Lawmakers say TP-Link's rock-bottom prices fuel Chinese cyberattacks, back US sales ban

[midian182]

What just happened? TP-Link, the most popular router brand in the US, could be banned in the country. The ongoing saga over the firm's alleged links to China and anti-competitive behavior has led Republican lawmakers to urge the Commerce Department to ban sales of the company's products.

The seventeen senators and representatives wrote a letter to Commerce Secretary Howard Lutnick this week to support the ongoing investigations into TP-Link. The company is being investigated by the Commerce, Defense, and Justice Departments over whether its China ties pose a security threat and whether the firm engaged in predatory pricing to undercut competitors and dominate the US market.

The group essentially claims that TP-Link's cheap prices have helped it become the number one router brand in the US, thereby allowing the Chinese government to launch cyberattacks and surveillance programs against the United States using the devices.

The letter also urges Lutnick to prohibit further sales of TP-Link networking products in the United States.

The group goes on to accuse TP-Link of having a close association with the Chinese Communist Party, using predatory pricing to eliminate "trusted" US alternatives, and embedding foreign surveillance and destructive capabilities into US networks, all of which make it a "clear and present danger."

The letter states that Chinese state actors have exploited TP-Link small and home office (SOHO) networking devices to wage cyberwarfare against the United States. It's also claimed that TP-Link is the only router company that refuses to engage in industry efforts to remediate Chinese state-sponsored bots.

"Each day we fail to act, the CCP wins while American competitors suffer, and American security remains at risk," wrote the lawmakers.

In a statement responding to the letter, TP-Link told PCMag, "The allegations are categorically false, and we look forward to setting the record straight about our company."

"To be clear, TP-Link is not a state-sponsored company, has no 'deep ties' to, and is completely independent from, the Chinese Communist Party."

Nine of sixteen best-selling routers on Amazon are TP-Link brands, including the top three models. It's estimated that 60-65% of homes and small businesses in the US use the routers, whose cheap prices help make them so popular.

In October 2024, Microsoft exposed "CovertNetwork-1658," a Chinese-run botnet siphoning credentials from Azure since August 2023 via password-spray attacks. The network marshalled 16,000 hijacked SOHO routers, cameras and other IoT nodes – chiefly TP-Link models.

The company's routers have a history of vulnerabilities: a CVSS-10 flaw hit the Archer C5400X in May 2024, and 2023 reports tied Chinese state actors to custom malware installed on TP-Link routers. The latter incident arrived soon after the US government said Mirai Botnet operators were using TP-Link routers for DDoS attacks.

TP-Link, founded in 1996 by brothers Zhao Jianjun and Zhao Jiaxing, established its US arm in 2008 to handle marketing and support in North America, though ownership and operations remained tied to its Shenzhen-based parent. In 2024, TP-Link USA merged with the company's non-Chinese operations to form TP-Link Systems Inc., headquartered in Irvine, California – a move intended to create an "organizational separation," with distinct ownership, governance, R&D, and supply chains on each side.

Permalink to story:

Lawmakers say TP-Link's rock-bottom prices fuel Chinese cyberattacks, back US sales ban

 

[Burty117]

People really just buy the cheapest thing they can don't they?

It's a shame Apple got out of that market, they're one of the rare brands that could convince people to part with a bit more cash for their network setup.

 

[hahahanoobs]

I would think if national security was paramount, concerns over competition wouldn't need to be mentioned in the same breath.

There is some bad history, and I have a Deco M5, but I'm not convinced I need to dump mine just yet.

 

[Axeia]

While national security concerns must be taken seriously, it's equally important to ensure that policy decisions are grounded in verifiable facts — not just geopolitical tensions.

Wasn't the case when Huawei supposedly had backdoors in its 5g equipment. Never been proven.

For some *****ic reason Europe went along with it though and the alternative was mostly Cisco. A US company that has a history of actually verified built in backdoors.

