US considers banning TP-Link routers over cybersecurity risks

The U.S. government is considering banning TP-Link routers starting next year if ongoing investigations find that their use in cyberattacks poses a national security risk.

According to a Wall Street Journal report, the U.S. Departments of Justice, Commerce, and Defense are looking into the issue, with at least one Commerce Department office having already subpoenaed the company.

In recent years, TP-Link's market share has grown to approximately 65% of the U.S. market for SOHO routers (for homes and small business offices). This potentially artificial growth is powered by selling the devices for less than their manufacturing price, which the DOJ is also investigating.

Over 300 U.S. internet service providers are now issuing TP-Link devices as the default internet router for home users. The WSJ said that TP-Link routers are also present on the networks of multiple government agencies, including the Defense Department, NASA, and DEA.

"We welcome any opportunities to engage with the U.S. government to demonstrate that our security practices are fully in line with industry security standards, and to demonstrate our ongoing commitment to the U.S. market, U.S. consumers, and addressing U.S. national security risks," a spokesperson for TP-Link's U.S. subsidiary told the WSJ.

TP-Link router botnet used in password spray attacks

The investigation comes after a Microsoft report revealed in October that a botnet of hacked SOHO routers—tracked as Quad7, CovertNetwork-1658, or xlogin and operated by Chinese threat actors—is mainly made from TP-Link devices.

"Microsoft tracks a network of compromised small office and home office (SOHO) routers as CovertNetwork-1658. SOHO routers manufactured by TP-Link make up most of this network," the company said.

"Microsoft assesses that multiple Chinese threat actors use the credentials acquired from CovertNetwork-1658 password spray operations to perform computer network exploitation (CNE) activities."

On Monday, the New York Times also reported that the Biden administration will ban China Telecom's last active U.S. operations in response to Chinese state hackers breaching multiple U.S. telecom carriers. The Federal Communications Commission (FCC) revoked China Telecom Americas' license in January 2022 over "significant national security concerns."

In November 2022, the FCC also banned sales of communications equipment made by five other Chinese companies (i.e., Huawei Technologies, ZTE Corporation, Hytera Communications, Hangzhou Hikvision Digital Technology, and Dahua Technology) due to "unacceptable risks to national security."

In June 2020, the FCC formally designated Huawei and ZTE as national security threats to the integrity of U.S. communication networks.