The Government May Ban TP-Link Routers This Year. How Worried Should You Be?

TP-Link makes some of the most popular routers in the country, but they may not be available in the US for a long time.

Investigators at the Departments of Commerce, Defense and Justice both have opened investigations to a company involved in Chinese cyberattacks. These departments are trying to stop the sale of TP-Link routers, according to a Wall Street Journal article published last week.

TP-Link has grown significantly in the US router market since the pandemic. According to the Journal report, it grew from 20% of all router sales in 2019 to about 65% this year. TP-Link disputed these numbers to CNET, and a separate analysis by IT platform Lansweeper found that. 12% of home routers in the US it is TP-Link.

Although there have been some well-known cyberattacks involving TP-Link routers, the ban itself may have more of an impact on the company’s relationship with China than the security issues that have been made public, according to cybersecurity researchers I spoke with.

“People expect there to be a smoking gun or something in these devices from Chinese manufacturers, and what you get is the same problem with any device. It’s not as if Chinese devices are not safe,” said Thomas Pace, CEO of cybersecurity firm NetRise and who he was previously a defense contractor for the Department of Energy, he told CNET. “The danger is not there. Risk is present in all Chinese companies. “

TP-Link was founded in 1996 by brothers Zhao Jianjun and Zhao Jiaxing in Shenzhen, China. In October, it moved its headquarters to Irvine, California, two months after the House announced an investigation into the company. The company told CNET that it already operates two headquarters, in Singapore and Irvine.

In discussions with TP-Link representatives over the past few weeks, they have repeatedly distanced themselves from China.

“TP-Link has secure, integrated and US-managed solutions,” a TP-Link representative told CNET. “Almost everything sold in the United States is made in Vietnam.”

Despite this, the US government seems to view TP-Link as a Chinese corporation. In August, the Chinese Communist Party’s House Select Committee recommended an investigation into the company.

“TP-Link’s unusual insecurity and compliance with (Chinese) laws is troubling,” the councilors wrote. “When combined with the (Chinese) government’s use of (home offices) like TP-Link to carry out numerous attacks in the United States, it becomes alarming.”

Asked for comment, a TP-Link representative told CNET, “Like many consumer electronics brands, TP-Link Systems routers have been identified as susceptible to hacking. However, there is no evidence that our products are any more dangerous than other brands.”

CNET has several TP-Link models on our list of the best Wi-Fi routers and we will look at this issue carefully to see if we need to review those decisions. While our review of the hardware remains unchanged, we’re putting our opinions on TP-Link routers on hold until we learn more.

The ban has more to do with TP-Link’s ties to China than a well-known technology issue

The cybersecurity experts I spoke to all agreed that TP-Link had security flaws, as did all router companies. It is not known whether the government has discovered a new issue that could lead to a ban on the sale of TP-Link.

The Wall Street Journal article cited government procurement documents that show TP-Link routers purchased by agencies from the National Aeronautics and Space Administration to the Department of Defense and the Drug Enforcement Administration.

The potential ban comes at a time in Washington where there is growing bipartisan support for removing Chinese products from US telecoms. In an attack revealed in October dubbed Salt Storm, Chinese hackers they say they hacked the network of US internet providers like AT&T, Verizon and Lumen, which own CenturyLink and Quantum Fiber.

“Vulnerabilities in embedded devices are not limited to one manufacturer or country of origin,” said Sonu Shankar, chief product officer at Phosphorus Cybersecurity. “Gamers often exploit vulnerabilities in equipment from international vendors, including those sold by American manufacturers.”

Brendan Carr, Trump’s nominee to chair the Federal Communications Commission, said interview with CNBC that the recent information about the Salt Typhoon “made me want to smash my phone on its end.”

“In many ways, the horse is out of the barn at this point,” Carr said. “And we need all hands on deck to try to deal with this and manage this.”

TP-Link has not been linked to the threat of Salt Storm, but it shows the heat that is being threatened by China.

The government may realize that TP-Link is vulnerable, but we don’t know for sure

Several cybersecurity experts I spoke with believe that the intelligence agencies may have found something with TP-Link that blocks it.

“I think this comes from deep intelligence within the US government. Usually this happens before it goes public,” Guido Patanella, vice president of engineering at Lansweeper, told CNET.

“I think it’s not beyond politics,” Patanella added. “It can be a deliberate error or it can be from the firmware. This is usually a black box analysis and is often not shared, as happened to Huawei.”

