US reportedly mulls TP-Link router ban over national security risk
- Reference: 1734555178
- News link: https://www.theregister.co.uk/2024/12/18/us_govt_probes_tplink_routers/
- Source link:
Three federal departments — Commerce, Defense, and Justice — have opened investigations into the router manufacturer, according to a Wall Street Journal report, [1]citing "people familiar with the matter." Plus, a Commerce Department office has reportedly subpoenaed TP-Link.
The Register reached out to TP-Link and and the Justice as well as Commerce Departments but thus far, all have declined comment. We will update this story if and when we hear back from them.
[2]
TP-Link has about 65 percent of the US router market for homes and small businesses. It also partners with more than 300 internet service providers in the US to supply routers for new customer installations, according to the WSJ. The China-based manufacturer's gear is also reportedly used by the Department of Defense and other federal government agencies.
[3]
[4]
In late October, Microsoft [5]warned that Chinese government-backed threat actors had compromised thousands of internet-connected devices for password-spray attacks against its customers, and noted "routers manufactured by TP-Link make up most of this network."
After stealing credentials in these campaigns, the Beijing-backed crew that Microsoft tracks as Storm-0940 uses this access to break into organizations in North America and Europe, including think tanks, government and non-governmental organizations, law firms, and defense industrial base firms.
[6]
These attacks have been ongoing since at least 2021, Redmond said.
We should also note that Chinese spies have also used American companies' gear to build botnets and launch cyberattacks against critical networks and organizations.
Earlier this year, the Justice Department warned that another Chinese-government-linked crew Volt Typhoon had [7]infected Cisco and Netgear boxes with malware so that the devices could be used to break into US energy, water, and manufacturing facilities as [8]far back as 2021.
[9]
And just last month, reports emerged that Volt Typhoon was, once again, [10]compromising old Cisco routers to break into critical infrastructure networks and kick off cyberattacks.
[11]China's Volt Typhoon crew and its botnet surge back with a vengeance
[12]China's Salt Typhoon recorded top American officials' calls, says White House
[13]Trump administration wants to go on cyber offensive against China
[14]US names Chinese national it alleges was behind 2020 attack on Sophos firewalls
However, it doesn't appear that TP-Link routers were used in Salt Typhoon's [15]snooping campaign targeting US telecommunications companies.
Regardless, the move to ban Chinese devices will likely find an ally in President-elect Donald Trump, whose previous administration in 2019 labeled Huawei a [16]national security threat and effectively banned that company's technology from being used in US telecom networks.
Trump's pick for national security advisor has also indicated that the incoming president wants to go on the [17]cyber offensive against China, and the narrative of eliminating sales of TP-Link products in America would play into that tough-on-Beijing stance.
"We have been, over the years, trying to play better and better defense when it comes to cyber," Congressman Mike Waltz (R-FL) said to CBS News' Margaret Brennan on Face the Nation on Sunday. "We need to start going on offense and start imposing, I think, higher costs and consequences to private actors and nation state actors." ®
Get our [18]Tech Resources
[1] https://www.wsj.com/politics/national-security/us-ban-china-router-tp-link-systems-7d7507e6?st=SEX5iL&reflink=desktopwebshare_permalink
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2Z2NUGYp0bT2mC0zlRIeo5QAAAFE&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z2NUGYp0bT2mC0zlRIeo5QAAAFE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z2NUGYp0bT2mC0zlRIeo5QAAAFE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/
[6] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44Z2NUGYp0bT2mC0zlRIeo5QAAAFE&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[7] https://www.theregister.com/2024/01/31/volt_typhoon_botnet/
[8] https://www.theregister.com/2023/10/02/aws_security_madpot/
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33Z2NUGYp0bT2mC0zlRIeo5QAAAFE&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[10] https://www.theregister.com/2024/11/13/china_volt_typhoon_back/
[11] https://www.theregister.com/2024/11/13/china_volt_typhoon_back/
[12] https://www.theregister.com/2024/12/09/white_house_salt_typhoon/
[13] https://www.theregister.com/2024/12/16/trump_administration_china_offensive/
[14] https://www.theregister.com/2024/12/11/sichuan_silence_sophos_zeroday_sanctions/
[15] https://www.theregister.com/2024/11/14/salt_typhoon_hacked_multiple_telecom/
[16] https://www.theregister.com/2019/07/16/hauwei_us_layoffs/
[17] https://www.theregister.com/2024/12/16/trump_administration_china_offensive/
[18] https://whitepapers.theregister.com/
I'm in favor of this as long as it applies to any company with poor security, including American ones.
It won't
No matter how insecure Cisco is, and it leaks like a sieve, it gets a free pass. Cos it's American.
Re: It won't
It leaks the way that god, the american people and mom's apple pie wants it to.
This non-leaking communist crap, where are the backdoors built in that a nation of patriots needs?
I wouldn't trust the software either...
... but their hardware (paired with OpenWRT) is very good for the price, and they have been trying on the security front; in particular, their OOB prompts on newish devices (AX23/WiFi 6) seemed to be a pretty good UX and really insisted on you changing the password. Secret services shenanigans notwithstanding, can't really say TP-Link is significantly worse than other consumer-grade brands.
That said, they seem to be complaining mostly about ISP-supplied equipment, which is typically not user-upgradeable (and in many cases, not even user-configurable). In my corner of the world, On-Premises equipment is only replaced on failure, on speed upgrade not supported by your current device, or when you change ISPs.
Re: I wouldn't trust the software either...
I've used a lot of TP link stuff with DD-WRT, and find the same, the hardware is decent, and coupling it with better software makes for a good outcome.
Re: I wouldn't trust the software either...
Both of you need to consider yourselves lucky, as my Archer C3200 has had OpenWRT promised for years with nothing to show for it. Not every TP-Link device is developed for.
Re: I wouldn't trust the software either...
I've not been running vendor-supplied software on any router pretty much since my employer pulled out of the router business in the 90's. Now that the LEDE spat is resolved, OpenWRT works well and TP-Link hardware seems to be a good choice for it nowadays.
Of course, I am only 98% certain that TP-Link firmware doesn't operate a clandestine capability for China to snoop or interfere with the operation of OpenWRT. So, how about, instead of taking potshots at banning TP-Link, how about the US government puts the effort into detailed security testing to convince itself (and us) that TP-Link is not interfering when the router is running OpenWRT.
At the same time, various other governments (including the Chinese) could do similar testing to make sure that Cisco isn't doing the same thing to allow the US to spy on us.
Huawei -Trump's gonna get ya, get ya, get ya
I'll be hanging on the telephone, just hoping it doesn't go - Atomic (Ooohoow, Trump's hair is beautiful???): a million and one candlelight, then the DOGE Man from Mars will be eating cars.
In the interests of national security...
...surely all Federal and State services should be disconnected from the net. The threat of anything from hacks to zero day vulns is possible due to this stuff being connected to the internet. So take it all offline. Fixed. Sorted. Overnight. The rest of us aren't worth hacking, so we can carry on surfing, buying stuff online and posting words of wisdom on El Reg. The US government will be completely secure - safe from being hacked by being entirely offline.
Government is just too important to risk, so turn all of those government routers off. All government services can switch back to a pre-networked model for day to day operation. Telephones, letters, newsletters. But nothing online.
So...
They have 65% of the home and small office, + 300 partners AND many government agencies.
MS say the majority of attacks come from TP-Link.
So in summary, the supplier with the largest market share also has the largest amount of attacks coming from them.
Sound familiar Microsoft?
Would have been nice to know about 3 weeks ago before buying one.