this post was submitted on 16 May 2026
55 points (98.2% liked)
Privacy
5670 readers
209 users here now
Welcome! This is a community for all those who are interested in protecting their privacy.
Rules
PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!
- Be civil and no prejudice
- Don't promote big-tech software
- No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
- No reposting of news that was already posted
- No crypto, blockchain, NFTs
- No Xitter links (if absolutely necessary, use xcancel)
Related communities:
Some of these are only vaguely related, but great communities.
- !opensource@programming.dev
- !selfhosting@slrpnk.net / !selfhosted@lemmy.world
- !piracy@lemmy.dbzer0.com
- !drm@lemmy.dbzer0.com
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
That's a bold admission. I guess they aren't worried about people questioning either how the know or how they are able to remotely control our routers.
Another bit of evidence of the dystopia.
Probably through the same exploit.
This and taking control of botnet control panels are the most common methods.
Something that also often happens is that your home connection has been used in some sort of attack or your IP is found in some other logs and your ISP gets contacted, often even automatically. I had a compromised device on my network once and my ISP kept calling me to fix it. I'm sure if it was router malware some ISPs might use their CWMP or SNMP access to clear it.
If anyone is questioning it then they will find that the answers are pretty boring:
Consumer device manufacturers do not give a shit about security.
For the longest time these devices would ship with default passwords (and many likely still do) and allow remote administration from any IP address.
You could, 'hack' into a network by simply looking up the manufacturer of the device that you were connecting to and using their default username and password (which was often admin/admin). Then, for your convenience, you could write a firmware update to the router directly from the web interface.
In addition, they rarely perform any kind of automatic updating, so once a vulnerability is discovered there is no way for them to deploy a patch across all of their devices without every individual owner logging into the router console and pressing a button, which is not going to happen at scale.
There's no nefarious conspiracy inserting backdoors into these products, just boring corporate greed resulting in valuing convenience over security.
I had a friend who would do that as a prank. He'd drive around with a laptop and change people's wifi password then listen for them to start bitching about the wifi not working. It was a simpler time.
WPA2 has a deauth attack that will do similar. (Note: This is crimes, don't do crimes)
Their engineered backdoor no doubt
@MasterBlaster @sanitation
Edit: better/newer article than the prior I supplied.
Maybe try another source?
https://cyberpress.org/mirai-hits-tp-link-routers/
I retired my tp-link Touter over 10 years ago when I learned of their security problems and that they are Chinese.
I hope most other people Savvy enough to buy their own routers rather than just take the one from the isp, would also be smart enough to research the routers for security.
That's not to say we get it right, but at least we try. I use Asus and installed the open-source firmware that has over the air updates that I can review before I install. It receives regular security fixes, and I block all ports except one that I use for certificate backed VPN.
Hopefully, it does not have a backdoor like the ISP routers. In that case, all bets are off.