Two US lawmakers urge probe of Wi-Fi router maker TP-Link over fears of Chinese cyber attacks

WASHINGTON – Two lawmakers want the Biden administration to probe China’s TP-Link Technology and its affiliates for potential national security risks from their widely used Wi-Fi routers over fears they could be used in cyber attacks against the United States.

Representatives John Moolenaar and Raja Krishnamoorthi, who both lead the House select committee on China, requested a Commerce Department probe in an Aug 13 letter seen by Reuters.

According to research firm IDC, TP-Link, which focuses on the consumer market, is the top seller of Wi-Fi routers internationally by unit volume.

In calling for an investigation, Mr Moolenaar and Mr Krishnamoorthi cited known vulnerabilities in TP-Link firmware and instances of its routers being exploited to target government officials in European countries.

“We request that Commerce verify the threat posed by (China-affiliated small office/home office) routers – particularly those offered by the world’s largest manufacturer, TP-Link,” according to the letter to Commerce Secretary Gina Raimondo.

They called it a “glaring national security issue”.

The Commerce Department said it would respond to the letter through appropriate channels.

The Chinese embassy said it hopes probers will “have enough evidence when identifying cyber-related incidents, rather than make groundless speculations and allegations”.

TP-Link, founded in China in 1996 by two brothers and based in Shenzhen, did not immediately respond to a request for comment.

The letter is a sign of mounting concerns that Beijing could exploit Chinese-origin routers and other equipment in cyber-attacks on American governments and businesses.

The United States, its allies and Microsoft disclosed in 2023 a Chinese government-linked hacking campaign

dubbed Volt Typhoon

. By taking control of privately owned routers, the attackers sought to hide subsequent attacks on American critical infrastructure.

The vast majority of affected routers, however, appeared to be from Cisco and NetGear, the Justice Department said in January.

In 2023, the US Cybersecurity and Infrastructure Agency said TP-Link routers had a vulnerability that could be exploited to execute remote code.

Around the same time, US security company Check Point reported that hackers linked to a Chinese state-sponsored group used a malicious firmware implant for TP-Link to target European foreign affairs officials.

The Commerce Department has broad powers to ban or restrict transactions between US firms and internet, telecom and tech companies from “foreign adversary” nations like China, Russia, Cuba, Iran, North Korea and Venezuela if their products pose a national security risk. REUTERS