TP-Link offers way to add local API back

Last week TP-Link released an update for their HS100 and HS110 plugs that removed the local API. This was done because of a “security concern”. I put this in quotes because it has not been verified and this reason has been given before when removing interoperability. TP-Link communicated this via Twitter in response to a user voicing their concern.

There were security vulnerabilities on the plug for the local management, the latest firmware version fixed these security issues. It is suggested to use the TP-Link official App KASA to manage the plug. If you have issues, pls feel free to let us know.

— TP-LINK UK (@TPLINKUK) November 17, 2020

Lots of users, rightfully so, got angry. They bought the plugs assuming the local API was a feature. Removing this feature and forcing users through the TP-Link cloud sucks. It removes the one feature why TP-Link stood out among many smart plugs.

After a week of angry users, it looks like TP-Link has listened… somewhat. They are offering a temporary solution to roll back the firmware. We haven’t found any public documentation, but there are forum posts by their employees here and here about it.

Forum post by a TP-Link employee to send in a ticket.

We are hoping for a better solution, but for now this is what you should do:

  1. Submit a ticket to technical support. Make sure to include the MAC address of your plug.
  2. Go to the forums and send this user a message with your ticket ID and MAC address (just to be sure).

TP-Link, if you’re reading along, please reach out to us at [email protected] so we can discuss a better long term solution for local control. Happy to talk!


This is a companion discussion topic for the original entry at https://www.home-assistant.io/blog/2020/11/23/tplink-local-access/
2 Likes

:clap: Bravo to TP-Link for listening to its customers!!!

1 Like

It may be a bit more nuanced than that.

There have been other posts suggesting that TP-Link has taken the position that HA (and all other third-party apps) are not only unsupported, but “unapproved.” This could imply that TP-Link will continue with efforts to disable them. There’s a lot of discussion about this here:

(You’ll have to read down that post a little to see the part about unapproved.)

I hope I’m wrong, but for now I’m holding off any more TP-Link purchases.

It’s nice to see they are at least hearing their customers. Hopefully they are working on a more permanent option. Just closing the local API all together is the wrong answer.

Someone at TP-Link must have read these documents:

http://rat.admin.lv/wp-content/uploads/2018/08/TR17_fgont_-iot_tp_link_hacking.pdf

https://www.google.com/url?sa=t&source=web&rct=j&url=https://lib.dr.iastate.edu/cgi/viewcontent.cgi%3Farticle%3D1424%26context%3Dcreativecomponents&ved=2ahUKEwji7uLo5JrtAhUXCGMBHeP2DI0QFjAEegQICxAB&usg=AOvVaw1wNSye7e3fcGvUKH0HXkCB

Some has been fixed, some hasn’t I believe. Shutting down the API is a bad move. But someone should remind TP-Link that they are using unlawfully parts of openWRT (LuCI) in their router’s without mentioning it anywhere.

Is there a line in the sand where this “fix” will be rolled out generically to all plugs?

I’ve only got version 2.0 hardware, am currently on the latest firmware and have no issues. If I understand it at some point my device will get a similar firmware available to the newer hardware versions and I too will get locked out of said local API?

1 Like

Remember that time sony got sued cause they sold the play station that you could install linux on, then removed that feature? https://en.m.wikipedia.org/wiki/OtherOS

I find the irony of a company that develops, manufacturers and sells smart home products not understanding the concept of a smart home frustrating.

Their solution is ‘use the app’. Basically use a remote control to turn the device on and off. Nothing ‘smart’ about it.

I genuinely think that’s why ‘smart homes’ aren’t everywhere and are only really found in the homes of geeks and enthusiasts, because the people who make the products have absolutely no idea how they should be used ‘smartly’ by the end user.

It’s such a shame.

14 Likes

I was affected by this, soon after I replaced all four of my Wemo smart switches with TP-Link Kasa switches.

While this is annoying, I should have realised they didn’t have a local API. It seems Zigbee smart switches running Tasmota might be the best way to go here instead? Does anyone have any recommendations?

Kudos to Home Assistant for supporting the community and getting behind us on this - thank you

Rob

I have a HS105 with 3.3 hardware and 1.0.21 firmware and I’m also having this issue. Looks like port 9999 is blocked for me as well.

Isn’t the timing of this interesting. I am highly invested in zwave switches and dimmers (in wall mains powered). However I have one TP Link HS100 plug (I got it as deal with an Amazon Dot). It basically comes out for use once a year to control the lights on our Christmas tree once it is up (usually goes up the weekend after Thanksgiving). I now find out the week before the tree goes up that the switch won’t work.

This is very similar to what Logitech did with the Harmony Hub until the HA community raised caine. it looks like TP Link is now in the same position that Logitech found themselves. I haven’t purchased another Logitech product since that debacle even though Logitech finally corrected their error. Looks like I will add TP Link to my list of near-sighted manufacturers that I won’t do business with.

What kind of astounds me is manufacturers like these two pull these stunts while there is such a growing push to standardize interoperability of iot products and protocols.

4 Likes

Can someone please confirm if I block my plugs from accessing the internet would this allow HA to continue to control them?

Only if they haven’t been “patched”

1 Like

Luckily I only used them for Christmas lights so I unpacked them and shut them off from the Internet asap :+1:

Maybe it’s time for Nabu Casa to start making some hardware to go with home-assistant :slight_smile:

1 Like

“Home automation products by automators for automators”!!

1 Like

Pretty hard to get through worldwide approval without considerable money behind you.

I think the concept of a partnership with a couple of manufactures might be feasible.

HA endorse and advertise the product. Maybe a “Works with HASS” endorsement.
Manufacturer make something open and easy to use, with input from Home assistant team.

5 Likes

Can anyone speculate on the long term support for TP-Link local access support HA? All my light switches and plugs are TP-Link because of their local access (and I was planning on picking up a few more over the holidays). I am not affected by the firmware update because they do not have Internet access and were never registered with TP-Link or the KASA app. I have always used this python script to provision the devices.

So in my case, all the local access functionality works and will continue to work for the foreseeable future. Hopefully, this code wall remain as is and if/when a TP-Link cloud API is made available, that will be developed separate from the existing local access.

I’m keeping a very close eye on this. I’ve got 6 HS110s and 2 HS100, but they’re all hw 2.0, so I believe not yet affected. While I appreciate the need to secure IoT stuff, local API is essential. Automation with third party systems is essential too, as a few of mine are linked to solar and battery automations to control a car charger and even the hot water cylinder. The Kasa app can’t look at how much power the solar is generating and turn the swtich on, but I can do that with HASS and NodeRed.

I will be mighty miffed if that functionality is taken away, and I suspect that the New Zealand Consumer Guarantees Act might even have something to say about that.

2 Likes