Source: securityboulevard.com – Author: Richi Jennings
TP-Link in crosshairs, along with other brands.
Chinese consumer-grade networking gear is a dangerous security threat, argue these fine gentlemen. Rep. Raja Krishnamoorthi (D-Illinois), Rob Joyce (former NSA director of cybersecurity) and Rep. John Moolenaar (R-Michigan) have hatched a plan to eradicate TP-Link routers and other plastic pigs from our homes.
But TP-Link is spitting feathers, arguing it’s not been a “Chinese” company for ages. In today’s SB Blogwatch, we get real with OpenWRT.
Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: Tilt/Shift.
Sino Stoppage Scheme
What’s the craic? Michael Martina reports: Congressional panel urges Americans to ditch China-made routers
“Baseless and without merit”
The House of Representatives Select Committee on China has pushed the Commerce Department to investigate China’s TP-Link Technology Co, which … is the top seller of WiFi routers internationally. … Authorities are considering a ban on the sale of the company’s routers.
…
Rob Joyce, former director of cybersecurity at the National Security Agency, [said] TP-Link devices exposed individuals to cyber intrusion that hackers could use to gain leverage to attack critical infrastructure: “We need to all take action and replace those devices so they don’t become the tools that are used in the attacks on the U.S.”
…
The company said it had split with its former China affiliate and now manufactures its routers in Vietnam [and] that the hearing did not provide a “shred of evidence” the company was linked to China’s government: … ”Any claims suggesting our products pose a unique risk to U.S. national security are baseless and without merit,” said Jeff Barney, president of TP-Link.
Hmmmm. Is there more to this story than meets the eye? Joe Supan supposes so: Officials Say TP-Link Routers Are Dangerous. Here’s What Experts Told Us
“Warrants a ban”
The US government appears to see TP-Link as a Chinese entity. … Representative Raja Krishnamoorthi (D-Illinois) [and] Rep. John Moolenaar (R-Michigan) [have] been urging a ban of the routers for months in response to several China-backed cyberattacks last year.
…
“TP-Link’s unusual degree of vulnerabilities and required compliance with [Chinese] law are in and of themselves disconcerting,” the lawmakers wrote. “When combined with the [Chinese] government’s common use of [home office] routers like TP-Link to perpetrate extensive cyberattacks in the United States, it becomes significantly alarming.”
…
TP-Link [said], “Like many consumer electronics brands, TP-Link Systems’ routers have been identified as potential targets for hackers. However, there is no evidence to suggest our products are more vulnerable than those of other brands.” [But] several of the cybersecurity experts I spoke with believe it’s likely that intelligence agencies have found something with TP-Link that warrants a ban.
I smell fear, uncertainty and doubt. Nick Farrell yuks it up: Congress calls for Chinese routers to be banned
“Cyber vigilantism”
The committee claims that these routers are a backdoor for Beijing’s hackers to meddle with US critical infrastructure. [But,] like many of these anti-China technology claims by US politicians, actual proof has been thin on the ground.
…
Krishnamoorthi wants more than just defensive measures. He suggested using cyber vigilantism to fight Chinese hackers, even floating the idea of enlisting private-sector hackers to “hack back.”
How do other countries handle this? Here’s evanjrowley:
We can become like Thailand, where all routers must be imported using a special license and have a government approval sticker on them.
I suppose you get what you pay for? There’s a reason the gear is cheap. Andrewcw disagrees:
They think TP-Link is cheap? I’ve found even more scary stuff at half the price of TP-Link. I trust TP-Link way more because they actually have someone responding to things rather then just sweeping everything under the rug.
…
Yeah it has flaws. But every networking company has them.
Is there an alternative that doesn’t involve trashing all the things? This Anonymous Coward suggestifies thuswise:
My cheap Chinese router runs OpenWRT. … I don’t think Chinese state actors have managed to insert malicious code into that project, given how thoroughly it is reviewed by its developers and the F/OSS community.
Pay no attention to the payola behind the curtain. up-n-atom rents it for us:
This is more likely than not lobbying by Cisco just to pile on the e-waste. … If it’s such a concern, the government could just use their money to … buy the firmware rights from Qualcomm and Broadcom … to create a certified firmware.
