The Government May Ban TP-Link Routers This Year. How Worried Should You Be?
TP-Link makes some of the most popular routers in the country, but they probably won’t be available in the U.S. for much longer.
Investigators from the Departments of Commerce, Defense, and Justice All probes open Get into companies linked to Chinese cyberattacks. The departments are considering a possible ban on sales of TP-Link routers, according to a report Wall Street Journal Article Released last week.
Since the pandemic, TP-Link has grown in dominance of the U.S. router market. According to the Wall Street Journal, its share of total router sales has grown from 20% in 2019 to about 65% this year. TP-Link disputes these numbers from CNET, and a separate analysis by IT platform Lansweeper found: 12% of home routers In the US it’s TP-Link.
Although there have been high-profile cyberattacks involving TP-Link routers, this potential ban is more about the company’s ties to China than has been publicly identified, according to cybersecurity researchers I spoke with specific security issues.
“People expect there’s some smoking gun or something in these devices from Chinese manufacturers, but you end up finding out that every device has the exact same problem,” said Thomas, CEO of cybersecurity company NetRise and a former security contractor for the Department of Energy. Thomas Pace told CNET that the Chinese equipment is not obviously unsafe: “It’s not a risk. Risks are built into the corporate structure of every Chinese company. “
TP-Link was founded in 1996 in Shenzhen, China by brothers Zhao Jianjun and Zhao Jiaxing. In October, two months after the House announced an investigation into the company, the company moved its headquarters to Irvine, California. The company told CNET it previously had two headquarters in Singapore and Irvine.
Look at this: The Best Wi-Fi Routers of 2024: Buying Guide
In my conversations with TP-Link representatives over the past few weeks, they have repeatedly distanced themselves from their relationship with China.
“TP-Link has a secure, vertically integrated U.S.-based international supply chain,” a TP-Link representative told CNET. “Nearly all products sold in the U.S. are manufactured in Vietnam.”
Even so, the U.S. government appears to view TP-Link as a Chinese entity. In August, the House Select Committee on Chinese Communist Party urged an investigation into the company.
“TP-Link’s unusually serious vulnerability and the need to comply with (Chinese) law are troubling in themselves,” legislators wrote. “When combined with the (Chinese) government’s widespread use of (home office) routers like TP-Link to conduct widespread cyberattacks in the United States, this becomes very alarming.”
Asked for comment, a TP-Link representative told CNET: “Like many consumer electronics brands, TP-Link Systems’ routers have been identified as potential targets for hackers. However, there is no evidence that our products are any more Branded products are more vulnerable.”
CNET has several TP-Link models in our list The best Wi-Fi routers And will be watching this story closely to see if we need to re-evaluate these options. While our evaluation of the hardware hasn’t changed, we’re suspending our recommendation for TP-Link routers until we know more.
The ban is more about TP-Link’s relationship with China than known technical issues
Cybersecurity experts I spoke with all agree that TP-Link has security flaws, but so do all router companies. It is unclear whether the government has discovered new problems that could lead to a sales ban on TP-Link.
The Wall Street Journal article cited federal contract documents showing that TP-Link routers were purchased by agencies including NASA, the Department of Defense, and the Drug Enforcement Administration.
The potential ban comes amid growing bipartisan support in Washington for extracting Chinese products from the U.S. telecommunications industry. In an attack revealed in October called Salt Typhoon, Chinese hackers Reportedly broke into the network US internet providers such as AT&T, Verizon and Lumen (which owns CenturyLink and Quantum Fiber).
“Vulnerabilities in embedded devices are not unique to any one manufacturer or country of origin,” said Sonu Shankar, chief product officer at Phosphorus Cybersecurity. “Nation-state actors often exploit vulnerabilities in equipment from vendors around the world, including the U.S. Devices sold by manufacturers.”
Brendan Carr, Trump’s nominee for FCC chair Interviewed by CNBC Recent intelligence briefings on the onslaught of Typhoon Yan “made me want to smash my phone by the end.”
“In many ways, the horse is out of the barn at this point,” Carr said. “We need everyone to come together to try to address and control this problem.”
TP-Link has not yet been linked to the Typhoon Yan attack, but it does show the current temperature of the perceived threat from China.
The government may have discovered the TP-Link vulnerability, but we don’t know for sure
Several cybersecurity experts I spoke to believe that intelligence agencies may have discovered something in TP-Link worth banning.
“I think this comes from deeper intelligence within the U.S. government. Typically this happens before the information becomes public,” Guido Patanella, senior vice president of engineering at Lansweeper, told CNET.
“I think this goes beyond politics,” Patanella added. “This could be a deliberately set hardware flaw, or it could be from a firmware perspective. This is typically a black box analysis and is typically not shared, as is the case with Huawei.”