In 2019, former President Donald Trump he gave a great command which banned US companies from using internet equipment from Huawei, another Chinese company that has faced criticism over national security concerns.

Pace, the head of NetRise, told me he thought there might be a “zero-day” vulnerability in TP-Link’s devices — a term that refers to a hidden bug that took zero days to fix — but he was quick to say there was no evidence to support that.

“But these claims are based on the facts that we know exist, which is the PRC (People’s Republic of China) is involved in every Chinese organization. And it is indisputable,” said Pace.

TP-Link is aware of the security flaws, as are all router companies

A TP-Link representative referred us to the Cybersecurity and Infrastructure Security Agency’s list. Common Damage Used. TP-Link has two of these events listed, compared to eight for Netgear and 20 for D-Link; Some popular router brands such as Asus, Linksys and Eero do not.

In this regard, TP-Link is no exception, but this may not be useful at all levels.

“We have analyzed an incredible amount of TP-Link firmware. We find things, but we find things in everything,” said Thomas Pace, CEO of the cybersecurity firm NetRise and is already a security contractor for the Department of Energy.

“The problem with the CISA KEV (list) is, if everything is on the list, how good is the list?” Pace added. “In fact, every communication tool in the world has at least one vulnerability to CISA KEV. It’s a big problem for which there are no good solutions.”

There have also been several cyber security reports that have singled out TP-Link in particular. The most famous came in October when Microsoft they released a lot on the password spraying attack was following for a year. In this type of attack, hackers use a single password to access multiple accounts.

Microsoft called the attack a “state threat” and said TP-Link was the manufacturer of many of the routers used.

In May 2023, Check Point Research also detected a firmware implant in TP-Link routers linked to a hacking group supported by the Chinese government. In this case, the campaign was aimed at European foreign organizations. However, the researchers confirmed that the scheme was written in a “firmware-agnostic” way and was not designed to use TP-Link specifically.

“Although our analysis focuses on its presence in the updated firmware of TP-Link, previous events show that similar implants and backdoors were used in devices from different manufacturers, including the US,” Itay Cohen, one of the authors of the Check Point Research report. , told CNET.

“The bottom line is that this deployment isn’t just targeting one brand — it’s part of a larger strategy to address the threat of cyber threats.”

Cohen said he doesn’t believe TP-Link’s ban will improve security. As I heard from other researchers, the security issues that have been identified are not unique to one company.

“The risks and dangers associated with routers are very specific and apply to a variety of products, including those made in the US,” said Cohen. “We do not believe that the implant we found was identified by TP-Link or was intentionally placed as a backdoor to their products.”

Is it safe to use a TP-Link router?

There are real risks associated with using a TP-Link router, but some level of risk exists no matter what type of router you use. In most cases, cyberattacks tied to Chinese actors have targeted think tanks, government agencies, non-governmental organizations and Defense Department agents, according to the Journal report.

“I don’t think the general public is going to have a big target on their back,” Pace told CNET. “They like to follow what they want to do.”

That said, these types of attacks are often indiscriminate, with the goal of creating more nodes between infected routers and hackers.

“This means that users are always at risk of being targeted as part of a larger threat, even if they are not being targeted individually,” said Cohen, a researcher at Check Point Security.

How to protect yourself if you have a TP-Link router

To keep your network secure, you should follow the same steps whether you have a TP-Link router or any other brand. Here’s what experts recommend:

• Update your firmware: One of the most common ways hackers access your network is with outdated firmware. TP-Link told us that customers with TP-Link Cloud accounts can simply click the “Check for Updates” button in the product firmware list when logging into the TP-Link app or website. You can also find the latest updates in TP-Link’s download center.
• Strengthen your reputation: If you haven’t changed the access profile on your router, now is the time to do so. Weak passwords are the cause of common attacks. “Tools that use weak or weak passwords are easy to do,” Cohen told CNET. “Strong or simple passwords can be brute force or guessed.” Most routers have software that allows you to change your login credentials there, but you can also type your router’s IP address into the URL. These credentials are separate from your Wi-Fi name and password, which must also be changed every six months. The longer and more consistent the password, the better.
• Consider using a VPN service: For added security, a private network blocks your internet traffic and prevents your internet service provider (or anyone else) from tracking the websites or apps you’re using. You can find CNET’s selection of best VPN services here.