National Security Threat Lurking in Plain Sight
As lawmakers scramble to address the TikTok ban, a more insidious threat to American infrastructure has gone largely unnoticed. TP-Link, a top-selling router brand, has been under scrutiny for posing a significant risk to national security.
Vulnerabilities and Compliance Concerns
Experts warn that China could exploit TP-Link routers to launch attacks on critical infrastructure or steal sensitive information. A letter sent to the U.S. Department of Commerce last summer highlighted “unusual vulnerabilities” and required compliance with PRC law as disconcerting. The letter stated that when combined with the PRC government’s everyday use of SOHO routers to perpetrate extensive cyberattacks in the United States, it becomes significantly alarming.
Government Inaction Raises Concerns
Despite the warnings, no action has been taken, and Rep. Raja Krishnamoorthi (D-IL) is concerned. He points to the government’s “rip and replace” plan with Huawei network equipment as a precedent that could be followed. The government mandated in 2020 that companies rid themselves of Huawei equipment, which was deemed to pose a national security threat.
TP-Link’s Dominance in the U.S. Market
According to data, TP-Link has a 65% share of the U.S. router market, and its success has followed a similar playbook used by China with other technology: make a lot more than they need, export the surplus to undercut the competition, and use the technology to backdoor access or disrupt.
National Security Implications
Krishnamoorthi’s concerns go beyond the federal government. State and local utilities that have TP-Link routers could be vulnerable, as well as people who have the routers at home. “The PRC has every intent to collect this data on Americans and they will, why give them another backdoor?” Krishnamoorthi said.
Personal Data at Risk
Browsing history, family and employer information, and other personal data are all at risk. “I would not buy a TP-Link router, and I would not have that in my home,” Krishnamoorthi added.
Industry Experts Weigh In
Guy Segal, vice president of corporate development at cybersecurity services company Sygnia, said that the pervasiveness of TP-Link routers in government institutions, including defense organizations, presents security concerns for users that should be taken seriously.
Matt Radolec, vice president of incident response and cloud operations at security company Varonis, agrees that banning routers from certain manufacturers is a sound security decision. “Consumers, in general, should be aware of the implications to their personal privacy.”
The Underlying Problem
The underlying problem with TP-Link routers is unencrypted communication, which is an issue where the public is underinformed. “All unencrypted communications on these routers could be compromised, which is worrisome because intra-network communication is often unencrypted for performance’s sake,” Radolec said.
A Call to Action
It’s time for the general public to be aware of the differences between encrypted and unencrypted communications, and browser and device manufacturers must do a better job informing the public about the privacy risks when you send your data over unencrypted links. As consumers, we need to ask ourselves, is that something we want to be potentially exposed to?
Leave a Reply