A user has detected more than 80,000 requests sent in 24 hours to an Avira Safe Things subdomain, and this is not the first such accusation made against a router
TP Link…
On Reddit, user ArmoredCavalry reports seeing strange behavior coming from his TP-Link router. This sends data to Avira without prior consent. Unfortunately, this is not the first time that such behavior has been observed on the Chinese brand’s routers. In May 2021, journalists from XDA-Developers had observed something similar when testing the TP-Link Deco X68.
Data shared with a third-party provider, without user consent
In a post published over the weekend, ArmoredCavalry recounts its discovery. By monitoring the traffic of his TP-Link router, in this case a Wi-Fi 6 model AX3000 (Archer AX55), the individual found that in just 24 hours, more than 80,000 requests had been transmitted to a Avira “Safe Things” subdomain.
By pushing its investigations a little further, ArmoredCavalry realized that these exchanges had a link with TP-Link HomeCare, a service to which it has not yet subscribed.
Before continuing, a few clarifications are in order. TP-Link presents HomeCare as “ a set of features allowing you to create a secure and personalized network suitable for the whole family. Features include Antivirus, Parental Controls and QoS (Quality of Service) “.
Regarding Avira Safe Things, Avira describes it as a ” cloud-based platform that enables home router manufacturers and Internet Service Providers (ISPs) to create a secure environment for their customers’ smart homes “. By the way, you might have noticed that HomeCare is backed by Trend Micro and not Avira.
Going back to the ArmoredCavalry story, as mentioned above, he clarifies that he had completely disabled the Avira / Home Shield services and had not subscribed before either. His sentence is therefore without appeal: The router doesn’t care and sends ALL your traffic to be “analyzed” “.
A behavior already observed in May 2021
This accusation has a precedent, moreover cited in his post by ArmoredCavalry. In May 2021, during a test of the TP-Link Deco X68, XDA had already noticed similar network activity and sending data to Avira.
Corbin Davenport, author of the test, had asked TP-Link for an explanation. The firm had finally provided after publication of the article. Here are which ones:
” Update: TP-Link says network activity is due to “Avira Cloud Database [qui distingue] if [la demande du réseau est] secure data or malware”. A firmware update is being worked on. It will disable this feature if no Avira network function is enabled in the app, but there is no schedule yet estimated for it “.
Almost a year later, it therefore appears that this “problem” has still not been corrected…
The TP-Link Deco X20-4G presents itself as a 4G router that is Wi-Fi 6 compatible and supports mesh networks. If he does not lack qualities, he also sins in certain respects.
Read more
Sources: Neowin
, Reddit
, XDA-developers
, TP Link
, Avira
8