I purchased a pair of HS100 Kasa plugs from Amazon explicitly because I would be able to control them from my computer without using a proprietary cloud service or app. I figured with these plugs I'd be able to automate on/off events and read statuses with code I'd written on my Raspberry Pi, and several people online seemed to be doing just that. However, I foolishly accepted the firmware "upgrade" when I was setting up the plugs, and now it's broken my planned operation since that user-friendly protocol constituted a "local security risk".
My home network here has 5 VLANs on the backbone, and 5 Wi-Fi SSIDs map onto them to allow wired or wireless access as appropriate. Each VLAN has a specific purpose and firewall rules control what is allowed to flow between each VLAN. I can tell you that the "local security risk" on my network with these plugs was quantified, controlled, negligible, and far more acceptable than the risk of having the Kasa mobile app and my plugs communicating with yet another vendor cloud service. It's ludicrous to expect people to communicate through your servers to control the plug in the next room.
I realise these is still a local-only mode, but the latest firmware has now hamstrung the potential utility of this, adding a layer of security which was just simply unnecessary. You have forced people to use a mobile app with very limited functionality, and removed the unlimited orchestration that was previously possible. The protocol turns plugs on and off, and reads the status of the plugs. I'd genuinely like to see the threat model that justified this particular security change.
At the very least, the firmware upgrade prompt should have provided a warning that the protocol security was being changed. That would have prompted me to refuse the "upgrade".
Please, please provide a way to restore the old firmware. I've heard that Belkin WeMo products have user-friendly local comms. Though they are more expensive, the functionality is worth it, and I'll definitely switch (no pun intended) if necessary.