TP-Link routers may be banned due to national security concerns

OVERKILL

$100 Site Donor 2021
Joined
Apr 28, 2008
Messages
63,298
Location
Ontario, Canada
https://www.wsj.com/politics/nation...6?st=SEX5iL&reflink=desktopwebshare_permalink
https://9to5mac.com/2024/12/18/most...n-us-may-be-banned-as-national-security-risk/

Thanks to @Rand for giving me a heads-up on this one!

U.S. authorities are investigating whether a Chinese company whose popular home-internet routers have been linked to cyberattacks poses a national-security risk and are considering banning the devices […]

Investigators at the Commerce, Defense and Justice departments have opened their own probes into the company, and authorities could ban the sale of TP-Link routers in the U.S. next year, according to people familiar with the matter.

It’s long been worrying that so many ISPs choose to supply broadband customers with routers made by TP-Link, given that they have frequently shipped with security flaws which the company fails to patch. Even more so that they have been purchased by sensitive government agencies.

It’s almost as if their cheap price has been considered the most important factor …


But it appears that unpatched security vulnerabilities might be the least of it. The paper reports that TP-Link routers may have effectively been used as a botnet to carry out cyber attacks on US organizations, including suppliers to the Department of Defense.

An analysis from Microsoft published in October found that a Chinese hacking entity maintains a large network of compromised network devices mostly comprising thousands of TP-Link routers. The network has been used by numerous Chinese actors to launch cyberattacks. These actors have gone after Western targets including think tanks, government organizations, nongovernment organizations and Defense Department suppliers.

The Justice Department is investigating whether the price discrepancies violate a federal law that prohibits attempts at monopolies by selling products for less than they cost to make, according to a person familiar with the matter. The TP-Link spokeswoman said the company doesn’t sell products below cost and is committed to compliance with U.S. laws, including antimonopoly laws.

As many here know, I've posted some on this subject in the past, but clearly, it has gotten bad enough to have caught the attention of the highest levels of government where actions are being considered.

This wouldn't be the first time a Chinese company has been banned for these reasons, Huawei was banned from Canadian telecom companies for the same reason.
 
Well ****, I got me house running on TP-Link...
tldr, so I have to go back and see if it covers all or certain models...
Thanks for posting!
 
Well ****, I got me house running on TP-Link...
tldr, so I have to go back and see if it covers all or certain models...
Thanks for posting!
I wouldnt be concerned, not anymore than the drones over NJ.
Critical thinking comes into play. However with a new administration we already know there will be a clamp down.
60+% of routers sold in the USA are TP Link, so of course will be the target of hackers. However if one cares to fully read the news stories the Wall Street Journal does post the whole story accurately but there is a paywall for those who do not have a subscription.
Good news for those who still want access to reliable top performing routers, currently even in use in our government.

Not that I condone our government using routers from China, but then again most are made there.
One thing for sure, TP link is not spying on you, but it's a huge target for hackers on a world wide scale. If you care, get another brand for sure but they are all open to the same games.
People will dump their TP link routers for reasons they do not know and that's ok, but fail to critically think such as this below.
"The U.S., its allies and Microsoft (MSFT.O), opens new tab last year disclosed a Chinese government-linked hacking campaign dubbed Volt Typhoon. By taking control of privately owned routers, the attackers sought to hide subsequent attacks on American critical infrastructure."

(but wait, it continues)
"The vast majority of affected routers, however, appeared to be from Cisco (CSCO.O), opens new tab and NetGear (NTGR.O), opens new tab, the Justice Department said in January."

