U.S. Lawmakers Urge Probe into TP-Link Routers Over Security Concerns
Two U.S. representatives call for investigation of TP-Link, citing potential national security risks from Chinese-made WiFi routers. Concerns stem from vulnerabilities and past exploits in TP-Link products.
In a recent development, two U.S. lawmakers have called for an investigation into TP-Link Technology Co and its affiliates, citing potential national security risks associated with their widely used WiFi routers. The request, made by Republican Representative John Moolenaar and Democratic Representative Raja Krishnamoorthi, leaders of the House Select Committee on China, highlights growing concerns about the potential exploitation of Chinese-made networking equipment in cyber attacks against the United States.
TP-Link, founded 28 years ago by two brothers in Shenzhen, China, has become a global leader in networking equipment. According to research firm IDC, TP-Link is the top seller of WiFi routers internationally by unit volume, with its products sold in over 170 countries and regions worldwide. The company has expanded beyond routers, offering smart home devices, switches, and even mobile phones.
The lawmakers' concerns stem from known vulnerabilities in TP-Link firmware and instances of its routers being exploited to target government officials in European countries. In their letter to Commerce Secretary Gina Raimondo, they described the situation as a "glaring national security issue" and requested verification of the threat posed by China-affiliated small office/home office routers.
This request comes in the context of broader cybersecurity concerns. Two years ago, the U.S., its allies, and Microsoft disclosed a Chinese government-linked hacking campaign called Volt Typhoon. This campaign involved taking control of privately owned routers to conceal subsequent attacks on American critical infrastructure. While the majority of affected routers in that case were from Cisco and NetGear, the incident heightened awareness of potential vulnerabilities in networking equipment.
Around the same time, the U.S. Cybersecurity and Infrastructure Agency reported a vulnerability in TP-Link routers that could be exploited for remote code execution. Concurrently, U.S. security company Check Point revealed that hackers linked to a Chinese state-sponsored group had used a malicious firmware implant for TP-Link to target European foreign affairs officials.
It's worth noting that TP-Link has faced regulatory challenges in the past. In 2016, the company was fined by the FCC for violating U.S. radio frequency rules. However, TP-Link has also been recognized for its product design, winning awards such as iF Design Awards and Red Dot Design Awards.
The Commerce Department, which has broad powers to restrict transactions with tech companies from "foreign adversary" nations if their products pose a national security risk, said it would respond to the lawmakers' letter through appropriate channels. Meanwhile, the Chinese Embassy expressed hope that authorities would have sufficient evidence when identifying cyber-related incidents, rather than making "groundless speculations and allegations."
As this situation unfolds, it underscores the complex interplay between technological advancement, global trade, and national security concerns in an increasingly interconnected world.
"We request that Commerce verify the threat posed by (China-affiliated small office/home office) routers —particularly those offered by the world's largest manufacturer, TP-Link"
This development serves as a reminder of the ongoing challenges in balancing technological innovation with national security considerations in an era of global digital connectivity.