A US congressional committee urged Americans to remove Chinese-made wireless routers from their homes, including those made by TP-Link, calling them a security threat that opened the door for China to hack U.S. critical infrastructure.
The House of Representatives Select Committee on China has pushed the Commerce Department to investigate China’s TP-Link Technology Co, which according to research firm IDC is the top seller of WiFi routers internationally by unit volume.
US authorities are considering a ban on the sale of the company’s routers, according to media reports.
Rob Joyce, former director of cybersecurity at the National Security Agency, told Wednesday’s committee hearing that TP-Link devices exposed individuals to cyber intrusion that hackers could use to gain leverage to attack critical infrastructure.
“We need to all take action and replace those devices so they don’t become the tools that are used in the attacks on the U.S.,” Joyce said, adding that he understood the Commerce Department was considering a ban.
TP-Link said in a statement to Reuters that the hearing did not provide a “shred of evidence” the company was linked to China’s government. “No government has access to or control over the design and production of our routers,” it said.
“Any claims suggesting our products pose a unique risk to U.S. national security are baseless and without merit,” said Jeff Barney, president of TP-Link Systems Inc.
The company said it had split with its former China affiliate and now manufactures its routers in Vietnam.
Democratic Representative Raja Krishnamoorthi, holding up a consumer-grade TP-Link router, said at the hearing: “Don’t use this.
“I don’t have one at home either. It’s not a good idea,” Krishnamoorthi said.
Joyce said Chinese government-linked hackers were “approaching a peer status” with U.S. cyber capabilities, and said he had grave concerns that the Trump administration’s efforts to cut the federal workforce could undermine U.S. cyber defenses.
Democratic Representative Shontel Brown said the Trump administration had laid off more than 130 officials from the Cybersecurity and Infrastructure Security Agency.
In 2023, CISA said TP-Link routers had a vulnerability that could be exploited to execute remote code.
Krishnamoorthi said the U.S. must deter Chinese hackers by going on offense.
“I think that we should also consider potentially enlisting private sector actors to hack back at the hackers. I’m going to get in a lot of trouble for saying that, but I think you have to sometimes use fire against fire,” Krishnamoorthi said. Reuters