The United States government may soon outlaw the sale of the country’s most popular home internet router brand, over fears that the routers pose a threat to national security, according to a WSJ report.
Investigators at three US government agencies – the Commerce, Defense and Justice departments – have begun a probe into TP-Link routers, which currently hold a 65% market share in the US home and small business router market. The router is popular among more than 300 internet service providers, who often supply badged versions of the company’s routers to customers.
The routers are also the top choice on Amazon, and are even used by the US Defense Department and other federal government agencies.
TP-Link has long been the target of criticism due to its lack of updates to plug security holes in the routers’ firmware. The routers’ popularity among ISPs and government agencies makes the lack of security updates especially concerning.
TP-Link routers are in use at several government agencies, ranging from the National Aeronautics and Space Administration, to the Drug Enforcement Administration, to the Defense Department.
Those unpatched security holes have led to reports that TP-Link routers have been used to create a botnet to carry out cyber attacks on US organizations and suppliers, including the Department of Defense.
The US Justice Department is also investigating claims that TP-Link sells its routers for less than the cost of manufacture, which would be a violation of a federal monopoly law designed to prevent companies selling from selling their products for less than the cost to make them.
TP-Link sells its routers in the US through a California business unit. A spokesperson for that unit said the company does not sell its routers below cost and complies with US laws, including antimonopoly laws.
If the investigations result in actionable findings, any actions against the firm would likely be handled by the Trump administration, which takes office in January. Trump has so far signaled a “tough on China” approach.
The WSJ‘s sources tell it that TP-Link constantly ships routers with security flaws, which are mostly left unaddressed. The sources also says TP-Link does not work with security researchers that discover them.
However, the TP-Link spokesperson said the company does assess possible security risks and takes action to fix security vulnerabilities when they are discovered.
