Security News TP-Link routers could be banned in the US over national security concerns

Gandalf_The_Grey

Level 84
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,566
TP-Link routers, one of the most popular brands of routers in the US and the dominant name in Amazon's best-sellers chart, could be banned in the US. Authorities say the Chinese-made devices, which have been found to contain vulnerabilities in the past, pose a national security risk.

According to a report by the Wall Street Journal citing people familiar with the matter, investigators at the Commerce, Defense and Justice departments have opened their own probes into TP-Link, and authorities could ban the sale of its routers in the US next year. The sources say an office of the Commerce Department has subpoenaed TP-Link.

TP-Link has around 65% of the US market for routers used in homes and small businesses. It gained another 5% share of the market in just the third quarter of this year, the WSJ said. Eleven of the top twenty best-selling routers on Amazon are from the Shenzhen-headquartered company, including the number one (AX3000) and number two (AX1800).
 

bazang

Level 10
Jul 3, 2024
458
USA, "the land of the free, and the home of the banned". Kaspersky, you're not alone.
There is significant justification to ban TP-Link based upon IT security researchers that is common knowledge amongst those in the know. TP-Link products are manufactured very cheaply without any secure coding practices. They are replete with vulnerabilities with a long historical record of being insecure.
“TP-Link’s unusual degree of vulnerabilities and required compliance with PRC law are in and of themselves disconcerting. When combined with the PRC government’s common use of SOHO routers like TP-Link to perpetrate extensive cyberattacks in the US, it becomes significantly alarming,” the letter read.
In October, Microsoft published an analysis that highlighted that compromised TP-Link devices were integral to the activities of “CovertNetwork-1658,” a China-linked hacking operation. These routers reportedly provided a network of egress IPs that masked subsequent attacks on American critical infrastructure, part of a broader campaign dubbed Volt Typhoon.

“CovertNetwork-1658 specifically refers to a collection of egress IPs that may be used by one or more Chinese threat actors and is wholly comprised of compromised devices. Microsoft assesses that a threat actor located in China established and maintains this network,” Microsoft said in its report.

TP-Link CVE history:


I totally support home made products, but not when they are forced. In the end, no competition will result in inferior and overpriced products, like iPhone. 🙃
TCP-Link holds 65% of the U.S. market. The TCP-Link leadership's strategy is to flood the U.S. market with cheap network devices (that turn out to be insecure because they are manufactured cheaply without the required QA\QC and Security Testing).

iPhone has huge competition from Android. It is expensive because the manufacturing standards are high and also due to the huge global consumer demand. Those consumers consider it the superior mobile phone hardware platform.

Every single time I have purchased an Android phone, I always switch back to iPhone because - in my experience - the iPhone is superior. I use it as a phone and communication device. iPhone has proven to be much more reliable and longer lasting than even the flagship Android phones that I have purchased.

A large number of features is not a measure of quality. It is how well a feature or the hardware itself functions.

Android is the worst value because its updates and security support are limited to only a few years. Meanwhile iPhones are supported for 10+ years. My iPhone 6 still works, still lasts all day, and receives security updates. 10 years old.
 

superleeds27

Level 8
Verified
Apr 5, 2017
366
There is significant justification to ban TP-Link based upon IT security researchers that is common knowledge amongst those in the know. TP-Link products are manufactured very cheaply without any secure coding practices. They are replete with vulnerabilities with a long historical record of being insecure.
“TP-Link’s unusual degree of vulnerabilities and required compliance with PRC law are in and of themselves disconcerting. When combined with the PRC government’s common use of SOHO routers like TP-Link to perpetrate extensive cyberattacks in the US, it becomes significantly alarming,” the letter read.
In October, Microsoft published an analysis that highlighted that compromised TP-Link devices were integral to the activities of “CovertNetwork-1658,” a China-linked hacking operation. These routers reportedly provided a network of egress IPs that masked subsequent attacks on American critical infrastructure, part of a broader campaign dubbed Volt Typhoon.

