Two US congressmen have expressed serious concerns over networking products made by the widely-used TP-Link brand. They have urged the Biden administration to launch an investigation to determine if these products could be used to covertly spy on Americans or facilitate cyber attacks. Given the prevalence of TP-Link devices, particularly in critical facilities, this issue has garnered significant attention.
Call for Investigation
Republican Representative John Moolenaar and Democratic Representative Raja Krishnamoorthi have formally requested an investigation from the US Department of Commerce, citing national security risks. According to a letter posted by the Select Committee on the Chinese Communist Party, “TP-Link’s unusual degree of vulnerabilities and required compliance with PRC law are in and of themselves disconcerting.” The concerns are not unfounded, as similar hardware has been exploited in past cyber attacks.
Past Incidents and Wider Risks
Last year, TP-Link routers were used to launch an attack on European foreign affairs organizations. The firmware was infected with malware, which allowed attackers to run shell commands, access files, and relay communications between networked devices. However, TP-Link is not the only manufacturer at risk; other brands, including Cisco and Netgear, have also been used in attacks orchestrated by foreign adversaries.
Broader Implications
This request for investigation is part of a broader series of US governmental actions against Chinese companies. Previous actions have forced companies like Huawei and ZTE out of the US market, with TikTok also coming under scrutiny for similar spying concerns. Unlike software updates, router firmware updates are often neglected by end-users, making them a potential weak point in network security.
Conclusion
Most end users are aware of the importance of keeping their devices and software updated. However, there is far less awareness regarding the critical need to update router firmware. Given these recent developments, now would be an excellent time for users to start prioritizing their router’s security.