Kasa devices and Home Assistant - Integration now broken due to firmware update
Hello everyone,
I created this post to raise awareness around TP-Link's recent changes affecting Home Assistant users:
https://www.home-assistant.io/integrations/tplink/
Those who use Home Assistant consider it irreplaceable.
Arguably, Home Assistant offers the most complete feature and integration suite vs any competing power user home automation platform today.
It would be in the top right corner if there was a "Gartner Magic Quadrant for Home Automation Platforms".
Some of my personal use cases that were easily build-able because of Home Assistant:
-
I use Home Assistant + my Kasa devices + my continuous blood glucose monitor to wake me up in the middle of the night when my blood sugar levels go low (e.g. turn on my bedroom lamps and lights when my blood sugar is below safe levels).
-
I control all my house fans in the summer per-room with localized temperature sensors in each room of my house
-
I turn my RGB lights red or blue if my insulin is approaching an unsafe temperature (freezing damages insulin).
The recent firmware changes completely break the sole reason I bought my TP-Link Kasa devices.
I fell in love with the Kasa product line's quality, price-point, electrical testing certifications and the open integration with Home Assistant.
Amazon reviews, YouTube videos, podcasts and community posts gave me comfort to invest heavily into the Kasa ecosystem.
With Kasa, I felt confident I would have a rock solid device from a big brand to use with Home Assistant.
I was an early adopter of WeMo and have since passed them on as gifts to others - I can't ask for them back now.
The few WeMos I still have work perfect with Home Assistant.
I've never felt worried about a firmware update breaking how my WeMos integrate with Home Assistant as Belkin understands Home Assistant use cases and the values users get from Home Assistant.
Belkin was victim to typical IoT security anti-patterns (e.g. unsigned firmware updates), but over the years has subsequently hardened their WeMo offering and still allow local control.
Users like myself have invested hundreds into TP-Link products (and my recommendations to friends have resulted in them spending hundreds).
We also (in good faith) allowed cloud connectivity (providing TP-Link with analytics data). I am now blocking all of that cloud connectivity.
Here are some community posts. It's only a matter of time before this gets picked up by HackerNews or another big tech site.
-
https://community.home-assistant.io/t/tp-link-hs110-smart-plug-disappears-after-latest-firmware-update/244229
-
https://twitter.com/TPLINKUK/status/1328687659133399043
-
https://alerts.home-assistant.io/#tplink.markdown
-
https://community.tp-link.com/en/home/forum/topic/236268
I strongly encourage TP-Link to work with the Home Assistant community in good faith to resolve this problem.
Other vendors like Phillips, Belkin WeMo, IKEA, etc. all understand the value of power users pushing the home IoT space forward and have not disrupted the local control capabilities of their products.
Some recommendations:
-
Publish a secure local API for Kasa devices
-
Allow for users at their discretion to opt-in / enable legacy versions of the port 9999 based API / old local control mechanism in the meantime
-
-
Create a more secure implementation of the initial configuration mechanism (e.g. that does not use port 9999)
-
Publish firmware release notes as per industry generally accepted practices
-
Allow for opt-in beta testing of firmware
-
Publish CVEs for vulnerabilities discovered as per industry generally accepted practices
I hope this post raises some more awareness for us Home Assistant users now left with 15+ "broken" devices!
Thanks for reading this!
I've lost sleep over my now broken smart home and am trying to constructively work on a solution!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@TP-Link Your post has not clarified the situation. Are you saying that all of these other TP Link devices still have a security exposure? What is the exposure, and how serious is it? Just the 3rd party access? What are the future plans - to break ALL of the other devices, or repair the broken 3rd party interface in the EU version?
- Copy Link
- Report Inappropriate Content
@TP-Link Now that you have said you'll provide a "fix" for specific MAC addressed units, what happens if I buy another HS100 tomorrow and it is preloaded with the 1.1 firmware - do I have to get onto you every time I buy a new unit, or should I just stop buying HS100/HS110 units altogether and jump ship to another manufacturer?
- Copy Link
- Report Inappropriate Content
I'd like the downgrade instructions, as well.
Brook wrote
Good day,
Sorry for the delay.
We are really sorry for the inconvenience.
Please have a check of the message box and our senior engineers have already provided a temporary solution to help us downgrade the firmware for HS100/HS110(UK) v4.
So that the customer could continue using home assistant
And please help us get the required MAC address about the plug.
Thank you very much for your time and patience.
Your understanding would be highly appreciated.
Wish you a good day.
- Copy Link
- Report Inappropriate Content
Wow, this is really concerning behavior from TP-Link, and pretty sad to see because i'd considered them one of the more user-friendly brands. Doesn't look like i'm affected yet since i'm in the US, but I'm going to be keeping a close eye on this and won't buy any more products until an adequate solution is in place.
- Copy Link
- Report Inappropriate Content
@Brook I would also like the instructions. I was told to massage you or another one of the engineers, but I cannot message without leveling up my account, which I dont know how to do.
- Copy Link
- Report Inappropriate Content
@Brook I'd also like these instructions, your "upgrade" has caused no end of issues.
- Copy Link
- Report Inappropriate Content
Good day,
Since the firmware 1.1.0 only affected HS100/HS110(UK) V4, HS110/HS100(US/EU/FR) or other models would not be affected.
Sorry that it is not included in the firmware downgrade and no need to collect the MAC address.
Thank you very much and have a nice day.
- Copy Link
- Report Inappropriate Content
@TP-Link You've answered in an earlier post that you plan to roll this fix out to ALL of the devices. So you're going to need to ramp up this process for everything - is that your plan?
- Copy Link
- Report Inappropriate Content
@TP-Link Five of my HS220 (Hardware Version: 2.0 & Firmware Version: 1.0.3) are not connecting with Home Assistant as well. My other three HS220 connect fine (they are Hardware Version: 1.0 & Firmware Version: 1.5.11)
So, there is definitely an issue here. Let me know how to resolve the same.
- Copy Link
- Report Inappropriate Content
The HS110's are at a decent price on Amazon.co.uk right now. They are still a no go for me until this issue is sorted for sure, does anybody know if there has been any progress?
- Copy Link
- Report Inappropriate Content
Information
Helpful: 20
Views: 57777
Replies: 86