Reported that the TP-Link router is sending a large amount of traffic to Avira, transmission does not stop even if related services are turned off



Some

routers that relay data between multiple computers not only support Internet connectivity, but also provide security and home parental functions. The router made by TP-Link , a Chinese network equipment maker, is also developing a security service in partnership with the German antivirus software company Avira , but the 'TP-Link router posted on the overseas bulletin board Reddit' Is still sending a lot of traffic to Avira's routers even with related services turned off. '

[PSA] Newer TP-Link Routers send ALL your web traffic to 3rd party servers ...: hardware
https://old.reddit.com/r/hardware/comments/tbthjj/psa_newer_tplink_routers_send_all_your_web/



TP-Link Said to be Sharing all Router Traffic with Third Party | TechPowerUp
https://www.techpowerup.com/292878/tp-link-said-to-be-sharing-all-router-traffic-with-third-party

Beware: TP-Link routers apparently sending customer data to Avira without user consent --Neowin
https://www.neowin.net/news/beware-tp-link-routers-apparently-sending-customer-data-to-avira-without-user-consent/

Armored Cavalry, a Reddit user using a TP-Link WiFI 6 AX3000 (Archer AX55) router , recently enabled a DNS gateway to see requests from routers and network devices. He said he did. He was surprised to find that the TP-Link router made more than 80,000 requests in 24 hours to Avira's server, which has a subdomain of '* .safethings.avira.com'.

The server that the router is sending traffic to is from Avira's cloud threat intelligence platform,SafeThings , and the set of requests is related to a security feature called Home Shield that comes with TP-Link routers. I also understood that. Home Shield is a function that blocks malicious sites, prevents malicious actors from entering, and monitors the security of IoT devices.

However, Armored Cavalry has never subscribed to the Home Shield service, and all related router functions are turned off. Nonetheless, the router in question continued to send traffic to Avira's servers as often as about once a second, Armored Cavalry said.

When Armored Cavalry contacted TP-Link about this matter, he said that he was sending a request to check the subscription status, but he said, 'To check the subscription status 1 Do you make more than 80,000 requests a day? 'Armored Cavalry questioned the answer. If you're checking your subscription status, you're guessing that the frequency of requests will be constant from time to time, but you've also seen that the router in question tends to get more requests when there's a lot of internet traffic. rice field.



The issue of 'TP-Link devices sending a lot of traffic to Avira's servers' was also reported by technology media XDA-Developers in May 2021. The article is a review article of the wireless LAN router ' Deco X68 ', and at this time, more than 42,000 requests were recorded in 24 hours, and there was no option to turn off data transmission. In addition, the person in charge of TP-Link has told XDA-Developers that 'we are planning a firmware update to turn off the data transmission function', but such a firmware update has not been confirmed at the time of writing the article. ..

At Reddit, various users have responded to the report of Armored Cavalry, commenting that 'I just bought a TP-Link router' and developing it as firmware for open source routers ' We have received comments recommending the use of ' OpenWRT '.

TechPowerUp, a tech media outlet, said the issue seems to violate the EU's General Data Protection Regulation (GDPR) in that it sends user data to third parties without permission. Germany-based Avira said it would have to modify its services because it needs to be GDPR compliant.

in Web Service,   Hardware,   Security, Posted by log1h_ik