TP-Link accuses rival Netgear of 'smear campaign' over alleged China ties TP-Link is suing rival networking vendor Netgear, alleging that the rival and its CEO carried out a smear campaign by falsely suggesting, it says, that the biz had been infiltrated by the Chinese government. "The accusation is baseless," TP-Link said in a complaint [PDF] filed this week in Delaware, asserting that it is a US …
Supermicro started eating parts of the American server market. Quiet voices in the background make allegations that Supermicro is compromised. Those voices become a thinly veiled 'reds under the bed' scare.
And all because American companies can't compete fairly.
Each time I read one of these China 'scare' stories these days, I look in the other direction as it is likely to be a diversion.
I see your downvotes, and am not sure those doing it remember the raft of unfounded reports going around at the time. The allegation was a tiny chip on Supermicro boards (the size of a broken off pencil lead) which provided full remote control, logging and visibility of the server, and had supposedly appeared as a post-design addition by the manufacturing plant in China. The allegations were *very* noisily made and very quietly, almost silently, retracted in the global press, barring el-Reg. Bloomberg (the original source IIRC) then proceeded to pivot in some modern post-truth to ignore their original chip claim and start pushing a line on custom BIOS variants.
I don't disagree there's a large push (from all sides) for backdoors and compromise, but the Supermicro stories stood out as particularly egregious when it was seemingly unfounded.
There was a great comment at the time on a Reg article about the potential reasons the story might exist. https://forums.theregister.com/forum/all/2021/02/12/supermicro_bloomberg_spying/#c_4204731 Feasibly, yours is only part of the potential viewpoints.
The story originated with Bloomberg, who mainly cited "anonymous sources". They named only one source for the claims, a security researcher. The mainstream press then simply took the Bloomberg claims and reprinted them.
An Australian security podcast however decided to do some actual journalism and tried to verify the claims by asking the sole named "source" about it. That person said he has seen no evidence to support the claims and that Bloomberg had misrepresented him, and that he found the whole thing highly implausible.
In other words, Bloomberg's story fell apart as soon as anyone did even minimal checking. The mainstream press however continued to pretend they hadn't heard that.
As to why that story was created, apparently Bloomberg writers (I'm afraid to call them journalists) have their evaluations and bonuses at least partially based on whether their stories "moved the market" (affected share prices). So they have a strong incentive to publish stories that cause share prices to go up or down. If someone were to feed them a dramatic story which would affect the share price of some company, they don't have a lot of incentive to question it.
I really don't know who to root for here.
I've always had a place in my heart for Netgear's "metal" switches. They're simple and just work and can be placed in very inhospitable locations without a second thought.
But routers/edge devices are much more complex pieces of kit (software-wise), regardless of the name on the outside of the box, be it Palo Alto, Fortinet, Cisco, TP-Link or Netgear.
TP-Link always seems to be in every other CISA email recently with critical vulnerabilities in no longer supported hardware. TP-Link, however, isn't alone here. It can't be expected that the software that drives the hardware can supported in perpetuity.
I recently had to bite the bullet and swap out some old Fortigate 50E routers I got super cheap on flebay a few years ago to play with HA at home with because they stopped with updates earlier this year (6.2.17 came out in June and it was supposed to be EoS) and I had to disable SSL-VPN because of concerns about unpatchable vulnerabilities on these old routers.
But something has to change in informing consumers on when their firewall/edge kit becomes unsupported with patches. I don't know what the solution looks like, but consumers need to understand that the internet router (regardless of the brand) they buy today has a planned obsolescence date. Perhaps a date needs to be published prominently on the outside of the box indicating when that device will become unsupported by the manufacturer, like a Best By date?
This way one could at least make a comparison between devices when purchasing model X versus model Y. If one model has a date only a year out and the other has a date five years out, might steer a decision. Similar to a chromebook? (Even though some dislike those expiry dates on Chromebooks too!)
Dunno.
"I've always had a place in my heart for Netgear's "metal" switches. They're simple and just work and can be placed in very inhospitable locations without a second thought."
I used to feel pretty much the same way, but at some point some Netgear devices started phoning home to Netgear clouds, supposedly not optional.
This was allegedly for some admin functions(?), but I can't say for certain as I never bought any of the smart/managed switches which include this sort of cloud behavior. I've bought another small unmanaged switch since then, but I'm done with Netgear devices which require "cloud administration" or similar nonsense. If I can't manage it myself onsite or in my own LAN as needed, I'll find another solution.
Same for any other vendor, not just Netgear, of course.
I only buy routers I can install DD-WRT or OpenWRT on, so the vendor firmware can be the most insecure POS or phone home to Xi personally and I don't have to care.
Not that I personally care about something phoning home to China all that much. Between phoning home to China and phoning home to the NSA I'll take the former, because China is in much less of a position to negatively affect my life than my own government!
For routers (wired, wireless, both) I do agree -- I've been using OpenWRT for the wireless kit and pfSense or OpnSense for the wired WAN-to-LAN side for many years.
But for switches, it doesn't seem like there are commonly available (and open source) options like that. Once upon a time there was e.g. Cumulus Networks, but they were absorbed a while ago, and iirc Cumulus Linux didn't run on commodity desktop switch gear like netgear and tplink et al in any case. Oh well.
Wrt phoning home, I don't want nor need it to happen at all, regardless of who is on the receiving end. It's simply not necessary here, and in some environments it's actively not possible at all.
China is in much less of a position to negatively affect my life than my own government!
Presumably written from the Trumpisstan gulag and tragically never truer than now.
The irony is that almost without exception this kit is already running OpenWRT or DD-WRT albeit molested to some extent by the vendor.
The option of being able to install an upstream version of the software would put most this nonsense to bed and allow the hardware to run supported software beyond the vendor's EOL.
Presumably written from the Trumpisstan gulag
Even before Trump I've always felt that way. Not that I have any particular reason to think the government could target me (even under Trump as a white male he's got a long list of targets before he gets to me and he won't live long enough to get very far on his list) but if they DID they can obviously do far more damage to me than China could. I live here, I own property here. I have a lot of assets here.
What could China possibly do to hurt me? I don't have any property, money or investments there they could seize. I don't have a Chinese passport they could revoke and leave me unable to travel. The only way they could get at me is if I traveled there, and even then if they started messing with US citizens traveling to China it would cause some real issues so I'd have to do something to REALLY upset them to risk it. Much, much more than posting Pooh Bear memes or whatever other stuff is banned for Chinese citizens.
"I only buy routers I can install DD-WRT or OpenWRT on, so the vendor firmware can be the most insecure POS or phone home to Xi personally and I don't have to care."
I don't allow routers or access points any internet connectivity so they can't phone home.
WRT is great when your devices support it - I especially like Freshtomato and its simplicity - but it is really limited to a handful of AX, and zero 802.11be devices so far. The stock firmware is also sometimes more powerful because it can offload network traffic to dedicated hardware - Qualcomm NSS for example - and WRT cannot support it due to it being proprietary binary.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
