US Congressional Panel Urges Americans To Ditch China-made Routers (reuters.com)
- Reference: 0176629793
- News link: https://news.slashdot.org/story/25/03/06/1513201/us-congressional-panel-urges-americans-to-ditch-china-made-routers
- Source link: https://www.reuters.com/world/us/us-congressional-committee-china-urges-americans-ditch-tp-link-routers-2025-03-05/
> The House of Representatives Select Committee on China has pushed the Commerce Department to investigate China's TP-Link Technology Co, which according to research firm IDC is the top seller of WiFi routers internationally by unit volume. U.S. authorities are considering a ban on the sale of the company's routers, according to media reports.
>
> Rob Joyce, former director of cybersecurity at the National Security Agency, told Wednesday's committee hearing that TP-Link devices exposed individuals to cyber intrusion that hackers could use to gain leverage to attack critical infrastructure. "We need to all take action and replace those devices so they don't become the tools that are used in the attacks on the U.S.," Joyce said, adding that he understood the Commerce Department was considering a ban.
[1] https://www.reuters.com/world/us/us-congressional-committee-china-urges-americans-ditch-tp-link-routers-2025-03-05/
My chinese router runs OpenWRT (Score:3, Informative)
My cheap Chinese router runs OpenWRT, and I don't think Chinese state actors have managed to insert malicious code into that project given how thoroughly it is reviewed by its developers and the F/OSS community.
Re: My chinese router runs OpenWRT (Score:2)
Congress critter: oh... well... now I haven't though if that one. Arrest him he's a witch with his custom firmwares!
Re: My chinese router runs OpenWRT (Score:4, Informative)
This is all just more frustrating xenophobic economic protectionist bullshit from our legislators.
Essentially all routers with services exposed to WAN are containing security vulnerabilities.
Because none of the manufacturers are paying adequate attention to security issues.
Chinese manufacturers like TP-LINK are not in any way special.
A ban on one manufacturer does not solve the problem nor does it make people less hackable.
If you believe it is important that consumers have secure routers, then you need regulation of
IT security issues in consumer products.
Re: (Score:2)
What's special about TP-Link is that even their low end hardware runs the same OS as the high end gear. Some features might be disabled due to performance limitations, but for the most part you get all the "premium" features.
That annoys Western manufacturers who like to differentiate their product tiers by disabling features on the cheaper ones. Chinese cars often do the same thing.
Re: (Score:1)
TP Link specifically uses a remote service to manage access to the device. TP-Link has access to and can reset passwords on any device running their OS. That's alwasy weirded me out about their new stuff. Google/Nest has a similar deal. OpenWRT is a great option to have full function of your device.
Re: (Score:1)
Services exposed to the WAN are probably not a real concern.
It is the epic mountain of the software on all your other devices any of which could call home and be a C&C channel and be sending back any manor of data about your inside network. It is all encrypted and it is all going to Azure/AWS/GCP/Ali/etc IP blocks.
Your poor router has no ability to provide you any protection because there is nothing to make a decision on the traffic is opaque and the destination is cloudy and conflated with 100,000 leg
Re:My chinese router runs OpenWRT (Score:5, Informative)
Ninja'd! I came here to say the same thing. And one of the great things about OpenWRT is it runs on all kinds of stuff, including a TP-Link ac1750, which is a good, cheap, reliable option. My parent's house has used one since 2008 with repeaters. QoS FTW!
[1]https://openwrt.org/toh/start [openwrt.org]
[1] https://openwrt.org/toh/start
Re:My chinese router runs OpenWRT (Score:4, Insightful)
I'm all for OpenWRT, and only buy OpenWRT compatible devices.
> My cheap Chinese router runs OpenWRT, and I don't think Chinese state actors have managed to insert malicious code into that project
But beware that often OpenWRT doesn't/cannot (if in ROM) replace the bootloader, the code that runs first when the device is switched on (then hands over control to the OS).
Re: (Score:2)
Okay, what about the people using stock firmware?
buy American! (Score:2)
geeze, does Philco^W RCA even make routers?!!
Re: (Score:2)
I am pretty sure Tandy makes routers, right?
Re: (Score:2)
I checked with Crosley and Atwater Kent and neither make routers.