…
Security is an illusion if you’re the product. Do yourself a favor and check if there is an open source firmware.
Surely everything’s made in China, no? adespoton goes all Hawley–Smoot on us:
Does anyone have a suggestion for a sub-$800 router that isn’t made in China and checks all those boxes? Anyone?
Is that a good question, though? JBMcB thinks they’re missing the point:
There is a difference between a Chinese company building routers and [an] American company having routers assembled in China. That difference is that, by law, if a Chinese company finds a CVE in their router, they have to first disclose it to the Chinese state security agency. [An] American company is under no such restriction, unless their programmers and primary operations are located in China.
Meanwhile, Waco would like a word with Loki:
The government thinks banning a particular brand is going to do—what, exactly? I hate this timeline. It’s ****ing dumb.
And Finally:
Pushed for time? Just watch the last 95 seconds
You have been reading SB Blogwatch by Richi Jennings. Richi curates the best bloggy bits, finest forums, and weirdest websites—so you don’t have to. Hate mail may be directed to @RiCHi, @richij, @[email protected], @richi.bsky.social or [email protected]. Ask your doctor before reading. Your mileage may vary. Past performance is no guarantee of future results. Do not stare into laser with remaining eye. E&OE. 30.
Recent Articles By Author
Original Post URL: https://securityboulevard.com/2025/03/krishnamoorthi-joyce-moolenaar-tp-link-china-richixbw/?utm_source=rss&utm_medium=rss&utm_campaign=krishnamoorthi-joyce-moolenaar-tp-link-china-richixbw
Category & Tags: Analytics & Intelligence,Cyberlaw,Cybersecurity,Editorial Calendar,Featured,Governance, Risk & Compliance,Humor,Incident Response,Industry Spotlight,IOT,IoT & ICS Security,Most Read This Week,Network Security,News,Popular Post,Security Awareness,Security Boulevard (Original),Social – Facebook,Social – LinkedIn,Social – X,Social Engineering,Spotlight,Threat Intelligence,Threats & Breaches,Vulnerabilities,Attacking Routers,china,China-linked Hackers,Chinese,Chinese Communists,Chinese devices,chinese government,Chinese hardware,Chinese state-sponsored cyberattacks,Commerce Department,Congress,Consumer IoT,flawed routers,House of Representatives,Internet of things,Internet of Things (IoT),Internet of Things cyber security,internetof things,internetofthings,internte-of-things,iot,Jeff Barney,John Moolenaar,OpenWrt,Peoples Republic of China,Raja Krishnamoorthi,Rob Joyce,router compromise,router exploit,router firmware security flaw,router hacking,router hijacking,router security,router vulnerabilities,SB Blogwatch,SOHO,SOHO and IoT device vulnerabilities,TP-LINK,U.S. Commerce Department,US Congress – Analytics & Intelligence,Cyberlaw,Cybersecurity,Editorial Calendar,Featured,Governance, Risk & Compliance,Humor,Incident Response,Industry Spotlight,IOT,IoT & ICS Security,Most Read This Week,Network Security,News,Popular Post,Security Awareness,Security Boulevard (Original),Social – Facebook,Social – LinkedIn,Social – X,Social Engineering,Spotlight,Threat Intelligence,Threats & Breaches,Vulnerabilities,Attacking Routers,china,China-linked Hackers,Chinese,Chinese Communists,Chinese devices,chinese government,Chinese hardware,Chinese state-sponsored cyberattacks,Commerce Department,Congress,Consumer IoT,flawed routers,House of Representatives,Internet of things,Internet of Things (IoT),Internet of Things cyber security,internetof things,internetofthings,internte-of-things,iot,Jeff Barney,John Moolenaar,OpenWrt,Peoples Republic of China,Raja Krishnamoorthi,Rob Joyce,router compromise,router exploit,router firmware security flaw,router hacking,router hijacking,router security,router vulnerabilities,SB Blogwatch,SOHO,SOHO and IoT device vulnerabilities,TP-LINK,U.S. Commerce Department,US Congress
Views: 2
