TP-LINK Refutes Claims of “Backdoor” Flaws in its Wireless Routers
Alleged “Backdoor” Was Merely a Testing Tool Used by TP-LINK
(Shenzhen, China) – March 13, 2013 -TP-LINK, a global provider of networking products, today responded to research published in Poland that alleged several of the company’s wireless routers were vulnerable to attack using an existing URL embedded in the company’s routers. TP-LINK’s R&D team has examined the alleged problem and noted that the URL is simply a tool that TP-LINK uses internally to test certain products.
In order to perform the hacks mentioned in a report by Polish security expert Michal Sajdak, one must already be connected to the network, either via a wired connection or wirelessly, which can be prevented by setting up standard WPA-PSK/WPA2-PSK wireless encryption.
The company has several recommendations to prevent hackers from gaining access to the network and potentially causing harm.
1. Ensure that your router is security encrypted and that your password cannot be easily guessed, ideally using a combination of characters and numbers
2. Never allow strangers to connect to the router directly, via Ethernet cable to one of the device’s LAN ports
3. Do not leave the router’s "remote management" function active (this function’s factory default is "off").
The company says that if the above steps are taken, the possibility of hackers gaining access to the router to use the testing URL is very remote. In an effort to prevent any potential security threats, TP-LINK’s R&D department will be releasing firmware upgrades for all affected routers to prevent the use of the URL, which users will be able to download and use to upgrade their TP-LINK devices to better protect their networks.
TP-LINK says that regardless of whether the hack would be effective in an unsecured network, the company always encourages users to set up security on their routers as soon as they set them up, to prevent any kind of malicious activity that may occur in everyday Internet usage. To provide an added level of security, TP-LINK will ship all wireless routers pre-encrypted, which makes for a quicker setup, but also ensures that end-user networks are protected from the moment they are plugged in.
TP-LINK remains grateful to Mr. Sajdak and tech-savvy people like him for bringing issues like this to the company’s attention, and encourages this type of insight into the company’s products.
“We take all security inquiries seriously”, says Global Communications Manager, Daniel Beach. “We hope our response was timely enough to alleviate any concerns with our product lines.“
TP-LINK intends to promptly provide updated firmware to remove any potential risk that the test URL may present. The company says that the updated firmware will be accessible from their corporate website as soon as they are made available for affected models.
