On December 19, 2024, in Fuyang, China, the TP-Link logo appeared on the products of router manufacturer TP-Link.
Noor Photos | Noor Photos | Getty Images
Although on tiktok have Lawmakers scurry and chat China’s influence on U.S. technology In the midst of the fever, another danger lurks. One of Amazon’s best-selling router brands, TP-Link, has come under scrutiny from regulators over the threat it poses to U.S. infrastructure. Experts worry that China could use these routers to launch attacks on critical infrastructure or steal sensitive information.
Rep. Raja Krishnamoorthi (D-Ill.) and Rep. John Mullenar (R-Mich.) sent a letter to the Commerce Department last summer, triggering a series of investigations and calls for a ban. this letter, which The Wall Street Journal first reportedlabeling “abnormal vulnerabilities” and demanding compliance with Chinese laws is disturbing. “Coupled with the Chinese government’s routine use of SOHO (small office/home office) routers such as TP-Link to conduct widespread cyberattacks in the United States, this becomes extremely alarming,” the letter states.
But so far, no action has been taken, and Krishnamoorthy is concerned.
“I’m not aware of any plan to get them to leave,” Krishnamoorthy said. He pointed to the government’s “rip-and-replace” program using Huawei network equipment as a precedent that can be followed. The government in 2020 forced companies to get rid of Huawei equipment because it was considered a threat to national security. Work to dismantle the equipment is still ongoing.
He cited data showing that TP-Link, which holds 65% of the U.S. router market, has successfully followed a similar strategy used by China in other areas of technology: Produce more than demand, export the remainder to undercut competition, and use the technology to Backdoor access or destruction.
“I wonder if similar measures are needed, at least on the national security agencies, the Department of Defense and intelligence,” Krishnamoorthy said. “It doesn’t make sense for the U.S. government to buy routers.”
These routers are one of the brands in the market related to Hacking attacks on European officials and Typhoon Volt is coming.
Amazon Bestsellers from Our Online History
Krishnamurti’s concerns extend beyond the federal government. He said state and local utility companies that own routers, as well as people with routers in their homes, could be vulnerable.
“The People’s Republic of China has every intention of collecting data on Americans, and they will, so why give them another backdoor?” Krishnamoorthy said.
Browsing history, family and employer information are all at risk.
“I wouldn’t buy a TP-Link router and I wouldn’t have it in my home,” he added, noting that he never had TikTok installed on his phone.
Ranking Member Raja Krishnamoorthi (D-Ill.) participates in the first hearing of the U.S. House Select Committee on Strategic Competition between the United States and the Chinese Communist Party at the Cannon House Office Building in Washington, DC, February 28, 2023. The committee is investigating economic, technological and security competition between China and the United States.
Kevin Dickey | Getty Images News | Getty Images
There are multiple versions of the TP-Link router on Amazon, and one labeled “Best Seller” retails for $71. Amazon did not respond to questions about whether it plans to remove the router.
A spokesman for the majority of the Chinese Communist Party’s special committee, chaired by Moolenar, told CNBC that TP-Link routers pose an espionage risk to Americans because the company is subject to the Chinese government, which is engaged in a sweeping espionage campaign. Hacking by We the People. “Because of this, we hope to see TP-link routers banned in the coming year and develop plans to replace existing Chinese routers with secure American alternatives.”
TP-Link Technologies has In response to the accusation, he said The company does not sell routers in the United States and has denied that its routers have any cybersecurity vulnerabilities. TP-Link Systems Inc. recently Establish new headquarters for the US market The Irvine, California-based company has been operating in the state since 2023 and says it is an independent company with separate ownership and that most of the routers it makes for the U.S. market come from Vietnam.
“TP-Link Systems is actively pursuing opportunities to work with the federal government to demonstrate the effectiveness of our security practices and demonstrate our ongoing commitment to the U.S. market, U.S. consumers and addressing U.S. national security risks,” the company told Orange County News. .
The Ministry of Foreign Affairs of the People’s Republic of China in the United States did not respond to a request for comment.
Problems with unencrypted communications
Given the widespread use of routers in the U.S. consumer and enterprise markets, consensus on the best way to address the issue and enact a ban remains elusive.
Guy Segal, vice president of corporate development at cybersecurity services company Sygnia, said that in addition to the popularity of TP-Link routers among government agencies, including defense organizations, the company also holds a majority share of the U.S. home and small business router market.
“The ubiquity of this technology and the potential risks associated with it do create security concerns for users, both at the consumer level and as a matter of national security considerations for government entities, and should be taken seriously,” he said.
If a ban were introduced, it would more likely be motivated by national security concerns and the impact the routers could have on military readiness and national security, rather than the risk to consumers of home networking. Segal said that given the ubiquity of TP-Link routers, if momentum for a ban builds within the government, the action will have to be implemented in phases. The most practical approach would be to first ban its use in the federal and defense sectors.
A letter from a congressional panel to the Commerce Department last summer noted that the Chinese government has shown a willingness to sponsor hacking campaigns using China-affiliated SOHO routers, “particularly those provided by TP-Link, the world’s largest manufacturer, and is considering using its ICTS authorities” to properly mitigate this outstanding national security issue. ”
Matt Radolec, vice president of incident response and cloud operations at security company Varonis, said the government is on the right track and that even though the threat of a home device ban may not be imminent, consumers should not ignore the issue. “Banning routers from certain manufacturers is a smart security decision,” Radolek said. “In general, consumers should be aware of the impact this has on their personal privacy.”
The fundamental problem with TP-Link routers, he said, is unencrypted communication, and little is known about it.
“All unencrypted communications on these routers can be compromised, which is concerning because intra-network communications are often unencrypted for performance reasons. You will get faster internet speeds, but your personal Data may be at risk,” Radolec said.
For example, even if banking information is encrypted, it cannot protect all unprotected personal data transmitted through an unprotected and vulnerable home router.
“It’s time for the public to be aware of the differences between encrypted and unencrypted communications, and browser and device manufacturers must do a better job of informing the public of the privacy risks that exist when you send data over unencrypted links,” Radolek said. “I think we need to ask ourselves, as consumers, is this something we want to potentially be exposed to?”