Also mentioned is TP LINK ... but the above is just an examples of hackers going after whatever they can is how I see it. Then again, dont listen to me, after all I loved my banned by the USA Huawei phone at the time.
https://www.reuters.com/world/us/us...-tp-link-over-fears-chinese-cyber-2024-08-15/

This is behind a paywall sadly. ... it tells the whole story. If you think hackers are going to go away in the USA because of mass hysteria and a ban on TP link. I have a bridge to sell you. Of course it's linked to cyber attacks, the biggest players are attacked.
Such as the USA companies mentioned above.

https://www.wsj.com/politics/national-security/us-ban-china-router-tp-link-systems-7d7507e6
 
I've specifically avoided TP-Link. But it seems that their pricing has pushed out a lot of companies into being bit players in the consumer market. I haven't seen much from D-Link or Linksys in the past few years, although I see they still exist. I suppose ASUS might still be competitive. My last 3 home Wi-Fi boxes I bought were from Netgear, and none were assembled in mainland China. They were assembled in Vietnam, Taiwan, and Thailand.

Now granted I've got a ton of stuff that's been assembled in China, but I generally don't have any concerns about equipment from Apple or Acer since the manufacturing is by Taiwanese entities that run a really tight ship.
 
The idea that China is spying on regular citizens is a bit of a red herring. The Huawei ban was about other geopolitical initiatives rather than any provable "spying". As if there's any major power not spying on every other major power, anyway.
 
I wouldnt be concerned, not anymore than the drones over NJ.
Critical thinking comes into play. However with a new administration we already know there will be a clamp down.
60+% of routers sold in the USA are TP Link, so of course will be the target of hackers. However if one cares to fully read the news stories the Wall Street Journal does post the whole story accurately but there is a paywall for those who do not have a subscription.
Good news for those who still want access to reliable top performing routers, currently even in use in our government.

Not that I condone our government using routers from China, but then again most are made there.
One thing for sure, TP link is not spying on you, but it's a huge target for hackers on a world wide scale. If you care, get another brand for sure but they are all open to the same games.
People will dump their TP link routers for reasons they do not know and that's ok, but fail to critically think such as this below.
"The U.S., its allies and Microsoft (MSFT.O), opens new tab last year disclosed a Chinese government-linked hacking campaign dubbed Volt Typhoon. By taking control of privately owned routers, the attackers sought to hide subsequent attacks on American critical infrastructure."

(but wait, it continues)
"The vast majority of affected routers, however, appeared to be from Cisco (CSCO.O), opens new tab and NetGear (NTGR.O), opens new tab, the Justice Department said in January."

Also mentioned is TP LINK ... but the above is just an examples of hackers going after whatever they can is how I see it. Then again, dont listen to me, after all I loved my banned by the USA Huawei phone at the time.
https://www.reuters.com/world/us/us...-tp-link-over-fears-chinese-cyber-2024-08-15/

This is behind a paywall sadly. ... it tells the whole story. If you think hackers are going to go away in the USA because of mass hysteria and a ban on TP link. I have a bridge to sell you. Of course it's linked to cyber attacks, the biggest players are attacked.
Such as the USA companies mentioned above.

https://www.wsj.com/politics/national-security/us-ban-china-router-tp-link-systems-7d7507e6
Volt Typhoon leveraged access to compromised Fortinet firewalls, that then proxied traffic through compromised home networking gear from pretty much every common home router brand, due to compromised devices that were setup with WAN-facing management access:

Volt Typhoon achieves initial access to targeted organizations through internet-facing Fortinet FortiGuard devices. Microsoft continues to investigate Volt Typhoon’s methods for gaining access to these devices.

The threat actor attempts to leverage any privileges afforded by the Fortinet device, extracts credentials to an Active Directory account used by the device, and then attempts to authenticate to other devices on the network with those credentials.

Volt Typhoon proxies all its network traffic to its targets through compromised SOHO network edge devices (including routers). Microsoft has confirmed that many of the devices, which include those manufactured by ASUS, Cisco, D-Link, NETGEAR, and Zyxel, allow the owner to expose HTTP or SSH management interfaces to the internet.


This is however, unrelated to this thread (Volt Typhoon).

