
I've used Kasa plugs for a long while and was not surprised that their API allowed relay control and basic info of them as long as you manage to get in the same internal network. It's local, so IMHO that is not just reasonable, it's desirable. I don't need to give my friends permission to toggle the lights manually either.
Routers having abnormal amount of zerodays, and not being fixed on the other hand is actually serious, unlike this.
Just a week ago I actually set up one of TP-link's new line of smartplugs (Tapo instead of the old Kasa), and for that I had to make an account. For actual security, I'd rather have an option to control them locally with zero additional authentication when you're already inside the network, instead of the cloud stuff. But I HAD to make an account even though the custom code I control said plug with only accesses the plug locally.
ck2 7 hours ago [-]
btw there is now open-source 3rd party firmware for some tp-link cameras from https://thingino.com
AndyMcConachie 15 hours ago [-]
Why do people keep buying all this garbage and putting it in their homes?
danparsonson 12 hours ago [-]
Because it's convenient and solves a problem and there's nothing better available for sensible money - maybe better to ask why no-one seems able or willing to make a product like this that isn't garbage?
1970-01-01 9 hours ago [-]
This. They want to watch their cats when they are out but have absolutely no clue about security. So they just buy whatever is cheapest on Amazon and if it works the problem is permanently solved in their world. China has no reason to stop cranking these out at the lowest price point.
neogodless 6 hours ago [-]
TP-Link in particular because you can throw in an SD card and pay no subscription cost for many of their cameras, while a lot of other brands require monthly commitments to use most of the features.
BadChemical 1 days ago [-]
Six months of coordinated disclosure on a TP-Link Kasa camera resulted in two CVEs, a triage failure where the vendor described a vulnerability that doesn't exist in the reported payload, a beta patch that permanently bricked my test device, and a factory reset that doesn't clear previous owner data.
The GPS finding (CVE-2026-13230) has been publicly documented on this device class since 2020. A single UDP packet returns sub-meter home coordinates with no authentication required. TP-Link scored it 5.3 medium. My independent assessment is 7.1 high. Precise home coordinates aren't low confidentiality impact.
The credential finding (CVE-2026-9770) covers a fleet wide RSA key and unsalted MD5 TP-Link ID credentials. Same credentials provide global authentication across the TP-Link ecosystem.
Factory reset on a secondhand device doesn't clear the data. Connecting to the device's soft AP during setup and sending a single UDP packet returns the previous owner's GPS coordinates.
user2722 14 hours ago [-]
Did they pay you anything at least, for doing their work?
armel_N 17 hours ago [-]
[flagged]
myshapeprotocol 7 hours ago [-]
[flagged]
ralphlarry 10 hours ago [-]
[flagged]
Rendered at 23:02:45 GMT+0000 (Coordinated Universal Time) with Vercel.
Why single out bad Chinese coding? Bad US IoT coding has a longer history.
Yeah, I agree - at least Chinese Roborock gives very granular controls for privacy.
Not doxing myself, but... Company with a known name vibecoded a dashboard with Claude. Which also hardcoded a password into the client-side of the dashboard, which I caught.
I reckon security will be about the same.
Why would you be surprised there are failures?
BAs using AI make worse designs, management makes seniors redundant making code worse, and then QA is also laid off to make room for agentic testing. The results are not a surprise in anyway.
All of which was, of course, predicted by management, reported upwards, and ignored.
For example, if secret storage methods aren't specified in the prompts, a model might decide to be clever and implement a generic secret access interface, with a default implementation that hardcodes everything. It will probably tell you that this is not production ready and you should write or specify your preferred secret storage implementation, but if you don't read or understand that, you'll just leave it as is and push to prod.
Soon?
I've already seen multiple of TP-Link's firmware engineers leave their LLM history public and indexed by search engines.
It's quite obviously them as well.
Also, all communication and telemetry should be opt-in and turned off by default.
Government-controlled server would prevent foreign countries from collecting intelligence and pushing malicious updates.
In most cases companies don't want to give you Matter or HomeKit, because it means they cannot sell you more through their app.
Wyze has ads everytime you open it. So does Honeywell. Hell, even the internet-loved Ecobee has a banner that shifts everything down most of the time that you open the app. And for that last one, you _have_ to use their app to control the fan, as they don't expose separate fan controls over HomeKit...
