The U.S. government is considering a ban on TP-Link routers, which are widely used in millions of American homes and small offices. This move is driven by national security concerns, following investigations that suggest the routers may be vulnerable to exploitation by cybercriminals, potentially posing a risk to critical infrastructure. The U.S. Departments of Justice, Commerce, and Defense are currently examining the issue, with the Commerce Department reportedly having already subpoenaed TP-Link for further information. TP-Link, which holds a 65% market share in the U.S. for small office and home office (SOHO) routers, is under scrutiny due to its aggressive pricing strategies that have raised questions about the company’s practices.
The investigation was sparked by a recent Microsoft report linking TP-Link devices to a botnet operated by Chinese threat actors. According to Microsoft, the botnet, identified as CovertNetwork-1658, is largely composed of hacked TP-Link routers. These devices have been used to carry out password spray attacks and computer network exploitation (CNE) activities. The compromised routers are reportedly being leveraged to steal credentials and facilitate other forms of cyberattack targeting various sectors, including government agencies like the Defense Department, NASA, and the DEA.
In response to these concerns, TP-Link has emphasized its commitment to addressing national security risks and reiterated that its security practices meet industry standards. A spokesperson for TP-Link’s U.S. subsidiary stated that the company welcomes opportunities to engage with the U.S. government to demonstrate its efforts in ensuring the safety of its products. Despite these reassurances, the widespread presence of TP-Link routers in both private homes and government networks has raised alarms about the potential vulnerabilities that could be exploited in future cyberattacks.
The scrutiny of TP-Link is part of a broader trend of tightening security measures on Chinese-made technology. In recent years, the U.S. has moved to ban various Chinese tech companies, including Huawei and ZTE, due to national security concerns. The Federal Communications Commission (FCC) has also revoked licenses for companies like China Telecom, citing significant risks to the U.S. communication network. As the U.S. government continues to assess the situation, it remains to be seen whether TP-Link routers will face similar restrictions, potentially affecting millions of American consumers and businesses.