Hopefully Europe is smarter this time because I trust tp-link just as much as the US alternatives like LinkSys. Which is more than I trust Cisco. I'm fine with the government pre emptively choosing for a national brand for government buildings but don't force it on home users without actual valid reasons.

 

[Str8Shot]

If national security is an issue, why is AIPAC allowed to finance our politics? This is another ruse to get people to hate on China, and other “regimes” the US is in competition with.

 

[SRB]

Wasn't the case when Huawei supposedly had backdoors in its 5g equipment. Never been proven.

For some *****ic reason Europe went along with it though and the alternative was mostly Cisco. A US company that has a history of actually verified built in backdoors.

Hopefully Europe is smarter this time because I trust tp-link just as much as the US alternatives like LinkSys. Which is more than I trust Cisco. I'm fine with the government pre emptively choosing for a national brand for government buildings but don't force it on home users without actual valid reasons.

I never will understand why people run to the defense of China in the name of cheap stuff. China has done MORE than enough dumping, IP theft, and proven back doors to justify their exclusion from all aspects of our communication structure. Hard coded openings in security software can be very hard to find. Look no further then all of these sky is falling CVE's that are released. "If you have admin privileges, a few hours, and some equipment, you can cause X which MIGHT be manipulated". These are problems we have to fix, but a country that desires to expand their empire actually designing all of the chips and software we use on the internet is no problem?????

 

[VaRmeNsI]

This is why I don't buy phones made by Chinese brands.

 

[lonetac]

Threat, just like TikTok. Sure.

 

[DrSuess]

No Chinese company is completely independent from the CCP. If the CCP goes to a company and asked them to integrate some spyware into its products it is highly likely they will.

A report about Chinese solar panels was just released that said the US government has found kill switches in inverters in its solar power grid that can be activated by wireless signals. They said it is like an attempt by the Chinese government to cripple parts of the US power grid as part of a cyberattack during a conflict with China. So it is not all that far fetched that TP-Link's firmware could be compromised in the future if it isn't already.

 

[dangh]

No Chinese company is completely independent from the CCP. If the CCP goes to a company and asked them to integrate some spyware into its products it is highly likely they will.

Is it any different in US? Amazon was told to be quiet about tariffs on their store, Apple was told to build factory wherever administration fill fit, lobbyists were told to cheat and corrupt non US officials if that helps them making money for US.
Report of those solar panels _inverters_ wasn't conclusive, and at this stage it seems as fabricated as Huawei 5g equipment issues.
At this stage there are no more 'good guys', just 'rich guys'.

 

[Axeia]

I never will understand why people run to the defense of China in the name of cheap stuff. China has done MORE than enough dumping, IP theft, and proven back doors to justify their exclusion from all aspects of our communication structure. Hard coded openings in security software can be very hard to find. Look no further then all of these sky is falling CVE's that are released. "If you have admin privileges, a few hours, and some equipment, you can cause X which MIGHT be manipulated". These are problems we have to fix, but a country that desires to expand their empire actually designing all of the chips and software we use on the internet is no problem?????

Hardware backdoors are unlikely. I run openwrt on all my routers, leaves the bootloader I suppose but ehhh.
A lot of these routers still have a US or Taiwanese designed chip and basically all are produced in China anyway so for home use or heck even business use if it's not in the defense industry I'm fine with Chinese brands.

I was mostly just making a point that Europe would be stupid to follow suit if this goes through. I trust the US and US brands only marginally more than I trust China and Chinese brands (depending on the brand, Cisco I don't trust at all). If Europe follows suit imo they should ban US brands as well although aside from Fritz!Box I don't even know what other consumer brands there are, think Nokia and Siemens only dabble in professional grade stuff

 

[lonetac]

Is it any different in US? Amazon was told to be quiet about tariffs on their store, Apple was told to build factory wherever administration fill fit, lobbyists were told to cheat and corrupt non US officials if that helps them making money for US.
Report of those solar panels _inverters_ wasn't conclusive, and at this stage it seems as fabricated as Huawei 5g equipment issues.
At this stage there are no more 'good guys', just 'rich guys'.

