US government authorities are reportedly investigating whether to ban TP-Link wireless routers, which have been targeted in some high-profile attacks linked to the Chinese government. TP-Link, which was founded in China in 1996 and said it relocated its headquarters to the US in October this year, has racked up significant market share in US homes and businesses.
US authorities are investigating whether TP-Link "poses a national-security risk and are considering banning the devices," The Wall Street Journal reported today. The WSJ notes that TP-Link is "the top choice on Amazon.com, and powers Internet communications for the Defense Department and other federal government agencies."
The WSJ wrote:
Investigators at the Commerce, Defense and Justice departments have opened their own probes into the company, and authorities could ban the sale of TP-Link routers in the US next year, according to people familiar with the matter. An office of the Commerce Department has subpoenaed TP-Link, some of the people said.
Action against the company would likely fall to the incoming Trump administration, which has signaled an aggressive approach to China.
Members of Congress recently urged Commerce Secretary Gina Raimondo to investigate TP-Link. "TP-Link's unusual degree of vulnerabilities and required compliance with PRC [People's Republic of China] law are in and of themselves disconcerting," said an August 2024 letter to Raimondo from the Republican and Democratic leaders of the House Select Committee on the Chinese Communist Party. "When combined with the PRC government's common use of SOHO routers like TP-Link to perpetrate extensive cyberattacks in the United States, it becomes significantly alarming."
The lawmakers' letter said that "TP-Link's products account for a substantial part of the US market for Wi-Fi routers and related devices," and that "TP-Link products are also found on US military bases, with the Army & Air Force Exchange and the Navy Exchange selling these devices to members of the military and their families."
Chinese hackers use botnet of TP-Link routers
Microsoft warned on October 31 that hackers working for the Chinese government are using a botnet of thousands of routers, cameras, and other Internet-connected devices for attacks on users of Microsoft's Azure cloud service. Microsoft said that "SOHO routers manufactured by TP-Link make up most of this network," referring to routers for small offices and home offices.
The WSJ said its sources allege that "TP-Link routers are routinely shipped to customers with security flaws, which the company often fails to address" and that "TP-Link doesn't engage with security researchers concerned about them." The article notes that "US officials haven't disclosed any evidence that TP-Link is a witting conduit for Chinese state-sponsored cyberattacks."
We contacted TP-Link today and will update this article if it provides a response. A TP-Link spokesperson told the WSJ that the company "welcome[s] any opportunities to engage with the US government to demonstrate that our security practices are fully in line with industry security standards, and to demonstrate our ongoing commitment to the US market, US consumers, and addressing US national security risks."
A March 2024 Hudson Institute policy memo by Michael O'Rielly, a former Federal Communications Commission member, said it remained "unclear how prevalent TP-Link's vulnerabilities are compared to other wireless routers—from China or elsewhere—as there is no definitive comparison or ranking of routers based on security." O'Rielly urged federal agencies to "keep track of TP-Link and other manufacturers' cybersecurity practices and ownership structure, including any ties to the Chinese government," but said "there is no evidence to suggest negligence or maliciousness with regard to past vulnerabilities or weaknesses in TP-Link's security."
New push against Chinese tech
TP-Link routers don't seem to be tied to an ongoing Chinese hack of US telecom networks, dubbed Salt Typhoon. But that attack increased government officials' urgency for taking action against Chinese technology companies. For example, the Biden administration is "moving to ban the few remaining operations of China Telecom," a telco that was mostly kicked out of the US in 2021, The New York Times reported on Monday.
The House Select Committee on the Chinese Communist Party letter pointed to another Chinese state-sponsored hacking group called Volt Typhoon. "Volt Typhoon and other PRC APT [Advanced Persistent Threat] groups are able to threaten US critical infrastructure in large part because of their ability to compromise SOHO routers like those manufactured by TP-Link," the letter said.
In May 2023, Check Point Research said its research into another Chinese state-sponsored APT group "uncovered a malicious firmware implant tailored for TP-Link routers." TP-Link routers aren't the only targets of these kinds of attacks. In January 2024, the FBI used surreptitious commands to remove malware from hundreds of routers, mainly Cisco and Netgear devices that had been infected by Chinese state-sponsored attackers.
TP-Link prices under scrutiny
One of the newly reported US government investigations into TP-Link apparently concerns the company's low prices. "The Justice Department is investigating whether the price discrepancies violate a federal law that prohibits attempts at monopolies by selling products for less than they cost to make, according to a person familiar with the matter," the WSJ wrote. The article paraphrased a TP-Link spokesperson as saying that "the company doesn't sell products below cost and is committed to compliance with US laws, including antimonopoly laws."
The WSJ article said that TP-Link has 64.9 percent of the US market for home and small-office routers, but said the figure came from "industry data" without specifying the source. The WSJ article also said that a "TP-Link spokeswoman disputed the industry data but said the company's market share has grown in the US."
TP-Link said in an April 2023 press release that it was "the No. 1 global provider of WLAN devices" for 12 years in a row based on data from analyst firm IDC. A July 2022 press release said that TP-Link had a 17.8 percent global market share.
TP-Link ranked first in PCMag's Readers' Choice awards this year, topping all other router makers in various customer satisfaction measures, including reliability and cost/value. PCMag and RTINGS both chose certain TP-Link devices as being among the best budget choices.
