Is your Wi-Fi router a national security risk? US government weighs ban

[Simone Del Rosario]

There’s a good chance you have one of these in your home. TP-Link is the bestselling wifi router internationally and on Amazon. Now the U.S. government is considering banning these devices over cyberattack risks.

That’s according to a Wall Street Journal report that says investigators at three agencies, Commerce, Defense, and Justice, are looking into these Chinese-made routers.

In October, Microsoft said it was tracking “a network of compromised small office and home office (SOHO) routers” known as CovertNetwork-1658 and said “routers manufactured by TP-Link make up most of this network.” 

The network has been used by multiple “Chinese threat actors” to gain access and launch cyberattacks. 

This comes more than a year after Microsoft “uncovered stealthy and targeted malicious activity … aimed at critical infrastructure organizations in the United States.” 

Microsoft says Volt Typhoon is “a state-sponsored actor based in China that typically focuses on espionage and information gathering … it “tries to blend into normal network activity by routing traffic through compromised [small office and home office] network equipment, including routers, firewalls and VPN hardware.” 

FBI Director Christopher Wray: These small office home office routers were not themselves the intended targets. The targets, of course, were our critical infrastructure, but what the Chinese were doing were using these easy targets to hide and obfuscate their role in the hacking of our critical infrastructure.

Simone Del Rosario: In August, two lawmakers pressed the Biden administration to investigate TP-Link, calling it a “glaring national security issue.” Along with being in homes across America, the letter noted that TP-Link devices are also on U.S. military bases. 

Straight Arrow News reached out to TP-Link to comment on these investigations. They did not immediately respond. 

A spokesperson did tell the Journal, “We welcome any opportunities to engage with the U.S. government to demonstrate that our security practices are fully in line with industry security standards, and to demonstrate our ongoing commitment to the U.S. market, U.S. consumers, and addressing U.S. national security risks.” 

The Chinese embassy in Washington said the U.S. is using the guise of national security to suppress Chinese companies, something both sides have accused the other of in an ongoing tech tit-for-tat. 

If the U.S. government went forward with banning TP-Link routers, it would be the biggest such move since the Trump administration labeled China’s Huawei and ZTE national security threats and ordered the tech be ripped out of U.S. infrastructure. 

Any action against TP-Link would likely fall on Trump’s second term. 

TP-Link was founded by two brothers in China in 1996. As tensions between China and the U.S. worsened, in October, TP-Link announced its new global headquarters would be in the United States. They said the move is “reinforcing our commitment to the U.S. market and enhancing our ability to innovate and compete on a global scale.”