Task timeout. Try again, please

Task timeout. Try again, please

TP-Link routers are among the most popular products in the United States. However, according to a new report in the Wall Street Journal, they could be banned from sale within the next year.

The Shenzhen, China-based company is reportedly under investigation by three U.S. government agencies, including the Departments of Commerce, Defense, and Justice, for security concerns and possible ties to Chinese cyber attacks.

Sources told the Journal that TP-Link's routers allegedly have security vulnerabilities, and the company has resisted addressing these flaws.

The report does not indicate that TP-Link's routers were used in the giant telecom provider's data breach earlier this year; the breach, which allegedly affected AT&T and Verizon, among others, was carried out by Salt, a Chinese hacking group with alleged ties to the Chinese government. Typhoon, a Chinese hacking group with alleged ties to the Chinese government.

However, Microsoft's Threat Intelligence Group released a report in October revealing that TP-Link routers were the majority of devices most compromised in the Chinese “password spray” attack. The assessment traced the attacks back to August 2023.

TP-Link has been under investigation by the Department of Defense at least since August of this year, when the Pentagon launched an investigation into vulnerabilities in its Chinese routers. A House committee requested an investigation into the company's routers around the same time.

The lawmakers wrote “TP-Link's extraordinary vulnerability and required compliance with Chinese law is in itself objectionable. Combined with the Chinese government's common use of SOHO (small office/home office) routers like the TP-Link and the massive cyberattacks it has perpetrated in the U.S., it is extremely alarming. [Tom's Guide reached out to TP-Link's Irvine-based U.S. subsidiary for comment, and a company spokesperson further elaborated on these vulnerabilities. However, contrary to claims of widespread vulnerabilities, comparative data shows that TP-Link equals or in some cases exceeds other major industry players in terms of security performance. For example, publicly available vulnerability data (obtained from recognized security repositories such as CVE Details and VulDB) indicates that TP-Link's vulnerability incidence per product is considerably lower than that of other major manufacturers. Meanwhile, a spokesperson told the Journal that the company welcomes the opportunity to work with the government “to demonstrate that our security measures are fully aligned with industry security standards and to demonstrate our ongoing commitment to the U.S. market, U.S. consumers, and addressing national security risks in the United States.”

The company also states.

Whether under the Trump administration, which banned the sale of Huawei products in the U.S., or the Biden administration, which is working to ban TikTok and DJI drones, these types of bans have been enacted primarily in support of national security and the alleged threat of Chinese espionage and hacking activities.

Unlike Huawei and DJI, however, the TP-Link ban affects millions of people, businesses, and federal and local government agencies.

If a ban is enacted, it will likely originate with the Office of Information and Communications Technology and Services, created under the Trump I administration, which is empowered to prohibit companies from designated countries from selling their products and services in the United States. The office recently banned Russian software company Kaspersky from selling antivirus software in the U.S.

A ban on TP-Link would be massive; according to the Journal, TP-Link routers represent nearly 65% of the U.S. market. and are installed everywhere from homes to government offices to the military, according to the Journal.

In general, TP-Link's routers are much cheaper than its competitors, and the Justice Department is investigating whether its low prices violate federal law that seeks to create a monopoly by selling products for less than they cost to manufacture. A TP-Link spokesman has denied these charges. denied these accusations.

UPDATE: A TP-Link spokesperson sent Tom's Guide a survey showing that TP-Link's market share in the US is only 12% for consumers and 2% for businesses. The survey was reportedly conducted by a company called Lansweeper, which is interested in consulting and organizing other companies' IT systems, stated that the author of that article could not indicate the source of that figure. It is unclear from the Journal's report where this figure came from.

We were also told that the firm is based in Irvine, not Shenzhen. This is apparently a recent development; according to a May 2024 press release, the company has reorganized with “dual” headquarters in the US and Singapore. The U.S. location opened in 2023. Since then, Shenzhen has disappeared from the press release, replaced by Irvine; Tom's Guide has found that the company was founded in Shenzhen and still operates there.

Tom's Guide has featured TP-Link routers quite often in lists of the best Wi-Fi routers, ranging from the best gaming routers and best mesh Wi-Fi systems to the best Wi-Fi 7 routers. This is due to their superior performance, affordability, and the fact that there are a variety of devices to choose from.

We are monitoring this story and will re-evaluate these options when we have more information, especially if the ban goes into effect. Until then, there are a number of alternatives to TP-Link on the list from Netgear, Asus, eero, and other largest players in the home networking industry.

If you use a TP-Link router in your home or office, you may have concerns that it could be compromised.

An October Microsoft analysis found that many TP-Link routers were compromised because they failed to change the default password, which should be done first when setting up a new router.

Here are some other steps you can take to make your router more secure:

Create custom login credentials: Many cybersecurity problems are caused by the default set by the device manufacturer or the Internet provider that provided the device Most routers have login credentials that can be updated. Most routers have apps that allow you to update your login credentials, or you can update them by typing your IP address into your browser's address bar. As always, avoid common words and letter combinations (e.g., 123456 passwords are not acceptable). The longer the better, and you want to use a combination of letters, symbols, and numbers to create strong passwords for all devices and accounts. Likewise, you never want to reuse passwords across accounts. This is because if a hacker breaks into one account, they will try to use those credentials to access other accounts and devices.

Update your firmware: Most router manufacturers, including TP-Link, send out firmware updates with security patches on a regular basis. Keep your router up-to-date and check regularly for firmware updates.

Make sure firewall and Wi-Fi encryption are turned on: Firewall and Wi-Fi encryption are often turned on by default, but it never hurts to make sure they are actually enabled. When they are turned on, it is more difficult for malicious vendors to see data being transmitted between the router and connected devices. These settings can also be found on the relevant router apps and websites. Likewise, you can also use one of the best VPNs to keep the data being sent from your device to the Internet private and secure.

Think about a new router: TP-Link has gained a large market share over the years by undercutting the competition with cheaper routers. A router is something you and others in your household use every day, so upgrading to a new one is a worthwhile investment, especially if you are concerned. However, if you are using an older Wi-Fi 5 or Wi-Fi 6 device, there is also a chance to equip your home with the latest wireless technology in the form of Wi-Fi 6E or Wi-Fi 7.

.

Categories