Kasa devices and Home Assistant - Integration now broken due to firmware update
Hello everyone,
I created this post to raise awareness around TP-Link's recent changes affecting Home Assistant users:
https://www.home-assistant.io/integrations/tplink/
Those who use Home Assistant consider it irreplaceable.
Arguably, Home Assistant offers the most complete feature and integration suite vs any competing power user home automation platform today.
It would be in the top right corner if there was a "Gartner Magic Quadrant for Home Automation Platforms".
Some of my personal use cases that were easily build-able because of Home Assistant:
-
I use Home Assistant + my Kasa devices + my continuous blood glucose monitor to wake me up in the middle of the night when my blood sugar levels go low (e.g. turn on my bedroom lamps and lights when my blood sugar is below safe levels).
-
I control all my house fans in the summer per-room with localized temperature sensors in each room of my house
-
I turn my RGB lights red or blue if my insulin is approaching an unsafe temperature (freezing damages insulin).
The recent firmware changes completely break the sole reason I bought my TP-Link Kasa devices.
I fell in love with the Kasa product line's quality, price-point, electrical testing certifications and the open integration with Home Assistant.
Amazon reviews, YouTube videos, podcasts and community posts gave me comfort to invest heavily into the Kasa ecosystem.
With Kasa, I felt confident I would have a rock solid device from a big brand to use with Home Assistant.
I was an early adopter of WeMo and have since passed them on as gifts to others - I can't ask for them back now.
The few WeMos I still have work perfect with Home Assistant.
I've never felt worried about a firmware update breaking how my WeMos integrate with Home Assistant as Belkin understands Home Assistant use cases and the values users get from Home Assistant.
Belkin was victim to typical IoT security anti-patterns (e.g. unsigned firmware updates), but over the years has subsequently hardened their WeMo offering and still allow local control.
Users like myself have invested hundreds into TP-Link products (and my recommendations to friends have resulted in them spending hundreds).
We also (in good faith) allowed cloud connectivity (providing TP-Link with analytics data). I am now blocking all of that cloud connectivity.
Here are some community posts. It's only a matter of time before this gets picked up by HackerNews or another big tech site.
-
https://community.home-assistant.io/t/tp-link-hs110-smart-plug-disappears-after-latest-firmware-update/244229
-
https://twitter.com/TPLINKUK/status/1328687659133399043
-
https://alerts.home-assistant.io/#tplink.markdown
-
https://community.tp-link.com/en/home/forum/topic/236268
I strongly encourage TP-Link to work with the Home Assistant community in good faith to resolve this problem.
Other vendors like Phillips, Belkin WeMo, IKEA, etc. all understand the value of power users pushing the home IoT space forward and have not disrupted the local control capabilities of their products.
Some recommendations:
-
Publish a secure local API for Kasa devices
-
Allow for users at their discretion to opt-in / enable legacy versions of the port 9999 based API / old local control mechanism in the meantime
-
-
Create a more secure implementation of the initial configuration mechanism (e.g. that does not use port 9999)
-
Publish firmware release notes as per industry generally accepted practices
-
Allow for opt-in beta testing of firmware
-
Publish CVEs for vulnerabilities discovered as per industry generally accepted practices
I hope this post raises some more awareness for us Home Assistant users now left with 15+ "broken" devices!
Thanks for reading this!
I've lost sleep over my now broken smart home and am trying to constructively work on a solution!
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
@TP-Link
Greetings @TP-Link,
I've just gotten a new HS110 and wanted to integrate this new device into my Home Assistant network. But unfortunately, it didn't work. I bought it a couple of weeks ago, but left it in the box until Christmas. Now it is disappointing to see that updating the firmware rendered the device more or less useless to me.
Meanwhile I've visited different boards and read some threads, but I still don't know, what I have to do. Do I have to return the device or is there still hope?
Is there a firmware to downgrade the device or is there a new firmware to install?
My details are:
Model - HS110
Hardware-Version - 4.0
Firmware-Version - 1.0.5 (freshly updated)
I've sent you a private message (like mentioned in #24) containing the MAC, but I did not get any confirmation whether is has been processed successfully or not. If my MAC is still missing, please let me know.
