Tag Archives: TP-Link

WiFi Router Ban

The FCC issued a ban on March 23 on all consumer-grade routers made in foreign countries. A router is the device in your home that connects your ISP broadband to the WiFi that almost everybody uses to connect devices in the home. Businesses use routers to direct ISP broadband around the business on fiber or copper networks. The ban covers all new brands and models of routers except those that have been granted a Conditional Approval by the Department of Defense or the Department of Homeland Security.

The ban comes after the White House convened an interagency group comprised of government security experts, which collectively decided that new routers made overseas “pose unacceptable risks to national security of the United States and the safety and security of United States persons”. There have been previous technology bans for security reasons, such as a ban on using software from Kaspersky Lab, and telecommunications services provided by China Telecom and China Mobile International USA. It’s worth noting that the FCC cannot decide to ban any equipment or service and can only do so if directed by national security agencies.

The ban noted that malicious actors have exploited security gaps in foreign-made routers to attack households, disrupt networks, engage in espionage, and steal intellectual property. The notice says that foreign-made routers were involved in cyberattacks from Volt, Flax, and Salt Typhoon.

The ban does not stop consumers from using existing routers. It doesn’t stop retailers from selling existing stocks of routers or from continuing to buy routers that previously have been approved by the FCC’s equipment authorization process. All that is blocked is any new models or generations of routers.

Router manufacturers can petition the DoD or DHS for conditional approval, which would allow them to apply to the FCC for equipment authorization for new routers. There are no manufacturers today that have this conditional approval.

It’s hard to know where this ban will lead, but this could become a big concern for ISPs, since most ISPs provide a WiFi router for new customers. Many cable companies and fiber builders build the router into the modem. Any ISP that is currently using a router that has not been approved by the FCC is in trouble, because according to this ban, they can’t give an unauthorized router to a new customer. Every ISP should be checking this week to make sure the routers they are providing have been blessed by the FCC.

This has longer-term implications since virtually all routers are made overseas, including those made by American companies like TP-Link, which manufactures its routers in Vietnam. Manufacturers routinely upgrade and improve routers every few years, and American ISPs will be stuck with older routers if the government doesn’t approve any new brands or models of routers.

One unspoken intent of the order is probably to promote the manufacture of routers in the U.S. I have to wonder if an American-made router would be any less susceptible to hacking than a foreign-made one. If not, I’m not sure what this ban will accomplish, other than making it more expensive to get routers. It will be interesting to see if any router companies move manufacturing to the U.S. due to this ruling. A more likely outcome might be that American consumers won’t be able to get some of the newest routers that are available to the rest of the world.

Is Your Router Spying on You?

If you’ve followed the telecom industry at all you’ve heard of the effort to rip-and-replace Chinese network gear used mostly in cellular networks and in some fiber networks. The U.S. government ordered that such equipment be replaced, although it has funded the replacement in dribs and drabs.

There is heightened scrutiny of Chinese electronics since the recently discovered Beijing-sponsored cyberattacks that that are reported to have infiltrated the networks of major U.S. ISPs and carriers. U.S. officials recently said that they have been unable to expel the Chinese hacking presence that was instigated by the Salt Typhoon Group from China.

In something that is scary news to a lot of folks, an announcement was recently made that the Justice, Defense, and Commerce Departments have all been scrutinizing WiFi and other routers made by TP-Link. The announcement say this is the most commonly used routers in the U.S. and is marketed under a number if brand names including TP-link, Tapo, Kasa, Omada, VIGI, Aginet, HomeShield, and Tapo Care.

The scrutiny of TP-Link routers started in October when Microsoft reported that the routers have been targeted by Chinese hacking groups. Security experts say the company has a history of not responding quickly when security flaws are identified in its gear. The U.S. government hasn’t announced a specific link between TP-Link and the Chinese hackers, but the recent warning of concerns means there must be strong suspicions.

It’s hard to know what the U.S. government might do if it is established that TP-Link routers are a security risk. They could ban the routers, sending millions of homes and businesses in search of new devices. They might take a softer approach and suggest that people replace them. It’s hard to imagine the government funding the replacement of home and business routers in the same way it is doing for carriers.

Perhaps the government will push for more U.S manufacture of routers. Luckily, unlike many kinds of electronics, there are alternatives to Chinese routers. Netgear routers are manufactured primarily in Vietnam, Thailand, Indonesia, and Taiwan. Linksys is Manufactured in Taiwan and Vietnam. There are smaller brands manufactured around the world – but not many routers are made in the U.S.

What’s probably the most interesting aspect of the sudden focus on WiFi routers is that security experts have been complaining for years that most routers on the market have shoddy security measures and are easy to hack. Perhaps one outcome of the sudden focus on routers will be new government rules demanding better security for all devices.

It’s always a little hard to distinguish politics from reality. Politicians are suddenly lining up to dump on the Chinese, which is easy to do for an issue with no domestic political backlash. Everybody from the incoming FCC Chairman Brandon Carr to many in Congress are suddenly saying that something needs to be done. Only time will tell if this is rhetoric or a real threat.