Lawmakers brought forward extreme concerns over TP-Link, the Chinese home router company. They’re calling it a national security risk.
And they’re not the only ones. Independent cybersecurity researchers have also released papers highlighting the numerous security flaws that the company has failed to fix.
“An increasing number of outside researchers and analysts have identified specific concerns about the risks posed by TP-Link,” reads a letter written by two House members. The letter was sent to US Commerce Secretary Gina Raimondo on August 13th.
The core argument presented in the letter is that TP-Link can be used by the Chinese government to spy on American users or as part of a mass hacking scheme.
“TP-Link’s unusual degree of vulnerabilities and required compliance with PRC law are in and of themselves disconcerting,” they wrote.
“When combined with the PRC government’s common use of SOHO [small office/home office] routers like TP-Link to perpetrate extensive cyberattacks in the United States, it becomes significantly alarming,”
The writers also state that last year it became known that TP-Link routers were already used in a large-scale Chinese hacking campaign. Researchers found that TP-Link had a known remote code exploitability flaw that hasn’t been patched since its discovery.
The letter claims that the Chinese Advanced Persistent Threat (APT) is the defining threat of our generation.
After reviewing the information, the two lawmakers requested the Commerce Department to create a threat assessment and mitigation plan by August 30th. An investigation swiftly began.
If they deem TP-Link to be as dangerous as everyone is claiming, The Commerce Department would utilize its information and communication technology services (ICTS) authority to prevent the product from being sold in the US.
The Chinese Embassy put out a comment, stating it hopes the US would “have enough evidence when identifying cyber-related incidents, rather than make groundless speculations and allegations”.