This Popular Home Router Could Soon be Banned in the US Due to National Security Risks
Toggle Dark Mode
The United States government may ban the sale of the most popular home internet router brand in the country due to fears that the company’s routers present a threat to national security.
Investigators at three separate US government agencies have opened probes into TP-Link routers, which have 65% of the US home and small business router market share, partially thanks to badged versions of the routers being supplied to customers by over 300 internet service providers.
The routers are also the top choice on Amazon and are used by the US Defense Department and other federal government agencies.
The WSJ reports:
Investigators at the Commerce, Defense and Justice departments have opened their own probes into the company, and authorities could ban the sale of TP-Link routers in the U.S. next year, according to people familiar with the matter. An office of the Commerce Department has subpoenaed TP-Link, some of the people said.
TP-Link has long been criticized for its lack of updates to its routers to patch security flaws. This is especially concerning since they are popular with ISPs and sensitive government agencies.
Federal contracting documents reveal that TP-Link routers are in use at several government agencies, including the Drug Enforcement Administration, the Defense Department, and the National Aeronautics and Space Administration.
However, the unpatched security holes in the routers may be the least of our worries. The WSJ reports that TP-Link routers have been turned into a botnet designed to carry out cyber attacks on US organizations and suppliers, including the Department of Defense.
An analysis from Microsoft published in October found that a Chinese hacking entity maintains a large network of compromised network devices mostly comprising thousands of TP-Link routers. The network has been used by numerous Chinese actors to launch cyberattacks. These actors have gone after Western targets including think tanks, government organizations, nongovernment organizations and Defense Department suppliers.
Also of concern is that the US Justice Department suspects that TP-Link sells its routers for less than they cost to manufacture. If they are, it would violate a federal law designed to prevent monopolies by companies selling their products for less than the cost to build them.
TP-Link routers are sold in the United States through a California business unit. A TP-Link spokeswoman said the company does not sell products below cost and is committed to compliance with US laws, including antimonopoly laws.
Action against the company would likely be handled by the incoming Trump administration, which will take office in January and has so far signaled an aggressive approach to China.
The WSJ says its sources tell it that TP-Link routinely ships routers with customer flaws, which are mostly left unaddressed. While it is true that most routers (and other devices) have security and other bugs, no matter which company makes them, TP-Link does not work with security researchers who discover them.
The TP-Link spokeswoman said the company does assess potential security risks and takes action to fix known security vulnerabilities.
“We welcome any opportunities to engage with the U.S. government to demonstrate that our security practices are fully in line with industry security standards and to demonstrate our ongoing commitment to the U.S. market, U.S. consumers, and addressing U.S. national security risks,” the spokeswoman said.
