In a letter on Tuesday, Republican Representative John Moolenaar and Democratic Representative Raja Krishnamoorthi, who lead the House Select Committee on China, requested a Commerce Department probe on the world’s highest selling Wi-Fi router, TP-Link. The U.S. lawmakers claim TP-Link and its affiliates could be used in potential cyber-attacks against the U.S.
“We request that Commerce verify the threat posed by (China-affiliated small office/home office) routers —particularly those offered by the world’s largest manufacturer, TP-Link,” according to the letter to Commerce Secretary Gina Raimondo.
According to the International Data Corporation (IDC), TP-Link has been the number one global provider of WLAN devices since the year 2010. Media report state that the main concerns are over known security flaws in the widely used TP-Link’s router firmware and reports of exploited devices used to target European government officials.
READ: Best Wi-Fi Extenders 2024
The Commerce Department has acknowledged receipt of the letter and will provide a formal response. China has already given a statement and dismissed the claims. Further, the country called for the need for concrete evidence in cyber investigations.
This letter highlights intensifying concerns in the US that routers and other equipment manufactured in China, like TP-Link products, could be weaponized by Beijing in cyberattacks against American entities. Last year in May, cybersecurity firm Checkpoint discovered a Chinese APT designed to exploit TP-Link router firmware via implant. The malware was identified as the work of the Chinese APT group “Camaro Dragon”. It could be deployed on routers from different vendors, demonstrating its versatility.
Possible TP-Link Ban
Its still early days on the probe. However, any action on TP-Link may yet be disruptive especially in the wireless internet sector. However, its not a new story. In recent years, US government actions have led to the removal of Huawei and ZTE equipment from US networks. These exclusionary laws stemmed from national security fears, and have created significant challenges for service providers.
READ: Mucheru Tasks ATU to Probe Alleged Security Risks on Huawei and ZTE Equipment
USA passed the Secure and Trusted Communications Networks Act in 2019. The law gives executive branch agencies power to designate communications equipment or services that are deemed a threat to US national security or the American people. This includes equipment that routes or redirects user traffic or causes the provider networks to be remotely controlled.
Entities designated as national security risks are prohibited from obtaining the Federal Communications Commission (FCC) approval for their equipment, effectively barring their products from the US market.