As TikTok faces intense scrutiny over Chinese influence in U.S. technology, another potential security threat has emerged: TP-Link, one of Amazon’s leading routers, is raising alarm bells among lawmakers and cybersecurity experts.
Representatives Raja Krishnamoorthi (D-IL) and John Moolenaar (R-MI) have spearheaded efforts to investigate the company, highlighting concerns about potential vulnerabilities that could be exploited by China.
Their letter to the U.S. Department of Commerce, first reported by the Wall Street Journal, pointed to “unusual vulnerabilities” and the company’s required compliance with PRC law as particularly worrying factors.
The scope of the potential risk is significant. According to data cited by Krishnamoorthi, TP-Link commands a 65% share of the U.S. router market.
TP-Link Routers Under Scrutiny
The company’s strategy mirrors China’s approach to other technology: mass production, export surplus at competitive prices, and potential exploitation for backdoor access or disruption.
“I am not aware of any plans to get them out,” Krishnamoorthi stated, drawing parallels to the government’s “rip and replace” initiative with Huawei equipment, which was deemed a national security threat in 2020. The congressman emphasized that he “would not buy a TP-Link router, and I would not have that in my home.”
The concerns extend beyond federal infrastructure to state and local utilities, as well as individual households. The routers have been linked to hacks targeting European officials and the Typhoon Volt attacks, raising questions about data security.
Personal information, including browsing history and family and employer details, could be at risk.
TP-Link’s corporate structure has added complexity to the situation. TP-Link Technologies has denied selling router products in the U.S. or having cybersecurity vulnerabilities. Meanwhile, TP-Link Systems, which recently established headquarters in Irvine, California, maintains it is a separate entity with different ownership, producing most U.S. market routers in Vietnam.
Cybersecurity experts emphasize the gravity of the situation. Guy Segal, vice president of corporate development at Sygnia, notes the widespread presence of TP-Link routers in government institutions, including defense organizations. “The pervasiveness of this technology and the potential risks associated with it do present security concerns for users that should be taken seriously, whether at the consumer level or a national security consideration for government entities,” he said.
Debate Heats Up Over Potential Ban on Chinese-Made
Matt Radolec, vice president of incident response and cloud operations at Varonis, points to unencrypted communication as a fundamental issue.
“All unencrypted communications on these routers could be compromised, which is worrisome because intra-network communication is often unencrypted for performance’s sake. You’ll get faster internet speeds, but you could be risking your personal data,” he explained.
The path forward remains unclear, though experts suggest any ban would likely begin with federal and defense sectors due to implementation challenges in the consumer market.
A spokesman for the majority of the Select Committee on the Chinese Communist Party expressed hope for a ban in the coming year, coupled with programs to replace existing Chinese routers with American alternatives.
As the debate continues, TP-Link Systems has expressed willingness to engage with the federal government to demonstrate its security practices and commitment to the American market. However, with multiple versions of TP-Link routers still available on Amazon, including a “best seller” model at $71, consumers face decisions about their network security while lawmakers grapple with potential regulatory responses.