“CovertNetwork-1658 specifically refers to a collection of egress IPs that may be used by one or more Chinese threat actors and is wholly comprised of compromised devices. Microsoft assesses that a threat actor located in China established and maintains this network,” Microsoft said in its report.

TP-Link CVE history:



TCP-Link holds 65% of the U.S. market. The TCP-Link leadership's strategy is to flood the U.S. market with cheap network devices (that turn out to be insecure because they are manufactured cheaply without the required QA\QC and Security Testing).

iPhone has huge competition from Android. It is expensive because the manufacturing standards are high and also due to the huge global consumer demand. Those consumers consider it the superior mobile phone hardware platform.

Every single time I have purchased an Android phone, I always switch back to iPhone because - in my experience - the iPhone is superior. I use it as a phone and communication device. iPhone has proven to be much more reliable and longer lasting than even the flagship Android phones that I have purchased.

A large number of features is not a measure of quality. It is how well a feature or the hardware itself functions.

Android is the worst value because its updates and security support are limited to only a few years. Meanwhile iPhones are supported for 10+ years. My iPhone 6 still works, still lasts all day, and receives security updates. 10 years old.
This seems to be slowly changing though. 7 years for Pixel devices now I think
 
  • Like
Reactions: anirbandutta01

bazang

Level 10
Jul 3, 2024
458
This seems to be slowly changing though. 7 years for Pixel devices now I think
It is 7 years from the day that the eligible Pixel model is listed for sale on the Google Store platform.

So if you buy the model 2 or 3 years later than that day, the security updates are pro-rated down by 2 or 3 years.

Terrible deal. The Android (Google; ChromeOS) ecosystem is just a terrible deal for consumers. But they are sheep and just sit there and get eaten by the wolf that is Google and all of its OEMs that exploit the ecosystem because consumers are, well, ignorant unwise sheep.
 

superleeds27

Level 8
Verified
Apr 5, 2017
366
It is 7 years from the day that the eligible Pixel model is listed for sale on the Google Store platform.

So if you buy the model 2 or 3 years later than that day, the security updates are pro-rated down by 2 or 3 years.

Terrible deal. The Android (Google; ChromeOS) ecosystem is just a terrible deal for consumers. But they are sheep and just sit there and get eaten by the wolf that is Google and all of its OEMs that exploit the ecosystem because consumers are, well, ignorant unwise sheep.
Still better than nothing
 

anirbandutta01

Level 10
Verified
Well-known
Jun 18, 2022
466
Android is the worst value because its updates and security support are limited to only a few years
But you'll get various types of needful apps easily available on Android only no need to purchase. Also iPhone battery performs not very well like Android.
 

cartaphilus

Level 12
Well-known
Mar 17, 2023
574
You see I agree and I disagree on the decision. This is a very thin knife edge to walk on. Since at which point are you protecting Joe Blow from themselves without affecting the freedom of choice? Is it our duty to add safety devices and ban products to protect people from themselves? It all comes down to numbers. How $$$ much will not securing it cost? Does the price justify the means?

I am not some greedy business person but I am also realistic and understand how the mistakes of masses can influence myself and my bottom line.

Does adding "do not drink bleach" sign on a bleach bottle or banning "Thalidomide" because it causes birth defects really a role of the government? Well in the end yeah, in the end "adults" must step in and I am not saying "adults" to be demeaning. I am using the word to mean "a group of subject matter experts fully knowledgeable in the art" since I know that I don't know everything and sometimes guidance is required.

As per Kaspersky and TP-Link? As long as creditable and defendable proof is provided along with ample opportunities for the corporation to "right" themselves before issuing a ban (permanent or temporary) then I am ok with whatever is decided.

There is a reason why other major nationalities have tight control on the products they allow to be sold. So far China has been amazing at IP theft but horrid at its implementation. However soon that might change and then the West will be in some deep doodoo.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top