In 2019, then-President Donald Trump issue executive order The bill effectively bans U.S. companies from using network equipment from Huawei, another Chinese company that has been criticized for national security concerns.
NetRise CEO Pace told me he believes there may be a “zero-day” vulnerability in TP-Link devices — a term that refers to a hidden flaw that requires zero days to fix it — but he’s quick to point out that there isn’t The evidence supports this.
“But at least this statement is based on some reality that we know is that the People’s Republic of China is involved in every Chinese company. That’s undeniable,” Pace said.
TP-Link has known security vulnerabilities, as do all router companies
TP-Link representative walks us through the list of Cybersecurity and Infrastructure Security Agency Known exploited vulnerabilities. TP-Link recorded two of these incidents, while Netgear and D-Link had eight and 20 respectively; other popular router brands such as Asus, Linksys and Eero had none.
By this measure, the TP-Link is not exceptional in either respect, but that may not be a measure of it.
“We analyzed an incredible amount of TP-Link firmware,” said Thomas Pace, CEO of cybersecurity firm NetRise and a former security contractor for the Department of Energy. “We found something, and we found it in everything. thing.”
“The question with the CISA KEV (list) is, if everything is on the list, how good is the list?” Pace added. “Basically every telecommunications device on the planet has at least one vulnerability in CISA KEV. It’s a big question that doesn’t have a good answer yet.”
There have also been several cybersecurity reports specifically targeting TP-Link. The most notable one came in October, when Microsoft Announce details It has been tracking password spray attacks for more than a year. In this type of attack, hackers use a common password to access multiple accounts.
Microsoft called the attack a “nation-state threat actor campaign” and said most of the routers used were made of TP-Link.
In May 2023, Check Point Research also Firmware implant identified in TP-Link routers linked to Chinese state-sponsored hacking groups. In this case, the campaign targeted European diplomatic entities. Nonetheless, the researchers emphasized that the attack was written in a “firmware-agnostic manner” and was not specifically designed to exploit TP-Link.
“While our analysis focused on the vulnerability in modified TP-Link firmware, previous incidents have shown similar implants and backdoors,” said Itay Cohen, one of the authors of the Check Point research report. has been used on devices from different manufacturers, including American ones,” told CNET.
“The broader implication is that this placement was not targeted at a specific brand but was part of a larger strategy to exploit systemic vulnerabilities in the internet’s infrastructure.”
Cohen said he didn’t think the TP-Link ban would significantly improve safety. As I’ve heard from other researchers, the security issues discovered are not unique to any one company.
“The vulnerabilities and risks associated with routers are largely systemic and apply to multiple brands, including those made in the United States,” Cohen said. “We do not believe that TP-Link was aware of the implant we discovered, nor that The implant is not believed to have been intentionally inserted as a backdoor into its products.”
Is it safe to use TP-Link router?
There are real risks with using a TP-Link router, but no matter what brand of router you use, there is always some level of risk. Overall, cyberattacks linked to Chinese actors have targeted think tanks, government organizations, non-governmental organizations and Department of Defense vendors, according to the Wall Street Journal.
“I don’t think the average person is burdened with such a huge goal,” Pace told CNET. “They tend to pursue what they want to pursue.”
That said, such attacks are often indiscriminate and aim to create a chain of nodes between a compromised router and the hacker.
“This means that ordinary users have the potential to be part of a broader attack campaign, even if they are not individually targeted,” said Check Point security researcher Cohen.
How to protect yourself if you own a TP-Link router
To ensure your network is secure, you should follow the same steps whether you have a TP-Link router or any other brand. Here’s what experts recommend:
- Keep firmware updated: One of the most common ways hackers gain access to your network is through outdated firmware. TP-Link tells us that customers with a TP-Link Cloud account can simply click the “Check for Updates” button in their product’s firmware menu when logged into the TP-Link app or website. You can also find the latest updates in TP-Link Download Center.
- Strengthen your credentials: If you have never changed the default login credentials on your router, now is the time to do so. Weak passwords are the cause of many common attacks. “Devices with default or weak passwords are easy targets,” Cohen told CNET. “Default or simple passwords can be easily brute-forced or guessed.” Most routers have an app that lets you update from there Login credentials, but you can also enter the router’s IP address in the URL. These credentials are separate from your Wi-Fi name and password, which should also be changed every six months or so. The longer and more random the password, the better.
- Consider using a VPN service: For an added layer of protection, a virtual private network will encrypt all of your internet traffic and prevent your internet provider (or anyone else) from tracking the websites or apps you’re using. You can find CNET’s picks The best VPN services are here.
