Who doesn’t love TP-Link’s exceptional catalog of well-performing and fairly priced routers? They help keep gamers lag-free, streamers out of the buffer zone, and smart homes in full working order.
They are also a vital networking backbone of many small businesses worldwide—allegedly including many Chinese state-sponsored hacking groups armed with several rather large botnets gathered by exploiting vulnerabilities within the hardware to perform all sorts of cybersecurity shenanigans.
Having been a name appearing frequently in stories surrounding major cyber attacks for some time, the US government is now investigating TP-Link, whose consumer Wi-Fi devices are claimed to make up roughly 65% of the market.
The result of which may see TP-Link joining other Chinese companies like Huawei and ZTE that are banned for sale and import within the United States.
TP-Link routers: Selling cheap or selling you out?
The inquisition into TP-Link’s alleged cyber security risks is only one piece of the puzzle. Government officials are also questioning TP-Link’s pricing strategy. It routinely sees its products claiming price tags that greatly undercut the competition and even fall below production costs in violation of US antitrust laws, as The Wall Street Journal reports.
The investigation was prompted in August as US representatives John Moolenaar (R-MI) and Raja Krishnamoorthi (D-IL) requested that the US Department of Commerce examine TP-Link’s potential risks to national security, writing in a letter by the Select Committee on the Chinese Communist Party:
“U.S. cybersecurity authorities and analysts have documented vulnerabilities from home equipment vendors across the board, TP-Link products have had more than their fair share of citations.”
Further stressing the point, the Select Committee would then highlight how the company’s SOHO (small office/home office) routers were, in part, enabling cyberattacks from the PRC (People’s Republic of China), stating:
“TP-Link’s unusual degree of vulnerabilities and required compliance with PRC law are in and of themselves disconcerting. When combined with the PRC government’s common use of SOHO routers like TP-Link to perpetrate extensive cyberattacks in the United States, it becomes significantly alarming.”
TP-Link routers: Beloved by botnets
The claims made against TP-Link are quite bold, but is there any evidence backing them? To many, the answer is yes.
In May 2023, Check Point Research uncovered a custom malware known as “Horse Shell” targeting SOHO TP-Link routers, traced back to a Chinese state-sponsored group they labeled “Camaro Dragon.”
In June 2023, Fortinet reported that at least six known botnets (AGoent, Gafgyt, Moobot, Miori, Mirai, and Condi) were targeting the TP-Link Archer AX21 router. Nearly a year later in April 2024, Fortinet showed data claiming that daily infection attempts using the same exploit had risen to as high as 40,000 to 50,000.
In October 2024, Microsoft reported that a botnet by the name of Quad7 (or 7777 and CovertNetwork-1658) was being manipulated by multiple Chinese threat actors in an attempt to compromise Azure accounts. The botnet is claimed to be over 8,000 devices strong, and according to Microsoft “SOHO routers manufactured by TP-Link make up most of this network.”
What’s next
While the US government is investigating TP-Link, there’s no evidence that it is willfully leaving its SOHO routers open to manipulation by threat actors, or that it is actively allowing the PRC to make use of vulnerabilities. However, its efforts or capabilities to secure its hardware against this kind of manipulation don’t do it any favors.
As a result of the investigation into antitrust and cybersecurity vulnerabilities of TP-Link, regulators may push to ban its products from sale and import within the United States. Should that be the case, it eliminates one of the most affordable options for SOHO routers on the market, and could leave consumers without a viable alternative as a budget option.
It also leaves roughly 65% of the current market relying on hardware that has been deemed not safe for sale, requiring a massive amount of replacements for those hoping to ensure the safety of their devices and data.