Two US Congressmen have called on the Biden administration to launch an investigation over concerns that networking products made by the widely used TP-Link brand could be used to covertly spy on Americans, or be used for cyber attacks.
Republican Representative John Moolenaar and Democratic Representative Raja Krishnamoorthi have formally requested an investigation from the US Department of Commerce citing national security risks. According to a letter posted by the Select Committee on the Chinese Communist Party (via Reuters), "TP-Link’s unusual degree of vulnerabilities and required compliance with PRC law are in and of themselves disconcerting".
TP-Link products are widely used in the US, and can be found inside critical facilities, including US military bases.
Last year, TP-Link routers were used to launch an attack on European foreign affairs organizations. TP-Link firmware was infected with malware, giving attackers the ability to run shell commands, access files and relay communications between devices on the network. TP-Link is not the only manufacturer that can be exploited. Other manufacturers including Cisco and Netgear have also been used to launch attacks from foreign adversaries.
The request for an investigation is just the latest in the US government's actions against Chinese companies, with Huawei and ZTE being forced out of the US market. TikTok is another well known example of a Chinese company facing similar spying concerns.
Most end users are at least somewhat aware of the need to keep devices and PC software updated for security reasons, but there is far less awareness around the potential for router based attacks. I'd place a wager and suggest that a majority of home users have never updated their router's firmware. Now would be a good time to start.