Re: (Score:2)
> I checked with Crosley and Atwater Kent and neither make routers.
Try Babcock & Wilcox...
Okay... which leaves _what_ exactly? (Score:4, Insightful)
Please, oh wise congressional panel, tell us which models on the market today _aren't_ at least partially made in China.
Re: (Score:2)
Seriously the only two routers I owned that I know that were not made in China were ones I assembled from spare, unused computers. Even then some of the parts were probably made in China.
Difference (Score:4, Interesting)
There is a difference between a Chinese company building routers and a Taiwanese or American company having routers assembled in China. That difference is that, by law, if a Chinese company finds a CVE in their router, they have to first disclose it to the Chinese state security agency. A Taiwanese or American company is under no such restriction, unless their programmers and primary operations are located in China.
And use what? (Score:1)
So what exactly are the average, non technical, user supposed to use?
What routers are not made in or by China?
I seem to recall an issue where Cisco equipment was getting extra chips installed during manufacturing that sent packets to other places.
Shouldn't we just harden out BGP and IP approve lists to prevent packet from going to specific regions if we want to improve security?
Re: (Score:2)
With the ability to run cloud based servers anywhere, exactly how are you going to determine if a packet is ultimately destined for China? Any information really important can be downloaded "locally" and go in a diplomatic pouch.
Re: (Score:2, Informative)
Use Cisco so you can get pwned by the NSA+FBI+CIA as Gov intended. There have been so many backdoors found in Cisco stuff - just look at the CVEs (e.g. undocumented hard coded credentials with no workaround other than update). Meanwhile I just hear mainly accusations vs the Huawei stuff, they don't link to the CVEs (or the CVEs aren't even Huawei stuff, or they look as much as backdoors as Microsoft's bugs).
So if you use Huawei they would find it more inconvenient to pwn you (maybe they'd have to burn some
Re: (Score:1)
Not that it is entirely free of Chinese chips but most RPi's are assembled in the UK, IIRC.
but yes, be Congress, CISA, NSA, NIST or whoever just keeping an ever lengthening list of names which might be re-branding something else anyway that people are supposed to stay away from is unhelpful.
They need of an affirmative list of recommended suppliers/equipment if they expect even a finite number of people to pay attention.
That said does this market even exist anymore? Sure every nerd has their own router but i
Great (Score:5, Insightful)
> A U.S. congressional committee has urged Americans to remove Chinese-made wireless routers from their homes, including those made by TP-Link, calling them a security threat that opened the door for China to hack U.S. critical infrastructure.
Oh good, let's go buy new shit immediately after kicking off economic chaos.
Re: (Score:2)
Except I think those new routers are made in China as most of them are, I suspect.
Yeah that is not happening soon (Score:2)
I do not know about you but the last two consumer routers I have purchased were made in China. Like other electronics, I suspect most of them are made in China. That advice is like asking Americans not to buy gasoline that is sourced from foreign crude oil.
Ditch China made routers? (Score:2)
Most hardware is China made. Our laptops, desktops, mobiles... the list is endless. Are they going to ask us to ditch all of it eventually? Do they have a contingency plan or are they just pulling this ribbon out of their rear? Who are these people in the US congressional committee and were they sleeping all these decades to suddenly ask us to do this?
Re: (Score:2)
He probably typed up that memo on his lenovo laptop.
Re: (Score:2)
The do not want to clean Chinese stuff out. They just want to make sure it is US companies you buy the Chinese stuff from.
Re: How about a trade in program (Score:2)
Their mesh router is cheap for the area coverage. Almost half the price of Netgear version.
How am I to know about Asus? (Score:2)
Should be Taiwanese, but seems like they'd be a very likely infiltration target for China.
Re: (Score:3)
If you believe the NSA the Supermicro boards were bugged from the factory.
Also Cisco.
Also Ed Snowden proved they lie to Congress.
Also no arrests.
Re: How am I to know about Asus? (Score:2)
You wonâ(TM)t arrest yourself
Re: How am I to know about Asus? (Score:2)
Yeah, I'm aware of domestic spying and I am against it, support the EFF, EPIC and ACLU with annual donations to fight against it and other US governmental abuses.
But I'm interested here in Chinese infiltration. Asus is a pretty good choice for quality. I wanna know is it free of Chinese backdoors.
