The House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party [3] [7], led by Representatives John Moolenaar and Raja Krishnamoorthi [4] [5], has raised concerns about the security risks associated with Chinese-made WiFi routers [7], particularly those produced by TP-Link Technologies.

Description

They have called for an investigation into TP-Link over national security risks [1], citing instances of device vulnerabilities being exploited for espionage [1]. TP-Link routers have been linked to state-sponsored hacking campaigns, prompting worries about potential hacking and espionage threats. Lawmakers have highlighted the possibility of state-sponsored hackers exploiting these routers to infiltrate US systems, given TP-Link’s manufacturing in China and its compliance with Chinese national security laws [2]. Microsoft and US allies have released intelligence suggesting China may use WiFi routers for clandestine attacks on US critical infrastructure [1]. Recent incidents involving Chinese state-sponsored advanced persistent threat (APT) groups using TP-Link routers in hacking campaigns have further heightened concerns [2]. The FBI has taken action to disrupt infected routers, and Congressmen have called for a threat assessment and mitigation plan from the US Department of Commerce by a specified deadline [2]. The Chinese Embassy has urged US authorities to provide evidence rather than making baseless allegations [1]. The US Cybersecurity and Infrastructure Agency has identified potential vulnerabilities in TP-Link routers that could be exploited for remote code execution [1]. Check Point has found evidence of a Chinese state-sponsored cyber group spying on European officials using TP-Link routers loaded with malware [1]. Top lawmakers on the House Select Committee are urging the Commerce Department to investigate TP-Link Technologies, a Chinese company that manufactures WiFi routers widely used in the United States [3]. The legislators are concerned about potential national security risks posed by the company [3], citing vulnerabilities in TP-Link routers and the Chinese government’s history of cyberattacks using similar devices [3]. TP-Link is the largest global provider of WiFi technology [3], selling over 160 million products annually in more than 170 countries [3], including the United States [3] [5] [6] [7]. Concerns are mounting that Beijing could exploit Chinese-origin routers in cyberattacks on US governments and businesses [4]. The US Department of Commerce has the power to ban or restrict transactions with tech companies from “foreign adversary” nations if their products pose a national security risk [4]. The US House Select Committee on China Heads has urged the Commerce Department to investigate TP-Link [8], a major Chinese network equipment manufacturer [8], for potential national security risks related to cyberattacks [8]. This comes after reports of TP-Link firmware vulnerabilities being exploited by threat actors to compromise European government officials [8]. TP-Link has denied the presence of security flaws in its routers [8], while the Chinese Embassy has called for evidence to support the allegations [8]. This investigation follows recent cyberespionage operations targeting private routers [8], including those from NetGear and Cisco [8], to infiltrate US critical infrastructure [8]. Reps [5]. John Moolenaar and Raja Krishnamoorthi have urged the Biden administration to probe TP-Link Technology Co due to fears that its routers could become tools for cyber attacks [5], labeling it a “glaring national security issue.” They have requested that the Commerce Department verify the threats posed by TP-Link’s routers and expressed alarm over the company’s vulnerabilities and compliance with Chinese laws [5], linking it to extensive cyber attacks on the US [5].

Conclusion

The investigation into TP-Link Technologies highlights the potential national security risks posed by Chinese-made WiFi routers and the need for robust measures to mitigate these threats. The findings of this investigation could have significant implications for US cybersecurity and the protection of critical infrastructure from foreign adversaries.

References

[1] https://www.techradar.com/pro/us-lawmakers-urge-probe-into-tp-link-over-fears-of-possible-cyberattacks
[2] https://www.infosecurity-magazine.com/news/us-committee-investigation-tplink/
[3] https://cyberscoop.com/commerce-department-investigation-chinese-wifi-router-company/
[4] https://www.taipeitimes.com/News/biz/archives/2024/08/17/2003822341
[5] https://ground.news/article/us-lawmakers-urge-probe-of-wifi-router-maker-tp-link-over-fears-of-chinese-cyber-attacks
[6] https://www.manilatimes.net/2024/08/17/business/foreign-business/us-lawmakers-urge-probe-of-chinas-tp-link/1964578
[7] https://selectcommitteeontheccp.house.gov/media/press-releases/moolenaar-krishnamoorthi-call-investigation-chinese-wi-fi-routers-us
[8] https://www.msspalert.com/brief/u-s-probe-on-tp-link-sought-amid-chinese-cyberattack-concerns