Not to mention the US demanding those companies break their encryption and provide back door access to phones, computer equipment, etc.

Anyone trusting the US government as safe or not guilty of the same, if not worse tactics, is lying to themselves. Snowden already showed us what you need to know. To not expect far worse is just... uninformed.

 

[Xelions]

This is why I don't let governments dictate policy for what equipment I use. If I wanna use Kaspersky, Huawei, TP-Link.. etc I'll use it and I'll continue to use whatever the f#*k I want. At the end of the day you want absolute security - never connect a system to the Internet! Otherwise you'll always be at the mercy of hardware and software cause unless your an expert in either and you actually test for backdoors you'll never know and simply rely on others guidance, and hey there's nothing wrong with that.

 

[pnntmp]

Any piece of equipment with network connectivity manufactured in China is a security risk, because it may contain deliberately implanted security vulnerabilities.

There should be thorough procedures minimizing the risk, e.g. loading certified firmware in the US by certified local companies.

 

[VariableSpike]

Any piece of equipment with network connectivity manufactured in China is a security risk, because it may contain deliberately implanted security vulnerabilities.

There should be thorough procedures minimizing the risk, e.g. loading certified firmware in the US by certified local companies.

What, with US certified backdoors that the whole world gets to enjoy and someone else inevitably exploits because a backdoor is a backdoor, I.e. you cannot control who goes through once its discovered?

 

[Plutoisaplanet]

Hardware backdoors are unlikely. I run openwrt on all my routers, leaves the bootloader I suppose but ehhh.
A lot of these routers still have a US or Taiwanese designed chip and basically all are produced in China anyway so for home use or heck even business use if it's not in the defense industry I'm fine with Chinese brands.

I was mostly just making a point that Europe would be stupid to follow suit if this goes through. I trust the US and US brands only marginally more than I trust China and Chinese brands (depending on the brand, Cisco I don't trust at all). If Europe follows suit imo they should ban US brands as well although aside from Fritz!Box I don't even know what other consumer brands there are, think Nokia and Siemens only dabble in professional grade stuff

They don't have to be backdoors, they can be lazily designed instead, whether software or hardware. You look at Chinese made cars, and their safety numbers are worse than the rest of the world's cars. They work great, until an incident happens. It's the same thing for most Chinese products... If the products are cheaper, it's more than likely not just due to labor or efficiency.

 

[pnntmp]

What, with US certified backdoors that the whole world gets to enjoy and someone else inevitably exploits because a backdoor is a backdoor, I.e. you cannot control who goes through once its discovered?

You're indeed right. My idea (which I admit I didn't properly describe) was that the firmware should be open and available to anyone to examine and find potential security vulnerabilities - not that we should simply replace one set of potential backdoors with another.

 

[BogdanR]

Any piece of equipment with network connectivity manufactured in China is a security risk, because it may contain deliberately implanted security vulnerabilities.

There should be thorough procedures minimizing the risk, e.g. loading certified firmware in the US by certified local companies.

Is there any other commercially available equipment with network connectivity NOT made in China? Asking for a friend.

 

[cyberblogger]

Its not just their routers either. Like the passive switch that has the webgui and of course their security camera has a backdoor too.

But most routers from China have some sort of security vulnerability it seems, as everyone who is inspecting them are finding all of these vulnerabilities purposely put there.

It does make me wonder about their mini pc routers they push out there since some are not using a standard bios.

 

[toooooot]

Last time I shopped for one, TP link did not seem shockingly cheaper than other brands.
And me favoriting it was purely because of how reliable their last router served me.
After upgrading to TP-link, I forgot what it means to reset a router.
As for predatory pricing, that deserves actions.