Local Access update from TP-Link required
The previous announcement mentions
In the latest Kasa firmware release, we upgraded the local communication authentication method for the two smart sockets HS100(UK)4.1 and HS110(UK)4.1 ONLY (Other models and hardware versions would not be affected) to prevent local communication security risks. As a result, some third-party smart home software and platforms (such as Home Assistant) that use local APIs can no longer communicate with our devices.
Note: After upgrading to the Beta firmware, the devices won't receive new firmware updates in the future as all the new firmware will use the more secure local communication authentication method.
And We're also planning to push a more secure cloud API in the future before upgrading a more secure local communication authentication method on all Kasa devices. At that time, other third-party platforms/applications can register a developer account on our official website and integrate with us through our more secure APIs.
1. So what is the plan here? To remove direct local communication due to security concerns or give people with advanced use cases more secure local communication without the need for any cloud?
2. The announcement calls out HS100/110 UK models - what about other devices and other regions? Seems like they are affected. I'm assuming this change is in all new firmware for all devices by now?
3. I'd like to propose a solution that will meet TP-Link's security requirements and support the community with advanced use cases: In the Kasa app, under device settings, make a toggle to allow advanced local access with disclaimers and once a user accepts / turns on local access, flip a bit in the device that future firmwares respect when applying updates. This way, it's off/secure by default unless a user explicitly turns it on for their devices. The user could also turn off local access in the future to lock down the device.