US authorities are looking to ban sales of TP-Link internet routers in the country over concerns that the Chinese firm poses national security risks, according to a report by the Wall Street Journal.
The US Commerce, Defense and Justice departments are currently investigating the company and could ban sales of TP-Link routers in the country starting next year, WSJ said, citing people familiar with the matter.
The Justice Department is investigating whether TP-Link used monopolistic practices, including selling products below cost, to gain advantage in the US market.
Also on AF: Trump Planning to Clamp Down on Chinese EV Supply Chains
The company has also received a subpoena from an office of the Commerce Department, the report said.
Scrutiny on TP-Link comes at a time when American officials are investigating a sweeping ‘cyber-espionage’ campaign carried out by a Chinese hacking group dubbed Salt Typhoon, that authorities say has stolen huge amounts of data about US calls. Family members of US president-elect Donald Trump and officials from the Joe Biden administration were among those targeted.
The hackers infiltrated at least eight US telecom providers by compromising devices like routers and switches, officials say.
And US lawmakers — some of whom described the Salt Typhoon breach as ‘the largest telecommunications hack in the country’s history’ — are now demanding better security protocols.
TP-Link, meanwhile, has emerged as a dominant provider of routers in the US. According to the WSJ report, the Chinese company has grown its share of the US home and small-business routers market from 20% in the pre-pandemic era to a whopping 65% this year.
It gained another 5% share of the market in just the third quarter of this year, WSJ said.
TP-Link routers are also being used across US agencies, including NASA and the Defense Department, it said.
If a ban on TP-Link devices is imposed, it “would create upheaval in the router market”, it noted, adding that it would be the largest extraction of Chinese telecom equipment from the country since Trump, in his first term, ordered the removal of equipment from China’s Huawei Technologies from US infrastructure.
Known vulnerabilities
Concern around TP-Link’s devices were also voiced in August this year in the US, when two lawmakers called on the Biden administration to probe whether the company and its affiliates pose any national security risks.
The lawmakers cited known vulnerabilities in TP-Link firmware and instances of its routers being exploited to target government officials in European countries.
Last year, the US Cybersecurity and Infrastructure Agency also said TP-Link routers had a vulnerability that could be exploited to execute remote code.
Around the same time, US security company Check Point reported that hackers linked to a Chinese state-sponsored group used a malicious firmware implant for TP-Link to target European foreign affairs officials.
Furthermore, in October, US tech giant Microsoft said in a security analysis that a Chinese hacking group was using compromised routers — most of which belonged to TP-Link — to steal credentials from its customers.
The hackers particularly target, “organisations in North America and Europe, including think tanks, government organisations, non-governmental organisations, law firms, defence industrial base, and others,” Microsoft said.
Down to Trump
Despite those concerns, however, the world’s biggest seller of routers, has done little to address safety concerns.
TP-Link routers are routinely shipped to customers with security flaws, and the company largely does not address those, WSJ reported, citing people familiar with the matter.
The company also does not engage with security researchers that express concerns about those flaws, it added.
A TP-Link spokesperson told WSJ the company’s “security practices are fully in line with industry security standards”. The company has also taken steps to address known vulnerabilities, the spokesperson said.
Regardless, whether a ban on its sales in the US will be enforced will come down to the incoming Trump Administration. Trump has vowed a hardline approach on China and nominated known critics of Beijing to his cabinet.
In his first term he also took sweeping measures to rid critical US infrastructure of Chinese equipment.
The Commerce Department office currently reviewing TP-Link — the Office of Information and Communications Technology and Services — was also created during Trump’s first term.
- Vishakha Saxena
Also read:
China Hackers Accessed US Court Wiretap Networks: WSJ
China Behind Online US Election Propaganda Campaign: Researchers
Chinese Hackers Targeted Russian State Networks, IT Firms – BC
Chinese Hackers Behind Malicious Cyber Operations: Australia
US Cleared Chinese Hackers From Pacific Computer Systems
China is Using AI to Ramp up Espionage, US Says – WSJ
China Facing a WikiLeaks-Style Crisis From Hacking Firm’s Data
Amid Tariff Tiff, Trump ‘Invites China’s Xi to Inauguration’
