TP-Link routers could be banned next year, affecting nearly 65% ​​of US internet users

TP-Link routers may be banned in the US next year, The Wall Street Journal reports.

The Shenzhen-based router maker is said to be under investigation by the commerce, defense and justice ministries over security concerns and links to Chinese cyberattacks. Sources told the Journal that TP-Link routers routinely ship with security flaws and that the company is reluctant to engage with security researchers when those flaws are identified.

in October Microsoft released its own analysis which found that TP-Link routers made up most of the compromised devices in China’s “password spraying” hack, calling the attack “nation-state threat activity.”

TP-Link was already under the microscope when Microsoft released its report: In August, the House of Representatives of the Chinese Communist Party demanded an investigation into TP-Link.

“TP-Link’s unusual degree of vulnerability and the required compliance with (Chinese) law is in itself disconcerting.” the lawmakers wrote. “When combined with the (Chinese) government’s routine use of (home office) routers like TP-Link to launch large-scale cyberattacks in the United States, it becomes significantly worrisome.”

That latest report said the Commerce Department’s investigation is ongoing, along with separate probes by the Departments of Defense and Justice. Sources told The Wall Street Journal that a Commerce Department office has subpoenaed TP-Link and may ban the sale of TP-Link devices next year.

“Like many consumer electronics brands, TP-Link Systems routers have been identified as potential targets for hackers. However, there is no evidence to suggest that our products are more vulnerable than those of other brands,” a spokesperson for TP-Link Systems Inc. said CNET.

CNET has several TP-Link models in our lists best wifi routers and will be watching this story closely to see if we need to re-evaluate these choices. As of this writing, we do not recommend purchasing a TP-Link router.

The Biden administration is already exploring action against TP-Link in response to a number of recent Chinese-backed cyberattacksbut the ban on TP-Link routers will likely depend on the Trump administration, which is expected to take an aggressive stance toward Chinese companies. In 2019 Trump issued an executive order which effectively banned American companies from using networking equipment from Huawei, another Chinese company that has come under fire over national security concerns.

TP-Link ban will affect millions of users

When Huawei was banned in the US, almost no one in the country used its smartphones. The same cannot be said for TP-Link.

According to the Journal report, TP-Link routers make up 64.9% of the US router market. (In comparison, iPhones have 53% market share of smartphones in the US.) The company took off around the pandemic when it had about 20% market share.

TP-Link routers are often much cheaper than competitors. Its latest Wi-Fi 7 router currently costs $108 on Amazon; routers with comparable specifications cost approx $300 from AsusTaiwanese company, and $230 from NetgearAmerican company.

The Journal’s report notes that the Justice Department is investigating whether those low prices violate a federal law that prohibits attempted monopolies by selling products for less than they cost to make. A TP-Link spokesperson denied engaging in these practices.

In addition to being the most common router choice for homebuyers, TP-Link also makes routers that more than 300 U.S. ISPs ship to you when you choose to rent equipment from them. They are also widely used by government agencies, appearing in contract documents from the Department of Defense and the Drug Enforcement Administration.

What to do if you have a TP-Link router

If you’re one of the millions of internet users who have a TP-Link router in their home, you might be worried that your device has been compromised. Microsoft’s report found that TP-Link routers have been used in “password attacks” since August 2023, which typically occur when the router is using the default password. As always with your home networking equipment, a few basic security steps will go a long way protection of your data. Here’s what you can do right now:

• Update your login credentials: A shocking amount of cybersecurity breaches can be traced back to using the default login credentials set by your router manufacturer (or ISP if you’re renting your equipment). Most routers have an app that lets you update your login credentials, but you can too enter your router’s IP address in the URL. These credentials are different from your Wi-Fi name and password, which should also be changed every six months or so. Some good rules of thumb for your passwords: Avoid common words and character combinations, longer passwords are better, and don’t reuse passwords from multiple accounts.
• Turn on the firewall and Wi-Fi encryption: These are usually on by default, but I recommend making sure they are enabled. This will make it harder for hackers to eavesdrop on the data sent between your router and the devices that connect to it. You can also find these settings by logging into your router from its app or website.
• Consider buying a new router: We always recommend purchasing your own router instead of renting one from your ISP. It is primarily a cost saving advicebut if your ISP uses TP-Link equipment, now might be a good time to switch to another brand. Whichever router you choose, search WPA3 certification — the most up-to-date security protocol for routers.
• Update your firmware: A TP-Link spokesperson told us that customers should regularly check for firmware updates to protect their router. “To do this, customers with TP-Link Cloud accounts can simply click the ‘Check for Updates’ button in their product’s firmware menu,” the spokesperson said. “All other customers can find the latest firmware on their product’s downloads page on TP-Link.com.”