Kasa devices and Home Assistant - Integration now broken due to firmware update
I created this post to raise awareness around TP-Link's recent changes affecting Home Assistant users:
Those who use Home Assistant consider it irreplaceable.
Arguably, Home Assistant offers the most complete feature and integration suite vs any competing power user home automation platform today.
It would be in the top right corner if there was a "Gartner Magic Quadrant for Home Automation Platforms".
Some of my personal use cases that were easily build-able because of Home Assistant:
I use Home Assistant + my Kasa devices + my continuous blood glucose monitor to wake me up in the middle of the night when my blood sugar levels go low (e.g. turn on my bedroom lamps and lights when my blood sugar is below safe levels).
I control all my house fans in the summer per-room with localized temperature sensors in each room of my house
I turn my RGB lights red or blue if my insulin is approaching an unsafe temperature (freezing damages insulin).
The recent firmware changes completely break the sole reason I bought my TP-Link Kasa devices.
I fell in love with the Kasa product line's quality, price-point, electrical testing certifications and the open integration with Home Assistant.
Amazon reviews, YouTube videos, podcasts and community posts gave me comfort to invest heavily into the Kasa ecosystem.
With Kasa, I felt confident I would have a rock solid device from a big brand to use with Home Assistant.
I was an early adopter of WeMo and have since passed them on as gifts to others - I can't ask for them back now.
The few WeMos I still have work perfect with Home Assistant.
I've never felt worried about a firmware update breaking how my WeMos integrate with Home Assistant as Belkin understands Home Assistant use cases and the values users get from Home Assistant.
Belkin was victim to typical IoT security anti-patterns (e.g. unsigned firmware updates), but over the years has subsequently hardened their WeMo offering and still allow local control.
Users like myself have invested hundreds into TP-Link products (and my recommendations to friends have resulted in them spending hundreds).
We also (in good faith) allowed cloud connectivity (providing TP-Link with analytics data). I am now blocking all of that cloud connectivity.
Here are some community posts. It's only a matter of time before this gets picked up by HackerNews or another big tech site.
I strongly encourage TP-Link to work with the Home Assistant community in good faith to resolve this problem.
Other vendors like Phillips, Belkin WeMo, IKEA, etc. all understand the value of power users pushing the home IoT space forward and have not disrupted the local control capabilities of their products.
Publish a secure local API for Kasa devices
Allow for users at their discretion to opt-in / enable legacy versions of the port 9999 based API / old local control mechanism in the meantime
Create a more secure implementation of the initial configuration mechanism (e.g. that does not use port 9999)
Publish firmware release notes as per industry generally accepted practices
Allow for opt-in beta testing of firmware
Publish CVEs for vulnerabilities discovered as per industry generally accepted practices
I hope this post raises some more awareness for us Home Assistant users now left with 15+ "broken" devices!
Thanks for reading this!
I've lost sleep over my now broken smart home and am trying to constructively work on a solution!