Why? Russia (hence China) are USA's friends now. (Score:3)
Why do in USA care anymore? Our own government openly support Russia now, as of 03/2025 and hence Russia is pretty much owned by China due to it's being supported during the war, the USA is lining up with both. So nothing to fear from China and Russia, our new "friends".
Re: (Score:2)
> Why do in USA care anymore?
Please diagram that sentence.
Re: (Score:2)
The grammar is correct in Ukrainian.
Re: (Score:2)
Sorry, Why does USA care anymore.
Re: (Score:1)
It's Trump Era, chopping parts speech good! Verbs obsolete, no more woke-talk! Transitive verbs specially gotta go, turns our kids be fruits!
Re: (Score:1)
2 wrongs don't make 1 right.
(In Orangie's case, it's 472 wrongs.)
PFSense... (Score:2)
My AP is manufactured in china, but my router is just a normal computer. Which... to be fair... was probably partially manufactured in china.
Yep, only US backdoors are good backdoors! (Score:2)
They still stink just the same...
Whatever credibility Congress had is long gone (Score:2)
This Congress is stuffed with bootlicking simps, liars, proud know-nothings, and geriatrics. No one should take their advice on anything, unless its how to really get your tongue into those hidden crevices.
OpenWRT (Score:2)
I have a TPLink in my chicken coop/ham shack doing VLAN routing.
It runs an OpenWRT and I have zero concern about China.
Do they mean running stock hardware with remote admin web interface turned on?
Congress sounds like it is truly inept.
ISP Replacements (Score:2)
I have Omni Fiber in Ohio that supplies TP-Link routers to their customers. Will ISPs be required to pull and replace these? And if so, with what? Damn near all tech companies have opted to have their devices built in China using slave labor. Will customers be allowed to reflash their ISP provided routers? I don't think so. And even if they could the router's boot loader does not get replaced leaving a threat still possible. The government was warned over 30 years ago that allowing companies to get so embed
As opposed to American made wireless routers? (Score:2)
> remove Chinese-made wireless routers from their homes,
Ok, well I have these Google (er, Nest...no...Google?) WiFi routers, made in....oh hey China! Maybe I should ditch them and buy some American Amazon Eero WiFi routers? I think they are made in Vietnam, that’s good right? Yeah? No? Should I fall back on my very very old Apple WiFi routers most definitely made in China?
Does anyone make WiFi routers in the USA?
Canada (Score:3)
Why should I care about hacking US infrastructure? They no longer care about us.
Re: (Score:2)
The NSA does the same thing to "American" routers. This persons sounds like a hypocrite.
Re: Canada (Score:2)
It sounds like it's just one model router and the fact that it was a POST leads me to believe it was in the web console. It's there even any concern if your tplink router is behind a firewall?
Re: Canada (Score:1)
If your router is behind the firewall (regular setup) then the router can set up a connection to the outside anytime. Which can then be used to get data in as well. Using regular technology. We're not looking at the backdoors the FBI has ordered to be available in any telco product since 1994.
Re: Canada (Score:2)
Can you please link to something that explains that as the actual issue? I thought this was about an attack from the outside. If we are not going to trust Chinese firmware at all then what wifi IS safe?
Re: (Score:2)
Yeah as an Aussie, while we havent (for now) copped the same absurd venom the poor canadians have , for absolutely no morally sound reason , I fear it might be only time.
China is a problem. The Americans could become a problem.
Mikrotik! Latvians aint posed us no threat at all.
Re: Canada (Score:2)
You are in Putins hemisphere.
Re: (Score:2)
So just because the current administration is actively hostile to the American people doesn't mean the Chinese government has suddenly our friends.
The phrase, the enemy of my enemy is my friend, refers to your two enemies fighting themselves instead of you.
Those enemies are still a problem when they are actively attacking you individually.
Re: (Score:2)
I don't trust China either. But... if someone's going to spy on me, given I don't work for the government or for any company the Chinese might want to compete with, there's an argument that I'd be better off with China doing it than the US. I mean, China sucks, but I can sit there posting Tank-guy memes and there's not a lot they can do about it. And that'll be true in four years too. But I'm not sure in four years I'll be able to post in support of various marginalized groups and not have the US government