Then don't buy those devices. All of my home devices are either Zigbee (local-only) or were bought specifically because they can be reflashed with open firmware to liberate them from the cloud.
> Hell, even the internet-loved Ecobee has a banner that shifts everything down most of the time that you open the app.
I don't want such apps. The only app I need is Home Assistant, and installing proprietary software on my phone (running GrapheneOS) is out of the question.
Honestly, I'd rather it leak my GPS to the Chinese government than the US government. They don't have jurisdiction over me anyway.
> should not be allowed to communicate over the public Internet
It would be a no-go for non-techies. One of the biggest draws to IoT devices for "average Joes" is being able to view and control them from remotely, and they aren't going to have the skills or know-how to set up a VPN correctly with dynamic DNS so that their phone can VPN into their home and then sideload/jailbreak their phone to load a custom app to control it. "It just works from anywhere" is a big sell for them.
There are better solutions, like Apple’s HomeKit. I’m able to watch a camera that has no internet access because it passed through my Apple TV, which serves as a home hub. I didn’t have to set any of this up, it just works when you have the required hardware.
How exactly does this prevent the same kind of issue for Apple devices? Aren't you just trusting that Apple handles your data better than TP-Link? Not saying they don't but routing through another device doesn't really add security on its own.
I am, yes. Ultimately you’re going to need to trust some hardware, somewhere. No matter what you’re doing you have to trust that your home router doesn’t have an externally accessible SSH port with no password set.
Personally I trust Apple more than I trust TP Link with this stuff.
What if a TP-Link camera supported HomeKit Secure Video? You access the camera through Apple but all of these cameras are still directly connected to the internet, meaning you still need to trust the camera manufacturer.
No, you don't have to trust. I build my own routers precisely because I don't.
There are various non-internet protocols for IoT devices, none of them good:
* Zigbee: Requires some technical understanding to set up, devices randomly disconnect for hours even when they are 2ft from the coordinator, all-around horrible experience for non-techies
* Non-standard Zigbee variants: even worse
* Matter-over-Thread: horrendously designed from a UX perspective. Easy-to-lose barcodes stuck on cards in the packaging, weird 12-letter codes, and your non-techie cannot understand what the hell Matter or Thread is. Pairing is an absolute nightmare.
I don't think that's normal. Like, to the point where I'm wondering if you have a bad opinion of the whole protocol because you got a faulty device.
Requires no technical understanding. At least not more than e.g. a WIFI router.
> devices randomly disconnect for hours even when they are 2ft from the coordinator,
You present this like a fact. But it is at most an anecdote. I present you a different anecdote: I have ~30 zigbee devices, in two different houses (first a house with concrete floors and cellar and level 1..3) and now one old woodwork structure house with 2 floors. Nowhere did I had even half an hour of disconnection.
> all around-horrible
... excellent experience even for my ex-spouse, which is/was non-techie.
However, that you present Zigbee here at all is weird. Zigbee doesn't have any way to transport a camera stream. It's mean for low-powered battery devices. My temperature sensors got a 1500mAh AAA chargeable batteries and they lasts now for over one year. Note that I have sensors from ~ 15 different brands. Mostly battery powered sensors and mains power switchable plugs.
I also enjoy that these Zigbee devices are by design completely disconnected from any IP traffic. This, and their (intentional) low data rate make them almost impossible to misuse. E.g. as denial-of-service originators or amplifiers.
It's like you present WIFI as long-range thingy but actually you'd want LORA for that. I'm not assuming that knowing for what kind of usage a tech was designed as "needing technical understanding". After all, no one would claim "you need technical understanding" to know that you better use a truck instead of a Porsche Cayman to transport 50 cubic meters of sand.
You meant rechargeable? You seem to know more about Zigbee than about rechargeable batteries.
Well my garage door opener sensor has been disconnected for two 30 minute gaps today and my plant humidity sensors go offline for 2 weeks at a time.
So yeah, it's not ready for prime time.
> LORA
No, let's not even go there. Tech nerd protocol here that's an awkward middle ground that creates even more problems. Average Joes aren't going to set that crap up.
There are also some devices which advertise ZigBee compatibility but the manufacturers don't seem to test them against coordinators other than their own (and ConBee 2 seems to have the most problems in this regard).
