Two US House of Representatives members have called on the US Department of Commerce to investigate Chinese-made Wi-Fi routers deployed in the US over hacking and espionage concerns.
John Moolenaar (R-MI), chairman of the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party, and Raja Krishnamoorthi (D-IL), a ranking member of the same group, warned in an August 15 public statement of the “growing risk posed by Chinese Wi-Fi routers in the United States manufactured by TP-Link Technologies.”
TP-Link is a Chinese company and the world’s largest provider of Wi-Fi products, selling over 160 million products annually to more than 170 countries.
Its Wi-Fi routers are manufactured in China, which has led the two Congressmen to fear that state-sponsored hackers may be able to compromise the routers and infiltrate US systems.
“Moreover, TP-Link is subject to draconian ‘national security’ laws in the People’s Republic of China (PRC) and can be forced to hand over sensitive US information by Chinese intelligence officials,” they added.
In 2023, a Chinese state-sponsored advanced persistent threat (APT) group known as Camaro Dragon was observed exploiting TP-Link routers via a malicious firmware implant.
In January 2024, it was announced that the FBI led a law enforcement operation in December 2023 to disrupt a network of hundreds of small office/home office (SOHO) routers that had been infected by the KV Botnet malware by another Chinese APT group, Volt Typhoon.
Although the US Justice Department said the majority of compromised devices in this campaign appeared to be from Cisco and NetGear, it is believed Volt Typhoon hackers may have infiltrated US systems up to five years earlier.
In a separate letter to US Secretary of Commerce Gina Raimondo, Moolenaar and Krishnamoorthi said, “TP-Link’s unusual degree of vulnerabilities and required compliance with PRC law are in and of themselves disconcerting. When combined with the PRC government’s common use of SOHO routers like TP-Link to perpetrate extensive cyber-attacks in the United States, it becomes significantly alarming.”
They asked for Secretary Raimondo’s threat assessment and mitigation plan by August 30.
Photo credit: Skrypnykov Dmytro/Shutterstock