TP-Link routers may be banned in the US next year The Wall Street Journal reports.
The Shenzhen-based router maker is reportedly under investigation by the Departments of Commerce, Defense and Justice over security concerns and links to Chinese cyberattacks. Sources told the Journal that TP-Link routers routinely ship with security vulnerabilities and that the company has resisted engaging with security researchers when those flaws are identified.
In October, Microsoft released its own analysis it revealed that TP-Link routers made up the majority of compromised devices in China's “password spraying” hack, referring to the attack as “nation-state threat actor activity.”
TP-Link was already under the microscope when Microsoft released its report: in August, the House Committee of the Communist Party of China requested an investigation into TP-Link.
“TP-Link's unusual degree of vulnerability and the required compliance with (Chinese) law is troubling in itself. wrote the MPs. “When combined with the (Chinese) government's common use of (home office) routers like TP-Link to carry out large-scale cyber attacks in the United States, it becomes significantly alarming.”
This latest report says the Commerce Department's investigation is ongoing, along with separate investigations by the Departments of Defense and Justice. Sources told The Wall Street Journal that the Commerce Department's office has subpoenaed TP-Link and could ban the sale of TP-Link devices next year.
“Like many consumer electronics brands, TP-Link Systems routers have been identified as potential targets for hackers. However, there is no evidence to suggest that our products are more vulnerable than those of other brands,” a spokesperson for TP-Link Systems Inc. he told CNET.
CNET has several TP-Link models on our lists best wifi routers and will be watching this story closely to see if we need to reconsider those choices. As of this writing, we do not recommend purchasing a TP-Link router.
The Biden administration is already exploring action against TP-Link in response to a number of them recent Chinese-backed cyber attacksbut the ban on TP-Link routers will likely depend on the Trump administration, which is expected to take an aggressive stance against Chinese companies. In 2019, Trump issued an executive order which effectively banned US companies from using networking equipment from Huawei, another Chinese company that has come under fire over national security concerns.
Banning TP-Link would affect millions of users
When Huawei was banned in the US, almost no one in the country used its smartphones. The same cannot be said for TP-Link.
According to the Journal report, TP-Link routers make up 64.9% of the router market in the US. (In comparison, iPhones have a 53% market share of smartphones in the US.) The company took off around the pandemic when it had about 20% market share.
TP-Link routers are often much cheaper than competitors. Its latest Wi-Fi 7 router currently costs $108 on Amazon; routers with comparable specifications cost approx $300 from Asusa Taiwanese company and $230 from Netgearan American company.
The Journal report notes that the Justice Department is investigating whether these low prices violate a federal law that prohibits attempted monopolies by selling products for less than they cost to make. A TP-Link spokesperson denied engaging in these practices.
In addition to being the most common router choice for do-it-yourself consumers, TP-Link also makes the routers that more than 300 US ISPs send you when you choose to rent equipment from them. They are also widely used by government agencies, appearing in contract documents from the Department of Defense and the Drug Enforcement Administration.
What to do if you have a TP-Link router
If you're one of the millions of internet users who have a TP-Link router in their home, you might be worried that your router has been compromised. A Microsoft report found TP-Link routers being used in “password spray attacks” as of August 2023, which typically occur when the router is using a default password. As always with your home network equipment, a few basic security steps will go a long way protection of your data. Here's what you can do right now:
- Update your login credentials: A shocking number of cyber security breaches can be traced back to using default login credentials set by your router manufacturer (or ISP if you're renting your equipment). Most routers have an app that allows you to update your login credentials, but you can also type your router's IP address in URL. These credentials are different from your Wi-Fi name and password, which should also be changed every six months or so. Some good rules for your passwords: avoid common words and character combinations, longer passwords are better, and don't use passwords from multiple accounts.
- Turn on your firewall and Wi-Fi encryption: These are usually on by default, but I recommend making sure they are activated. This will make it harder for hackers to eavesdrop on the data sent between your router and the devices that connect to it. You can also find these settings by logging into your router from its app or website.
- Consider buying a new router: We always recommend buying your own router instead of renting from your ISP. This is primarily a cost saving advicebut if your ISP uses TP-Link equipment, now is a good time to switch to another brand. Whichever router you choose, search WPA3 certificate — the most advanced security protocol for routers.
- Update the firmware: A TP-Link spokesperson told us that customers should regularly check for firmware updates to keep their router secure. “To do this, customers with TP-Link Cloud accounts can simply click the 'Check for Updates' button in their product's firmware menu,” the spokesperson said. “All other customers can find the latest firmware on their product's Downloads page on TP-Link.com.