This latest discovery, hence this thread, was due to an investigation being performed by Microsoft, which they detailed in this report released at the end of October:
https://www.microsoft.com/en-us/sec...password-spray-attacks-from-a-covert-network/

Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source of these password spray attacks to a network of compromised devices we track as CovertNetwork-1658, also known as xlogin and Quad7 (7777). Microsoft is publishing this blog on how covert networks are used in attacks, with the goal of increasing awareness, improving defenses, and disrupting related activity against our customers.

Microsoft assesses that credentials acquired from CovertNetwork-1658 password spray operations are used by multiple Chinese threat actors. In particular, Microsoft has observed the Chinese threat actor Storm-0940 using credentials from CovertNetwork-1658. Active since at least 2021, Storm-0940 obtains initial access through password spray and brute-force attacks, or by exploiting or misusing network edge applications and services. Storm-0940 is known to target organizations in North America and Europe, including think tanks, government organizations, non-governmental organizations, law firms, defense industrial base, and others.

As with any observed nation-state threat actor activity, Microsoft has directly notified targeted or compromised customers, providing them with important information needed to help secure their environments. In this blog, we provide more information about CovertNetwork-1658 infrastructure, and associated Storm-0940 activity. We also share mitigation recommendations, detection information, and hunting queries that can help organizations identify, investigate, and mitigate associated activity.

What is CovertNetwork-1658?

Microsoft tracks a network of compromised small office and home office (SOHO) routers as CovertNetwork-1658. SOHO routers manufactured by TP-Link make up most of this network. Microsoft uses “CovertNetwork” to refer to a collection of egress IPs consisting of compromised or leased devices that may be used by one or more threat actors.

CovertNetwork-1658 specifically refers to a collection of egress IPs that may be used by one or more Chinese threat actors and is wholly comprised of compromised devices. Microsoft assesses that a threat actor located in China established and maintains this network. The threat actor exploits a vulnerability in the routers to gain remote code execution capability. We continue to investigate the specific exploit by which this threat actor compromises these routers. Microsoft assesses that multiple Chinese threat actors use the credentials acquired from CovertNetwork-1658 password spray operations to perform computer network exploitation (CNE) activities.
 
The idea that China is spying on regular citizens is a bit of a red herring. The Huawei ban was about other geopolitical initiatives rather than any provable "spying". As if there's any major power not spying on every other major power, anyway.
Yeah, this whole scheme isn't about finding out Big Bill secretly likes to watch cat shows, it's about leveraging consumer infrastructure inside a geographic area to circumvent restrictions placed on traffic from known bad actors. While it's possible that some of these compromised devices might be exploited in a way that gains access to sensitive traffic, that's not the overarching goal, which is to gain a presence on networks that won't be restricted from accessing important domains within a country/region and then using that presence to exfiltrate information gleaned from these organizations through compromise/penetration.
 
I've specifically avoided TP-Link. But it seems that their pricing has pushed out a lot of companies into being bit players in the consumer market. I haven't seen much from D-Link or Linksys in the past few years, although I see they still exist. I suppose ASUS might still be competitive. My last 3 home Wi-Fi boxes I bought were from Netgear, and none were assembled in mainland China. They were assembled in Vietnam, Taiwan, and Thailand.

Now granted I've got a ton of stuff that's been assembled in China, but I generally don't have any concerns about equipment from Apple or Acer since the manufacturing is by Taiwanese entities that run a really tight ship.
Huawei did the same thing, undercut Ericson and the other competitors in the enterprise space, while also pushing their name into the consumer space. When it was discovered that (shocker!) their enterprise gear was a major security risk, they were banned, which worked out well for Rogers here in Canada, as they had been using Ericson, but not so well for Bell and Telus, who went with Huawei due to the lower cost.
 
The government let most of the country's industrial base go to China but routers and Tic Toc are evil. Makes sense to me.
Yep, it was all fun and games in the name of capitalism to exploit 3rd world labour in Asia, until the revenue from that process turned that 3rd world country into a global super power, then it was like "whoa boy!".
 
