The United States Congress bipartisan lawmakers are urging the Biden administration to investigate Chinese company TPLink Technologies (also known as TP-Link) and its affiliated enterprises over concerns that the WiFi routers produced by these companies could be used as tools for cyberattacks against the United States, posing a threat to national security.
According to Reuters, on Tuesday, August 13, John Moolenaar, a Republican member leading the House Committee on the Communist Party, and Raja Krishnamoorthi, a Democratic member, sent a letter to the Department of Commerce requesting an investigation into TP-Link.
According to research firm IDC, TP-Link, which focuses on the consumer market, is the world’s largest vendor of WiFi routers in terms of sales volume.
In their request for an investigation, U.S. lawmakers highlighted known vulnerabilities in TP-Link firmware and instances where their routers were used to attack government officials in European countries.
“…we request the Department of Commerce to verify the threats posed by (Chinese-affiliated small office/home office) routers, especially those provided by TP-Link, the world’s largest manufacturer,” the lawmakers wrote in their letter to Commerce Secretary Gina Raimondo.
They described this as an “urgent national security issue.”
The Department of Commerce stated that it would respond to the letter through appropriate channels. The Chinese Embassy hopes that relevant departments will have “sufficient evidence” when identifying network-related events, rather than baseless speculation and accusations.
TP-Link was founded in 1996 in Shenzhen, China, by two brothers. The company did not immediately respond to requests for comments.
This letter indicates that both parties in the United States are increasingly concerned that Beijing may use routers and other devices originating from China to launch cyberattacks on U.S. government and businesses.
Last year, the U.S. and its allies, along with Microsoft, disclosed a network attack activity related to Beijing known as “Volt Typhoon.” Chinese hackers attempted to cover subsequent attacks on critical U.S. infrastructure by controlling privately owned routers.
However, the Justice Department stated in January that the vast majority of affected routers appeared to be from Cisco and NetGear.
Last year, the U.S. Cybersecurity and Infrastructure Security Agency stated that TP-Link routers had a vulnerability that could be exploited to execute remote code.
Around the same time, the U.S. security firm Check Point reported that hackers associated with a Beijing-backed organization used malicious firmware implanted in TP-Link routers to attack European diplomatic officials.
The Department of Commerce has broad powers; if products from “hostile” countries such as China, Russia, Cuba, Iran, North Korea, and Venezuela pose risks to national security, the Commerce Department can prohibit or restrict U.S. companies from transacting with Internet, telecommunications, and technology companies in those countries.