The U.S. government is considering a potential ban on TP-Link routers following an investigation into their role in cyberattacks that may pose significant national security risks. Multiple federal departments, including Justice, Commerce, and Defense, scrutinize the company’s practices, with at least one subpoena reportedly issued by the Commerce Department.
TP-Link, a dominant player in the small and home office (SOHO) router market, currently holds approximately 65% of the U.S. market share. Its rapid growth is under examination, with investigators questioning whether the company’s practice of selling devices below manufacturing cost has fueled its market expansion. Over 300 U.S. internet service providers distribute TP-Link routers as default devices for home users, and these routers are also reportedly found within government networks, including those of the Department of Defense, NASA, and the Drug Enforcement Administration (DEA).
In a statement to The Wall Street Journal, a TP-Link spokesperson emphasized the company’s commitment to the U.S. market and its readiness to cooperate with government investigations to address national security concerns. “We welcome opportunities to demonstrate that our security practices align with industry standards and our commitment to the U.S. market and consumers,” the spokesperson noted.
Ban on TP-Link Routers: Botnet Exploitation and Cybersecurity Risks
The scrutiny of TP-Link routers intensified after Microsoft’s October report detailed a botnet, known as Quad7 or CovertNetwork-1658, predominantly comprising compromised TP-Link SOHO routers. Operated by Chinese threat actors, this botnet was reportedly used in widespread “password spray” attacks—a tactic that attempts to infiltrate multiple accounts using commonly used passwords. Microsoft stated that credentials stolen through these operations were exploited by Chinese entities for computer network exploitation (CNE) activities.
“Small office and home office routers manufactured by TP-Link form the bulk of this network,” Microsoft explained, highlighting the critical vulnerabilities within the devices. The findings underscore the potential risks posed by compromised routers, particularly as they provide a gateway for further cyberattacks targeting larger networks, including government systems.
This investigation coincides with broader U.S. efforts to mitigate cybersecurity threats linked to Chinese entities. On Monday, the New York Times reported that the Biden administration plans to ban China Telecom’s remaining operations in the U.S. after revelations of state-sponsored cyber breaches involving U.S. telecommunications providers.
A History of Security Crackdowns
The concerns surrounding TP-Link align with a pattern of heightened scrutiny on Chinese technology companies by U.S. authorities. In recent years, the Federal Communications Commission (FCC) has taken significant steps to protect national security. In January 2022, the FCC revoked the license of China Telecom Americas, citing “significant national security concerns.” Later that year, sales of equipment from five other Chinese companies, including Huawei, ZTE, and Dahua Technology, were banned due to “unacceptable risks” to U.S. networks.
This scrutiny dates back to June 2020, when the FCC officially designated Huawei and ZTE as threats to the integrity of U.S. communications infrastructure. The TP-Link investigation now represents the latest move in a broader strategy to safeguard American networks from potential vulnerabilities.
If the ongoing investigations confirm that Ban on TP-Link Routers are instrumental in cyberattacks, the company may face a ban in the U.S., further solidifying the government’s tough stance against technology that jeopardizes national security. The case underscores the growing importance of cybersecurity in an era of escalating digital threats, as well as the need for rigorous oversight of devices integral to critical infrastructure.
