Two U.S. lawmakers have urged the Commerce Department to investigate potential cybersecurity threats posed by Wi-Fi routers manufactured by the Chinese company TP-Link Technologies. In a recent letter to Commerce Secretary Gina Raimondo, Representatives John Moolenaar (R-MI) and Raja Krishnamoorthi (D-IL) expressed concerns about the “unusual degree of vulnerabilities” found in TP-Link’s routers. They requested that the department assess the security risks associated with these products and determine whether they should be restricted in the U.S., with a response expected by the end of August.
The lawmakers highlighted China’s stringent data protection laws and national security policies, which require companies like TP-Link to provide data to the Chinese government and comply with its security demands. This situation, they argue, raises significant concerns, particularly in light of recent cyber activities by the Chinese APT group Volt Typhoon. This group has been known to infiltrate home and office routers to launch further attacks on U.S. critical infrastructure.
In December 2023, the Justice Department dismantled a botnet created by Volt Typhoon, which involved hundreds of compromised NetGear and Cisco routers. Over the years, critical vulnerabilities in TP-Link routers have been exploited by hackers to launch subsequent attacks or to add the devices to botnets that disrupt websites with malicious traffic.
In May 2023, researchers from the cybersecurity firm Check Point linked cyberattacks on European foreign affairs entities to a Chinese state-sponsored group known as “Camaro Dragon.” The hackers reportedly used a firmware implant in TP-Link routers to control infected devices and access networks.
TP-Link has stated that it does not sell routers in the U.S. and claimed to have completed a global restructuring, resulting in TP-Link Corporation Group, headquartered in Irvine, California, and Singapore, and TP-Link Technologies Co., Ltd. in China, operating as separate entities.
U.S. national security agencies have long been concerned about China’s regulations requiring security researchers to report vulnerabilities to the government before making them public. While it has not been confirmed, there is ongoing debate about whether these rules have allowed Chinese government hackers to exploit these vulnerabilities before they are widely reported.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
