Two US lawmakers are calling for an investigation into TP-Link and its affiliates over concerns about potential cybersecurity risks posed by their widely used Wi-Fi routers. The investigation request was made by Republican John Moolenaar and Democrat Raja Krishnamoorthi, who head the special committee on China in the US House of Representatives. They have asked the Department of Commerce to look into the vulnerabilities in TP-Link software and cases of its routers being exploited for cyber attacks targeting government officials in foreign countries.
The lawmakers expressed concerns over the security of TP-Link routers and referred to them as a “serious national security issue.” TP-Link, a Chinese company founded in 1996 with headquarters in Shenzhen, issued a statement denying the presence of cybersecurity vulnerabilities in their router products.
The US Department of Commerce is expected to respond to the letter through appropriate channels. This call for investigation reflects a growing worry among US lawmakers about the potential for China to exploit routers and other equipment originating from the country for cyber attacks on the US government and businesses. Last year, a cyberattack campaign called Volt Typhoon, involving Chinese hackers, was revealed by Microsoft. The attackers sought to conceal further attacks on US critical infrastructure by taking control of private routers, most of which were from companies headquartered in the USA.
In addition, the US Cybersecurity and Infrastructure Security Agency (CISA) has pointed out vulnerabilities in TP-Link routers that could be exploited for remote code execution. Furthermore, a security company reported that hackers sponsored by the Chinese government used malware implanted on TP-Link routers to target foreign officials.
The US Department of Commerce has the authority to restrict transactions between US companies and internet, telecommunications, and technology companies from “foreign adversary” countries if their products pose a risk to national security.