U.S. government officials express growing concerns that China could exploit TP-Link routers to threaten American infrastructure and military readiness. As one of the top-selling brands on Amazon, TP-Link dominates the U.S. router market with a 65% share, according to congressional data. In response to these security fears, Representatives Raja Krishnamoorthi (D-IL) and John Moolenaar (R-MI) urged the U.S. Department of Commerce last summer to consider banning these routers.
The letter from Krishnamoorthi and Moolenaar points out the Chinese government's history of sponsoring cyberattacks using PRC-affiliated small office/home office (SOHO) routers. The representatives emphasized the potential risks, stating, "When combined with the PRC government's everyday use of SOHO [small office/home office] routers like TP-Link to perpetrate extensive cyberattacks in the United States, it becomes significantly alarming."
TP-Link Systems has expanded its presence in the U.S., establishing a new headquarters in Irvine, California, and operating in the state since 2023. The company insists it operates as a separate entity with different ownership, with most U.S.-market routers manufactured in Vietnam. However, experts remain concerned about potential exploitations.
Matt Radolec, vice president of incident response and cloud operations at Varonis, supports a ban on certain manufacturers' routers for security reasons. He stated, "Banning routers from certain manufacturers is a sound security decision," emphasizing the potential risk to personal data despite improved internet speeds.
The Select Committee on the Chinese Communist Party also voiced alarm, suggesting an espionage risk due to TP-Link's alleged ties to the Chinese government. A spokesman for the committee remarked, "Because of this, we hope to see TP-link routers banned in the coming year, coupled with programs to replace existing Chinese routers with safe American alternatives."
Despite these allegations, TP-Link denies any cybersecurity vulnerabilities in its products and asserts its cooperation with the U.S. government to demonstrate their safety and security. The company insists it is independently owned and that its operations are distinct from Chinese influence.
Rep. Krishnamoorthi expressed his concerns regarding U.S. purchases of these routers: "It just doesn't make sense for the U.S government to be buying the routers." His apprehensions extend to personal use as well: "I would not buy a TP-Link router, and I would not have that in my home."
Guy Segal, vice president of corporate development at Sygnia, underscores the security implications of TP-Link's widespread presence. "The pervasiveness of this technology and the potential risks associated with it do present security concerns for users that should be taken seriously," Segal noted.
Implementing a ban on TP-Link routers would require careful strategizing due to their ubiquity. Segal suggests a phased approach to minimize disruption while enhancing national security.
This situation echoes past actions taken by the U.S. government against Chinese tech companies. In 2020, companies were mandated to eliminate Huawei equipment, deemed a national security threat.