Share this article on:
Two members of the House Select Committee on China have raised concerns over router maker TP-Link’s “unusual degree of vulnerabilities and required compliance with PRC law”.
A pair of US lawmakers from either side of the aisle have written a joint letter to the secretary of the Department of Commerce over concerns regarding possible links between popular router maker TP-Link and the government of the People’s Republic of China.
Republican representative John Moolenaar and Democrat representative Raja Krishnamoorthi – the chairman and a ranking member respectively of the House select committee on China – said that as the “world’s largest provider of Wi-Fi products” made all its products in China and with Chinese parts, the pair had concerns that state-sponsored hackers would be more easily able to compromise TP-Link products.
“Moreover, TP-Link is subject to draconian ‘national security’ laws in the PRC and can be forced to hand over sensitive US information by Chinese intelligence officials,” the letter, dated 13 August, said.
“Alarmingly, just last year, security researchers found that PRC cyber military forces used TP-Link routers as part of a hacking campaign that targeted government officials in European countries.”
The latter statement refers to a May 2023 report by Check Point that uncovered “a malicious firmware implant created for TP-Link routers containing various harmful components, including a customised backdoor” and used by a Chinese state-sponsored threat actor.
The letter goes on to ask Commerce Secretary Gina Raimondo to consider using the department’s ICT supply chain powers if the investigation reveals any concerns.
“Given the PRC’s data and national security laws, the proliferation of PRC-made SOHO routers in the United States, and the demonstrated willingness of the PRC government to sponsor hacking campaigns using PRC-affiliated SOHO routers like those made by TP-Link, we request that Commerce verify the threat posed by PRC-affiliated SOHO routers – particularly those offered by the world’s largest manufacturer, TP-Link – and consider using its ICTS authorities to properly mitigate this glaring national security issue,” the two lawmakers said.
Moolenaar and Krishnamoorthi asked that Raimondo respond before 30 August with her findings.
According to Reuters, the Chinese embassy is hopeful that US authorities “have enough evidence when identifying cyber-related incidents, rather than make groundless speculations and allegations”.
Cyber Daily has reached out to TP-Link for comment.
Shadow Minister for Home Affairs and Cyber Security, Senator James Paterson, feels Home Affairs should be following suit here in Australia.
“Examining the risk posed by TP-Link routers should be one of the first tasks of the new technology foreign interference taskforce at the Department of Home Affairs. Technology providers from authoritarian nations represent serious cyber and national security risks to Australia, especially when their hardware or software is prevalent in government, critical infrastructure and across the economy," Senator Paterson told Cyber Daily.
"When intelligence agencies warn us Chinese state-backed actors are probing vulnerabilities in our networks to weaponise against us in the future constant vigilance is required with high-risk vendors.”
UPDATED 19/08/24 to add commentary from Senator Paterson.
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.