The protocol is complex, they all are, implementing it correctly isn't a given, but I think the issues people have are more often a factor of how long a protocol has been in use than any fundamental aspect of it.
As soon as cheap hardware manufacturers get on board you get this problem.
Quality hardware works fine with ZigBee. It's by no means perfect technology, if you want that, use copper wires, but it doesn't work as badly as you claim if you are not unlucky with coordinators and devices.
Also, it's not like 860-930 MHz (depending on the country) is without interference.
Pissed off script kiddies have been confused as government plenty of times by unsuspecting victims.
You can ask chatgpt.not a great way.
And when you ask it you the secure answers cost 3x more. And than require an installar. And some(Google) require a monthly subscription.
And even about the good systems, the chat recommends, since there's no mathematical guarantee for security, that you "Switch them off or physically cover the lenses while you are home.".
But if people knew how easy it was to use the camera they bought to spy on their family, then I bet many would care.
But the only solution here is very expensive marketing, so...
TP-Link is a prominent maker of network hardware, including home and mesh routers.
It's had the Huawei treatment?
It's one of the primary networking electronics brands in Australia.
As I write this, there are all kinds of TP-Link routers, mesh nodes, and cameras (oh my!) in stock at a nearby Wal-Mart, with pickup promised within a few hours from now.
99% of consumers won't know how to setup a firewall but could handle a checkbox
only problem I have is I can't seem to punch a hole for time sync and it won't use my local intranet time server
No idea if that helps with your particular devices; they are, of course, free to ignore those fields.
It sounds like you are blaming the user for providing data that a service can leak. That's like blaming a user for writing personal emails when faced with an email provider that leaks emails.
DMZs as a solution to port forwarding issues have been a misunderstood part of online games troubleshooting for at least 20 years.
If that idea surprises you then you definitely need to touch grass. Even cloud computing engineers are surprised to see random internet requests hitting services,and here you are assuming that any regular consumer that just wants a security camera to work will somehow have deep understanding of networking and DevSecOps and trying to ridicule those who don't.
When they get down to the $20 price point like the Chinese schlock, let me know, I'll be first in line to buy them.
It's not the best company but they're cheap.
AFAIK it was because it was an unencrypted protocol and you can just manually turn it back on in device settings.
- to do the song and dance to allow the whole Internet to access this cam - and 'security professionals' have been advising no to do that no matter what vendor it is
- to sit on your wire, literally and sniff everything
Unencrypted personal data is not good but if you have a habit of leaving your car with the open doors, windows and a key in the ignition - don't run around telling horror stories what someone didn't close the lid on a cookie jar.
And most of the time it's because there is only a couple humans and bears out there. But sure, attacking me would get your point across, Mr. Beautiful Garden citizen.
I can see how rough location information is helpful for support and business information. Maybe country, maybe even zip code. But precise GPS was a bit overkill. Maybe it was easy, maybe it was nefarious, but not encrypting it over the wow was just plain dumb. I guess there is a razor for that.
How would this exfiltration happen though? Aren’t these cameras going to be behind a firewall? Without a request originating internally no external packet will make it past, right? Does the firmware make the first request? If so, I missed it.
I’m more mystified by the fleet wide certs. Old manufacturing tech that makes per-device firmware difficult, perhaps?
Routers having abnormal amount of zerodays, and not being fixed on the other hand is actually serious, unlike this.
Just a week ago I actually set up one of TP-link's new line of smartplugs (Tapo instead of the old Kasa), and for that I had to make an account. For actual security, I'd rather have an option to control them locally with zero additional authentication when you're already inside the network, instead of the cloud stuff. But I HAD to make an account even though the custom code I control said plug with only accesses the plug locally.
The GPS finding (CVE-2026-13230) has been publicly documented on this device class since 2020. A single UDP packet returns sub-meter home coordinates with no authentication required. TP-Link scored it 5.3 medium. My independent assessment is 7.1 high. Precise home coordinates aren't low confidentiality impact.
The credential finding (CVE-2026-9770) covers a fleet wide RSA key and unsalted MD5 TP-Link ID credentials. Same credentials provide global authentication across the TP-Link ecosystem.
Factory reset on a secondhand device doesn't clear the data. Connecting to the device's soft AP during setup and sending a single UDP packet returns the previous owner's GPS coordinates.