Security issues with TP-Link routers and cameras fixed following Which? testing
Security issues have been discovered and fixed in four smart products from TP-Link, after Which? worked with the company to tackle the issues.
The impacted products include two TP-Link Tapo security cameras (an indoor and outdoor model) and two TP-Link Archer wireless routers.
The move comes as the UK government lays out new laws to tackle the numerous smart products on sale with security or privacy issues.
Smart home tech reviews: see in-depth reviews of smart doorbells, wireless cameras, smart plugs, and more – all assessed for how they protect your privacy and security.
Tech tips you can trust – get our free Tech newsletter for advice, news, deals and stuff the manuals don’t tell you
TP-Link Tapo wireless camera security issues
In our testing, both the TP-Link Tapo C100 indoor and Tapo C310 outdoor security cameras were found to be vulnerable to an exploit that could, in theory, enable an attacker to gain unauthorised privileged access to the camera – essentially hack it and take control to some degree. .
Although the risk was relatively low, both cameras were vulnerable to the exploit. The attacker would already have to be on your local network, but we have shown previously how poor router security could still put you at risk.
This vulnerability had been known about for nearly a decade, so it is was concerning that it had not been patched out in these cameras.
These issues have now been fixed, however, so you can now consider either camera for your home without worrying about this risk.
TP-Link Archer router security issues
Our testing unearthed a different issue with two TP-Link routers – the Archer AX50 and the Archer AX90.
In this case, the routers were found to have a number of vulnerabilities in the firmware, including one that could enable a hacker to compromise the router with malicious code.
Hacking the router could expose you to privacy risks, but also potentially lead to attackers targeting other connected devices that you use on your home network.
TP-Link has moved to address this issue and improve security in the products, so again you can choose them if you are in the market for an alternative router to the one supplied by your broadband service
If you’re using an older router, it may longer be getting important security updates. Use our router support tool to see if you’re at risk
What should I do if own these products?
If you own any of these products, make sure you run any software updates to get the latest security protections for your device.
Also, if you haven’t already, make sure you set a strong and unique secure password for your device.
TP-Link managing director Will Liu said: ‘The safety of users and devices is of paramount importance to TP-Link and we are committed to providing a proactive and immediate response to security threats.
‘We are proud to work with Which? specialists to rapidly identify and resolve potential security issues on our wireless networking and smart home products.’
How we uncover security issues with smart products
At Which? we also routinely root out security issues in our regular testing. Our programme covers a range of factors, including password security, data encryption, software update policies and vulnerabilities to commonly-known hacking attacks.
When we find issues, we contact the company to fix the problems. If we get a positive engagement with the brand, like with TP-Link, we will consider recommending the products once the security issue is fixed.
However, if brands do not engage positively with us, we can automatically make a device a Don’t Buy if the issue is sufficiently serious.
While we do test a wide range of smart products, we can’t test everything, so if you’re shopping for something that we haven’t reviewed, you’ll need to do some research to make sure you can buy with confidence.
This is especially important if you’re shopping on online marketplaces like Amazon and eBay. A recent Which? investigation found that more than 1,800 insecure products were being sold on online marketplaces.
New law coming to tackle insecure products
The UK government has announced new legislation that will aim to improve the security standards of smart products on sale in the UK.
The Product Security and Telecommunications Infrastructure (PSTI) Bill will aim to prevent the sale of insecure connected consumer products in the UK. It covers three core areas:
PSTI includes fines of up to £10m for manufacturers, importers and distributors that fail to comply with the requirements.
If you’re shopping for a new mobile phone, laptop, tablet or router, use our free security tools to check how long your tech will last.
