If you’ve followed the telecom industry at all you’ve heard of the effort to rip-and-replace Chinese network gear used mostly in cellular networks and in some fiber networks. The U.S. government ordered that such equipment be replaced, although it has funded the replacement in dribs and drabs.
There is heightened scrutiny of Chinese electronics since the recently discovered Beijing-sponsored cyberattacks that that are reported to have infiltrated the networks of major U.S. ISPs and carriers. U.S. officials recently said that they have been unable to expel the Chinese hacking presence that was instigated by the Salt Typhoon Group from China.
In something that is scary news to a lot of folks, an announcement was recently made that the Justice, Defense, and Commerce Departments have all been scrutinizing WiFi and other routers made by TP-Link. The announcement say this is the most commonly used routers in the U.S. and is marketed under a number if brand names including TP-link, Tapo, Kasa, Omada, VIGI, Aginet, HomeShield, and Tapo Care.
The scrutiny of TP-Link routers started in October when Microsoft reported that the routers have been targeted by Chinese hacking groups. Security experts say the company has a history of not responding quickly when security flaws are identified in its gear. The U.S. government hasn’t announced a specific link between TP-Link and the Chinese hackers, but the recent warning of concerns means there must be strong suspicions.
It’s hard to know what the U.S. government might do if it is established that TP-Link routers are a security risk. They could ban the routers, sending millions of homes and businesses in search of new devices. They might take a softer approach and suggest that people replace them. It’s hard to imagine the government funding the replacement of home and business routers in the same way it is doing for carriers.
Perhaps the government will push for more U.S manufacture of routers. Luckily, unlike many kinds of electronics, there are alternatives to Chinese routers. Netgear routers are manufactured primarily in Vietnam, Thailand, Indonesia, and Taiwan. Linksys is Manufactured in Taiwan and Vietnam. There are smaller brands manufactured around the world – but not many routers are made in the U.S.
What’s probably the most interesting aspect of the sudden focus on WiFi routers is that security experts have been complaining for years that most routers on the market have shoddy security measures and are easy to hack. Perhaps one outcome of the sudden focus on routers will be new government rules demanding better security for all devices.
It’s always a little hard to distinguish politics from reality. Politicians are suddenly lining up to dump on the Chinese, which is easy to do for an issue with no domestic political backlash. Everybody from the incoming FCC Chairman Brandon Carr to many in Congress are suddenly saying that something needs to be done. Only time will tell if this is rhetoric or a real threat.
You don’t necessarily need a router made in the USA, you just need to run software that’s up to date and not (probably) in control of potentially adversarial nation state.
That’s also kinda hard.
ASUS makes routers, wifi, and powerline gear that’s manufactured in Taiwan which, for the moment, shouldn’t be a vector of China problems… for the moment.
OpenWRT and DD-WRT are good choices for firmware which run on a variety of hardware types (usually not cutting edge). OpenWRT just launched a hardware development board that looks promising. Even though it’s a Chinese company Gl.inet makes a box that runs a version of OpenWRT and you can reflash it with stock OpenWRT — it’s probably a little safer than flashing one of the non-native-OpenWRT boxes where you sometimes have to take bits and pieces of opaque vendor software to get them to go. Synology is a Taiwanese company that makes NAS, routers, and wifi gear. There are Swiss and Czech companies that make pretty dodgy looking boxes.
PfSense is a good software base if you just want a router and no wifi. Etc.
And, there’s a seemingly endless series of Linux router and firewall projects that you can run on some stock gear, although, again, performance isn’t usually cutting edge. You can find SDR open source that you could host yourself if you’re superduper serious or masochistic. (In one of the zillions of comments someone commented about the real problem being finding managed switch capabilities…)
But, much of this gets you into a world that’s mostly full of much more fragile linkages and often requires a bunch of painful do-it-yourself investigation, trawling through user forums, etc., when something goes wrong.
Globalism is all fun and games until you don’t like one of the hops in the chain.
https://news.ycombinator.com/item?id=42285689
https://openwrt.org/toh/openwrt/one
https://en.wikipedia.org/wiki/List_of_router_firmware_projects
https://en.wikipedia.org/wiki/List_of_router_and_firewall_distributions
“Globalism is all fun and games until you don’t like one of the hops in the chain.”
it’s not really globalism though. From the US perspective, it’s trade with effectively a single country. Every part and piece is manufactured in China.
It’s exploited markets and inertia. This hardware can be made anywhere, but lower regulation and wages put it in china.
The US’s new lean towards xenophobia and a populist push that direction likely explains lawmakers today.
If this was actually globalism, China wouldn’t have any leverage because there would be a distribution of manufacturing.
I’m with you on the nationalist push against free trade being largely xenophobic or, at the very least, ignorant if not misguided.
But, nothing about globalism suggests that there are going to be lots of competitors and lots of competition. It’s about having global resources to create products, not being restricted to home suppliers.
Globalism finds the highest profit way to make and market products using and that certainly gravitates towards one labor market if it’s much cheaper. (As has been the case, and for not so savory reasons.)
The problem we have is that “competitive advantage of nations” is also at work, so China can just do a lot more stuff for cheaper because its suppliers are diverse and mature. That’s hard to pry yourself away from, because it requires some period of lower profits or higher prices.
I would just argue that true globalism would work like capitalism when there’s ‘good’ regulation/treaty. It’s unlikely one company or nation would produce all of a specific common-use product because other countries with similar resources would try to compete and get that revenue. America should happily buy all their swiss chocolate from Switzerland, but we should be very weary of buying all of our thermisters and resistors and capacitors from a single factory in a single country.
our current relationship with china has super strong parallels with monopolies. Once that situation exists, it has hurt other competitors so badly they can’t catch up. Can’t really move production out of china rapidly because other nations never developed to the point where you could even practically train a workforce, or handle logistics.
Ask TSMC how hard it was getting 1st world US workers to function in a chip fab, and we have trucks and ports and education and so on.
rip and *reflash to OpenWr*t. Security, solved. Bufferbloat beaten. IPv6 enabled.
depends. openwrt solves the software, but it doesn’t solve if there’s something built into the hardware that can send data without the operating system being aware.
However, at least that’s testable, comparing operating system tx vs what is received out the interfaces.
Maybe the cheapest thing would just be to let the US gov hack all the TP-Link routers and “re-work” them. :–()