The network supplier TP-Link has been working with Avira for several years to secure products such as WLAN routers. HomeCare and HomeShield features are designed to protect users from cyberattacks and other threats, but it appears the companies’ collaboration also involved the transfer of user data to Avira.
According to a Reddit user nicknamed ArmoredCavalry, his TP-Link Archer AX3000 router transferred a massive amount of data to Avira SafeThings servers (*.safethings.avira.com) in just one day, getting more than 80,000 hits in just 24 hours were mainly registered on these platforms as well as other services.
SafeThings is a cloud-based cyber threat defense platform that analyzes user traffic. Avira itself reports that this service interacts with home routers to avoid compromising IoT devices. As planned, users should have full control over home devices via a special application.
Although Avira claims that users get control over devices, it turns out that the service continues to work even without a subscription. In addition, data is transmitted even if all associated Avira/Home Shield services are disabled in the router settings. Nevertheless “The router doesn’t care and will definitely send ALL traffic for further analysis”— said ArmoredCavalry.
It is noteworthy that similar data appeared earlier on the XDA portal – according to their information, a similar problem existed in TP-Link Deco X68. When asked, the company promised to fix the problem in future firmware, and representatives of XDA themselves clarified that the router manufacturer did not give exact deadlines for fixing the problem.