Why Is The U.S. Considering Banning TP-Link?

Ben Wilkens - January 8, 2025

The Federal Bureau of Investigation (FBI) has expressed significant concerns regarding TP-Link, a Chinese manufacturer of networking hardware, due to cybersecurity vulnerabilities and potential exploitation by the People’s Republic of China (PRC) and PRC-affiliated threat actors. These concerns have prompted investigations and discussions about the possibility of blacklisting TP-Link products in the United States, which is widely expected to occur later this year.

This follows a long list of documented and suspected incursions into the network infrastructure and systems of US-based telecom, government, and critical infrastructure by PRC-affiliated threat actors.

Established in 1996 in Shenzhen, China, TP-Link has become a leading global provider of networking devices, including Wi-Fi routers, switches, and smart home devices. The company holds a substantial share of the U.S. market for Wi-Fi routers and related devices, with estimates indicating a 65% market share in the U.S. home and small business router segment.

Recent reports have highlighted significant cybersecurity vulnerabilities in TP-Link devices. In November 2024, Microsoft reported that a botnet, primarily composed of compromised TP-Link routers, was being used by Chinese state-sponsored hackers to conduct password-spraying attacks against users of Microsoft’s Azure cloud service. This botnet, known as CovertNetwork-1658, consisted of thousands of compromised devices and was utilized to perform highly evasive attacks. Additionally, in May 2023, security researchers uncovered a malicious firmware implant tailored for TP-Link routers, used by Chinese intelligence forces as part of a hacking campaign targeting government officials across the European Union.

In response to these security concerns, U.S. authorities have initiated investigations into TP-Link. In August 2024, members of the House Select Committee on the Chinese Communist Party urged the Department of Commerce to investigate TP-Link and its affiliates, citing the company’s compliance with PRC laws that could require data sharing with the Chinese government. Subsequently, the Departments of Commerce, Defense, and Justice opened their own probes into the company. The Department of Commerce reportedly subpoenaed TP-Link, and there are considerations to ban the sale of TP-Link routers in the U.S. due to national security risks.

If the U.S. government proceeds with a ban on TP-Link products, it would mark a significant move to remove Chinese telecommunications equipment from the American market, reminiscent of the actions taken against Huawei in 2019. Such a ban could disrupt the U.S. router market, given TP-Link’s dominant position, and potentially lead to increased prices and reduced options for consumers.

Most registered motor carrier numbers in the U.S. belong to small fleets and individual owner operators. If we accept the statistic that up to 65% of the U.S. market share of Home and Small Business (HSB) routers are likely manufactured by TP-Link, then it would reason that up to 65% of all small fleets and owner operators could be directly exposed to the threat posed by these devices as long as they continue to use them, and will also need to find alternatives (likely more expensive models) when they replace their home and office wireless routers.

The FBI’s concerns about TP-Link highlight the broader challenges of securing the supply chain and technology infrastructure from potential foreign exploitation. There have been similar concerns raised recently regarding other consumer products manufactured by PRC-affiliated companies in the case of concerns around DJI drones and their likelihood of involvement in widescale reconnaissance and mapping efforts. Lidar sensors manufactured in China, produced by PRC-affiliated companies, have also been exposed relaying detailed geospatial data and telemetry from privately-owned vehicles back to data stores on the Chinese mainland without the owner’s consent or knowledge.

Sadly, the threat posed by PRC-affiliated consumer technology is woefully underestimated by many customers in the U.S. As cyber threats continue to evolve, ensuring the security of networking hardware remains a critical component not only of good cyber hygiene but of national security strategy.

To learn more about the risk of foreign state-backed advanced persistent threat actor (APT) threats to critical infrastructure and best practices for defending against these threats and other bad actors, check out the following resources from NMFTA:

https://info.nmfta.org/navigating-the-impact-of-chinese-infrastructure-on-us-ports-and-supply-chains

Ben Wilkens
Ben Wilkens

Ben Wilkens, CISSP, CISM, is a Cybersecurity Principal Engineer at the National Motor Freight Traffic Association, Inc. (NMFTA)™. He leads research initiatives and teams focused on developing advanced cybersecurity technologies, strategies, and methodologies to protect information systems and networks. Ben works closely with academic institutions, industry partners, and government agencies to advance cybersecurity practices and provides expert guidance to organizations navigating the ever-changing cyber threat landscape.

Before joining NMFTA, Ben was a key executive at a family-owned trucking and logistics company, where he integrated technology to enhance operations while maintaining robust cybersecurity standards. With CISSP and CISM certifications, an active Class A CDL, and hands-on experience as an over-the-road driver, dispatcher, and IT specialist, Ben brings a unique perspective to the intersection of cybersecurity and transportation.