US probes China-founded router maker TP-Link on national security fears

WASHINGTON – The US government has launched a national security investigation into TP-Link, the China-founded router maker whose equipment now dominates the American market and has been targeted in repeated Chinese cyber attacks, people familiar with the matter said.

The probe opens a new front in the US push to crack down on China-linked technology firms deemed a possible threat to US networks and data.

It singles out a company that had largely escaped national-security notice even as TP-Link came to lead the market for home and small-office routers, which relay information from the internet to devices such as computers and smartphones.

Investigators from the Commerce Department subpoenaed TP-Link in December seeking details, including its company structure, according to the people, who asked not to be identified discussing a matter that has not been publicly announced. The inquiry was reported earlier on Dec 18 by the Wall Street Journal.

The probe was launched in response to an August letter by the co-chairs of a bipartisan House of Representatives select committee on China, the people said. The lawmakers urged the agency to investigate the “glaring national security issue” posed by TP-Link’s dominant US market share.

They also cited Chinese laws requiring companies to aid the state’s military and intelligence objectives and frequent Chinese state-backed cyber attacks exploiting routers. 

The executive order that is the basis for the probe gives the US sweeping power to ban information and communications technology firms linked to foreign adversaries from operating in the US if they are found to pose an “unacceptable risk” to national security. 

A Commerce Department spokesperson declined to comment on the probe.

China’s Foreign Ministry said Beijing has always opposed the US’ “generalisation of the concept of national security and discriminatory practices” against companies from specific countries.

China will take resolute measures to firmly safeguard the legitimate rights and interests of Chinese companies, ministry spokesman Lin Jian told reporters at a regular news briefing on Dec 19.

A spokeswoman for TP-Link Systems said the company “welcomes opportunities to engage with the US government to demonstrate that its security practices are fully in line with industry security standards and to demonstrate its ongoing commitment to the US market and US consumers”.

The company has accelerated efforts to distance itself from its Chinese origin. TP-Link Systems is an entity based in Irvine, California, that was renamed in July, according to the spokeswoman.

It is no longer affiliated with TP-Link Technologies, the company founded in China in 1996 and long co-owned by brothers Zhao Jianjun and Zhao Jiaxing, according to the spokeswoman.

Following a restructuring process in 2024, Mr Zhao Jiaxing now owns 97.5 per cent of the China business, and Mr Zhao Jianjun and his wife own 100 per cent of the US and other businesses that have been consolidated under the California entity, she said. 

The couple intend to become US permanent residents and apply for citizenship, she added.

The moves to distance the company from China follow in the footsteps of other firms that have come under US regulatory scrutiny and only deepened investigators’ scepticism of TP-Link, people familiar with the matter said.

Potential restrictions

The people familiar with the probe also said investigators fear that TP-Link is using what many US national security professionals refer to as “the Huawei playbook”.

That is a reference to claims by the US government and lawmakers that Huawei Technologies is a Chinese government spy tool that became a dominant player in the global networking equipment sector on the back of improper state subsidies. Huawei and Beijing have denied those assertions. US regulators have imposed restrictions that make it harder for Huawei to sell equipment in the US and buy parts from American suppliers.

In the TP-Link case, US officials have been struck by data showing how TP-Link undercut rivals on price to amass a majority share of the US market for routers aimed at homes and small businesses – dubbed Soho routers – in less than six years, the people familiar with the matter said.

TP-Link’s market share gains have come amid

a rise in Chinese state-sponsored hacking activity

targeting Soho routers, they said. 

Hackers can intercept or alter communications running through routers as well as remotely disable them, cutting off users’ internet access. They can also use compromised routers to assemble a botnet to disguise the origin of attacks against their ultimate targets. 

TP-Link routers were among the various brands – including American ones – exploited by Chinese state-sponsored hackers who launched the massive Volt, Flax and Salt Typhoon attacks, US officials have determined, said some of those familiar with the matter. 

Those hacks targeted US critical infrastructure like water and transportation networks, as well as telecommunications and internet companies.

Investigators are also concerned about a series of Chinese state-sponsored hacks dubbed Camaro Dragon that used compromised TP-Link routers to target European foreign affairs entities.

There is no evidence that TP-Link was complicit in any of the attacks. Security researchers at Lumen Technologies’ Black Lotus Labs, which identified the Flax Typhoon hack, and at Check Point Software Technologies, which identified Camaro Dragon, have also said they found no such evidence.

“The hackers use the devices as an anonymisation network,” Check Point’s Mr Itay Cohen said in an interview. “They don’t care who makes them.” 

Market share

TP-Link now has about 60 per cent of the US retail market for Wi-Fi systems and Soho routers, compared with about 10 per cent of the market at the start of 2019, according to the data that investigators are reviewing, the people familiar with the inquiry said.

The TP-Link spokeswoman did not comment on the data prior to publication and then disputed it afterward, saying it overstated the company’s market share.

In the category of Wi-Fi 7 mesh systems – the most advanced on the market – TP Link has almost 80 per cent of the US retail market, that data shows, according to the people.

TP-Link has also recently signed deals with internet service providers who then supply the routers to their customers, according to a post by Wi-Fi Now, a trade group of which TP-Link is a member.

The company signed 300 such agreements over the past two years, primarily with wireless internet service providers, the post says.

In a speech in September, Representative John Moolenaar, the Michigan Republican who serves as co-chairman of the House China committee that sent the letter prompting the TP-Link probe, said policymakers should be on the lookout for “loaded guns” and not “smoking guns” when it comes to the China threat. 

Looking for a “smoking gun” is “the wrong way to think about China-related risk”, he said, without mentioning TP-Link. “After all, a smoking gun means a shot has already been fired.”

He described the threat as coming from “Chinese companies that, because of the technology they provide or the supply chains they impact, pose an unacceptable risk to our country’s security”.

The new authorities under which the Commerce Department is now investigating TP-Link were designed to assess China risks from that perspective.

In June, the agency blocked Russian-controlled cyber-security firm Kaspersky Lab from doing business in the US due to its assessment that it threatened security as opposed to any overt act.

At the time, the Commerce Department warned the action would be “the first of many”. BLOOMBERG