Thanks a lot for your help,
Best regards,
Fridolin
- Copy Link
- Report Inappropriate Content
Good day,
Thank you very much for your time and patience.
The EU version plugs would not be affected and there is no need to collect the MAC address.
Sorry for the inconvenience,
Wish you a Happy New year and Merry Christmas.
- Copy Link
- Report Inappropriate Content
Asking for a family member:
Will the following firmware updates break anything with the old API / Home Assistant?
- 1.1.3 for US/Canada H103 HW V2.1
- 1.1.4 for US/Canada HS200 HW V3.0
The release notes state Wi-Fi and other stability improvements.
Will this impact the old API at all?
Thanks and Merry Christmas!
- Copy Link
- Report Inappropriate Content
Thank you very much for your prompt reply. Honestly, I was not expecting to hear anything form you until 'next year'.
First I did not know, what I should do with this answer, but once I knew that it should work, I found some manual configuration, tried it out and now my HomeAssistant instance displays all values quite nicely. So all is good and I can start creating new Automations to fully benefit from this new device.
Do you think I need to configure my firewall to prevent this device form calling home and getting a new firmware anytime in the future? I would not like to see the needed ports being blocked and the device getting useless.
Thanks a lot in advance and also to you, Merry Christmas and Happy New Year.
Fridolin
- Copy Link
- Report Inappropriate Content
- Copy Link
- Report Inappropriate Content
Thanks a lot for your time and patience.
Since the pervious firmware 1.1.0 was pushed to update without permission, it caused a huge mess.
So for the later firmware upgrade, there would be a release note first about the related changes and bug fix to the old firmware.
It would not be updated without approval.
Thank you very much for your understanding and support.
Wish you a Happy New Year and Merry Christmas.
- Copy Link
- Report Inappropriate Content
Thank you for your reply.
So either to prevent installing accidentally released versions or to risk that I don't read the release notes carefully enough, I've just blocked the HS110 from accessing the internet. It does what it is supposed to do inside the HomeAssistant network and that's fine for me.
Best regards,
Fridolin
- Copy Link
- Report Inappropriate Content
@TP-Link With the 1.1.0 creating such a big mess amongst the install base, would suggest TP Link to push out the 1.1.1 firmware to all affected users, as a default option. It can be a prompt requiring user installation, instead of auto updating the firmware.
I've been waiting for my 1.1.1 firmware for weeks (post a message to you), and I'm still not seeing the option pushed down. Meanwhile, my HA integration is broken. Is there any way to do a manual firmware upload?
- Copy Link
- Report Inappropriate Content
I bought recentrly :
-2 HS 110 EU Hardware V4 Firmware V1.0.5
-3 HS 100 EU Hardware V4 Firmware V1.1.5
None of them can be found by Home assistant .
Is it normal as I thought EU ones are not supposed to be affected?
- Copy Link
- Report Inappropriate Content
Hi all,
I got the following response from the TP Link support team when contacted via the website:
In the latest Kasa firmware release, we upgraded the local communication authentication method for the two smart sockets HS100(UK)4.1 and HS110(UK)4.1 to prevent local communication security risks. As a result, some third-party smart home software and platforms that use local APIs can no longer communicate with our devices.
Since it has never been advertised by TP-Link that Kasa devices should support any unauthorized third-party platforms/applications, and only some famous third-party integration such as Amazon Alexa and Google Assistant have been guaranteed, we reserve the right to adjust the local APIs on the Kasa devices.
We're also planning to push more secure cloud API in the future before upgrading a more secure local communication authentication method on all Kasa devices. At that time, other third-party platforms/applications can register a developer account on our official website and integrate with us through our more secure APIs.
Thank you for your continued support of the Kasa brand.
Very disappointing reply tbh, and I certainly won't be buying any more TP Link products going forward (despite being an otherwise very happy customer of 10+ years).
- Copy Link
- Report Inappropriate Content
Information
Helpful: 20
Views: 57845
Replies: 86