US investigates Chinese router maker TP-Link over national security concerns

The investigation marks a new step in US efforts to rein in China-linked technology companies, which are seen as potential threats to national cybersecurity and data.

This time, the target is TP-Link, a company that has long avoided security attention despite dominating the home and small office router market.

TP-Link devices play a vital role in transmitting information from the internet to devices like computers and smartphones, making the company a new focal point in the fight to protect America's cyberspace.

Investigators from the U.S. Commerce Department subpoenaed TP-Link representatives this month and asked for details about the company’s organizational structure, according to people familiar with the matter who asked not to be identified because of the sensitivity of the matter. The investigation was reported by the Wall Street Journal on Dec. 18.

The investigation was initiated in response to a letter sent in August from the co-chairs of the House special bipartisan committee on China, the source said.

In the letter, the lawmakers called on the agency to look into the “serious national security threat” posed by TP-Link’s large market share in the United States.

They stressed that Chinese law forces businesses to support the state's intelligence and military goals, and pointed to Chinese government-backed cyberattacks that frequently exploit vulnerabilities in routers.

The executive order that underpins the investigation gives the US government significant powers to ban the operations of information and communications technology companies with ties to adversary countries. If these companies are determined to pose an “unacceptable risk” to national security, they can be excluded from the US market.

Regarding this issue, a spokesperson for TP-Link Systems said that the company "is ready to work closely with the US government to demonstrate that our security processes are fully compliant with industry security standards. We are strongly committed to continuing to serve the US market and consumers with the highest transparency and accountability."

TP-Link has stepped up efforts to distance itself from its Chinese roots in recent times. TP-Link Systems, now based in Irvine, California, was renamed in July, according to a spokesperson.

The company is no longer affiliated with TP-Link Technologies, which was founded in China in 1996 and was once owned by brothers Zhao Jianjun and Zhao Jiaxing.

A TP-Link Systems spokesperson added that after the restructuring process that took place this year, Zhao Jiaxing now holds 97.5% of the shares in the Chinese business, while Zhao Jianjun and his wife own 100% of the shares in the US business and other businesses, which are now consolidated under a legal entity in California.

The move to separate the company from China comes as other companies have faced increased scrutiny from U.S. regulators, according to people familiar with the matter, and has only added to investigators’ skepticism about TP-Link.

Potential dangers?

Ownership issues aside, people familiar with the investigation say investigators are concerned that TP-Link may be adopting a strategy that many US national security experts have called “the Huawei playbook.”

This is a reference to claims by the US government and lawmakers that Huawei Technologies is a spying tool for the Chinese government and has become a dominant force in the global networking equipment industry thanks to opaque state subsidies. However, both the company and Beijing have denied these allegations.

US regulators have imposed strict restrictions, making it difficult for Huawei to sell devices in the US market as well as buy components from US suppliers.

Hackers can intercept or alter communications through routers and remotely disable them, cutting off users’ access to the internet. Furthermore, they can leverage compromised routers to build a botnet, which helps hide the origin of attacks against the ultimate target.

Hackers can intercept or alter communications running through routers, as well as remotely disable them, cutting off users' internet access. They can also use compromised routers to assemble a botnet to mask the origin of attacks on their ultimate targets.

According to sources familiar with the matter, US officials have identified TP-Link routers as one of many brands, including US brands, that have been exploited by Chinese state-sponsored hackers to carry out cyberattack campaigns such as Volt, Flax, and Salt Typhoon.

These attacks targeted critical U.S. infrastructure, including water and transportation networks, as well as telecommunications and internet companies. Investigators have also expressed concern about a series of Chinese state-sponsored attacks dubbed Camaro Dragon, in which compromised TP-Link routers were used to attack diplomatic entities in Europe.

There is currently no evidence that TP-Link was involved or complicit in any of the attacks. Security researchers from Lumen Technologies' Black Lotus Labs, which discovered the Flax Typhoon attack, and Check Point Software Technologies, which identified the Camaro Dragon, also said they had not found any evidence of TP-Link's involvement.

What is TP-Link's market share in the US?

According to data reviewed by investigators, TP-Link now accounts for about 60% of the U.S. retail market for Wi-Fi systems and SOHO routers, compared to only about 10% in early 2019. In particular, in the Wi-Fi 7 device segment, the most advanced Wi-Fi technology today, TP-Link accounts for nearly 80% of the U.S. retail market.

TP-Link has recently signed contracts with internet service providers, who then distribute the routers to their customers. The company has signed a total of 300 such contracts in the past two years, mainly with wireless internet service providers.

According to sources familiar with the matter, during the TP-Link investigation, US officials were surprised by data showing how TP-Link outmaneuvered its rivals to quickly capture a large portion of the SOHO (home and small business) router market in the US in less than six years,

TP-Link's market share gains coincide with a surge in Chinese state-sponsored cyberattacks targeting SOHO routers, sources say, further raising concerns among investigators.