US lawmakers urge probe of WiFi router maker TP-Link over fears of Chinese cyber attacks

House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party holds hearing on Capitol Hill in Washington
FILE PHOTO: Ranking Member U.S. Representative Raja Krishnamoorthi (D-IL) questions former U.S. Secretary of State Mike Pompeo, and former CIA director and former U.S. Defense Secretary Leon Panetta, before the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party, on Capitol Hill, in Washington, U.S., January 30, 2024. REUTERS/Nathan Howard/File Photo

US lawmakers urge probe of WiFi router maker TP-Link over fears of Chinese cyber attacks

By Alexandra Alper

Two U.S. lawmakers want the Biden administration to probe China's TP-Link Technology Co and its affiliates for potential national security risks from their widely used WiFi routers over fears they could be used in cyber attacks against the U.S.

Republican Representative John Moolenaar and Democratic Representative Raja Krishnamoorthi, who lead the House Select Committee on China, requested a Commerce Department probe in a Tuesday letter seen by Reuters.

According to research firm IDC, TP-Link, which focuses on the consumer market, is the top seller of WiFi routers internationally by unit volume.

In calling for an investigation, the U.S. legislators cited known vulnerabilities in TP-Link firmware and instances of its routers being exploited to target government officials in European countries.

"...We request that Commerce verify the threat posed by (China-affiliated small office/home office) routers —particularly those offered by the world's largest manufacturer, TP-Link," according to the letter to Commerce Secretary Gina Raimondo.

They called it a "glaring national security issue."

The Commerce Department said it would respond to the letter through appropriate channels. The Chinese Embassy said it hopes authorities will "have enough evidence when identifying cyber-related incidents, rather than make groundless speculations and allegations."

TP-Link, founded in China in 1996 by two brothers and based in Shenzhen, said in a statement that the company does not sell any router products in the United States and that its routers do not have cybersecurity vulnerabilities.

The letter is a sign of mounting concerns that Beijing could exploit Chinese-origin routers and other equipment in cyber attacks on American governments and businesses.

The U.S., its allies and Microsoft last year disclosed a Chinese government-linked hacking campaign dubbed Volt Typhoon. By taking control of privately owned routers, the attackers sought to hide subsequent attacks on American critical infrastructure.

The vast majority of affected routers, however, appeared to be from Cisco and NetGear, the Justice Department said in January.

Last year, the U.S. Cybersecurity and Infrastructure Agency said TP-Link routers had a vulnerability that could be exploited to execute remote code.

Around the same time, U.S. security company Check Point reported that hackers linked to a Chinese state-sponsored group used a malicious firmware implant for TP-Link to target European foreign affairs officials.

The Commerce Department has broad powers to ban or restrict transactions between U.S. firms and internet, telecom and tech companies from "foreign adversary" nations like China, Russia, Cuba, Iran, North Korea and Venezuela if their products pose a national security risk.

This article was produced by Reuters news agency. It has not been edited by Global South World.

You may be interested in

/
/
/
/
/
/
/