Huawei did the same thing, undercut Ericson and the other competitors in the enterprise space, while also pushing their name into the consumer space. When it was discovered that (shocker!) their enterprise gear was a major security risk, they were banned, which worked out well for Rogers here in Canada, as they had been using Ericson, but not so well for Bell and Telus, who went with Huawei due to the lower cost.

I looked up what happened to Linksys. Last I remember they were owned by Cisco as their consumer-level equipment, but I remember they got sold although I didn't remember who to. It was Belkin, which then got bought by Foxconn. But apparently they've shifted to mostly direct sales although there might be some sold at retail. D-Link still exists, but I'm not sure where to find them.

I remember my first Wi-Fi system was from SMC Networks. It was an 802.11b system with speeds that would be considered poor today. I think I bought it for $200 from CompUSA but with a $50 mail-in rebate. It was understated - especially compared to the big competitor at the time Linksys, which had those bright blue and black boxes
 
I looked up what happened to Linksys. Last I remember they were owned by Cisco as their consumer-level equipment, but I remember they got sold although I didn't remember who to. It was Belkin, which then got bought by Foxconn. But apparently they've shifted to mostly direct sales although there might be some sold at retail. D-Link still exists, but I'm not sure where to find them.

I remember my first Wi-Fi system was from SMC Networks. It was an 802.11b system with speeds that would be considered poor today. I think I bought it for $200 from CompUSA but with a $50 mail-in rebate. It was understated - especially compared to the big competitor at the time Linksys, which had those bright blue and black boxes
Yes, Cisco almost completely exited the consumer/SMB space when the divested themselves of Linksys to Belkin. They did try a few Linux-based products in the SMB space, but they were never well regarded when compared to the "real" Cisco stuff.

I've owned, either through purchase or acquisition due to a hardware upgrade, equipment from pretty much every vendor except Palo Alto. I may still have an old metal SMC unit kicking around somewhere, might be with my old Juniper SSG 5.
 
Yes, Cisco almost completely exited the consumer/SMB space when the divested themselves of Linksys to Belkin. They did try a few Linux-based products in the SMB space, but they were never well regarded when compared to the "real" Cisco stuff.

I've owned, either through purchase or acquisition due to a hardware upgrade, equipment from pretty much every vendor except Palo Alto. I may still have an old metal SMC unit kicking around somewhere, might be with my old Juniper SSG 5.

For some reason I remember that Linksys got sued when they used Linux but failed to publish the source code they used as required by the Linux license.
 
I am more worried about a future rogue domestic regime (not the one thats coming in now) as a cyber threat than the chinese.
Thats is why I exclusivly use non american anti virus and VPNs (no chinese ones, though, I will not go that far)
 
Well ****, I got me house running on TP-Link...
tldr, so I have to go back and see if it covers all or certain models...
Thanks for posting!

Don't overreact and start trashing your gear. Patch your device(s) to the latest firmware release and keep an eye on the development.

I agree with @alarmguy 's post. And also keep in mind that the WSJ is the primary source here.
 
Can people just run OpenWrt ot Gargoyle firmware on those machines and still be fine?
I just bought a TP-Link router recently but haven't looked into that. I ran Merlin F/W on my previous ASUS router and ran a non-Linksys firmware on a Linksys router so I'm familiar enough with doing so. I'm just not as interested in that stuff anymore.... I just want it to work. I do keep up with F/W updates too.
 
Don't overreact and start trashing your gear. Patch your device(s) to the latest firmware release and keep an eye on the development.

I agree with @alarmguy 's post. And also keep in mind that the WSJ is the primary source here.
NO overreacting here - been an IT guy for 35 years!
I've literally not even a HomeKit lightbulb who's firmware is not current :p
 
Back
Top Bottom