TP-Link routers leak traffic data to third-party companies

The routers of TP link are developed in partnership with the virtual security company Avira, to ensure the protection of users using the devices. But apparently this common action goes beyond the production of the devices, Avira also receiving traffic information from the connections on which the transmitters are connected.

According to Reddit user ArmoredCavalry, the TP-Link Archer AX3000 router he uses at home has had over 80,000 requests to transfer data to Avira server UPS systems such as SafeThings.

The Reddit post explaining the TP-Link router issue. (Image: Screenshot/Dácio Augusto)

SafeThings is Avira’s subscription platform that actually interfaces with routers, to allow local networks to operate without the risk of being affected by internet of things (IoT) that can be compromised. Moreover, it also analyzes connection traffic, in order to mitigate threats that have atypical behaviors. The tool can be configured by users.

Want to stay up to date with the best tech news of the day? Access and subscribe to our new youtube channel, Canaltech News. Every day a summary of the main news from the tech world for you!

The TP-LinkArcher AX3000 router. (Picture: Playback/TP-Link)

Avira claims that users have full control of SafeThings, but information from ArmoredCavalry shows an interesting scenario: the scanning process continues even when the user does not have an active subscription to the service, which happens also if all security-related options of the software publisher are disabled in the device configuration.

It’s not a new problem

In May 2021, a similar issue was reported on the XDA website, involving the TP-Link Deco X68 router. At the time, TP-Link promised to investigate the problem and develop solutions, but so far nothing has come forward.

As for the issue of the current router, the Canaltech contacted TP-Link, who sent us the following position:

It recently came to our attention that a user reported that they discovered that their TP-Link router was frequently sending requests to Avira subdomains. This news generated reports in the press and other users. Therefore, we believe it is necessary to clarify the following points:

1. TP-Link HomeShield uses Avira services. As a result, HomeShield routers regularly obtain the IP address from Avira. However, after reviewing the software, we identified flaws in the DNS query logic, leading to frequent resolution requests. We optimize the software to avoid frequent queries. Users can access the link below to update the firmware of the device.

2. Like DNS queries, these queries do not contain any personal information.

TP-Link respects user data security and listens to users. We adhere to the philosophy of transparency and openness and receive supervision and feedback from all sides.

Source: chalk, reddit, XDA

Add Comment