This post is also available in: עברית (Hebrew)
TP-Link, a company that has become the top choice for Wi-Fi routers all over the worls, is currently under investigation by the U.S. Department of Commerce, Department of Defense, and Department of Justice over potential security risks, according to The Wall Street Journal. These probes could potentially result in a ban, amid growing concerns about the security vulnerabilities in TP-Link devices.
TP-Link, a major player in the global networking market, has been implicated in several high-profile security incidents. A recent investigation by Microsoft uncovered a covert Chinese botnet operating on compromised TP-Link routers, which targeted governments, think tanks, and other organizations in North America and Europe. The botnet, which utilized thousands of TP-Link routers, raised alarms over the brand’s security flaws.
According to sources quoted in The Wall Street Journal’s report, TP-Link has regularly shipped routers with unresolved security vulnerabilities and has been unresponsive to concerns from independent security researchers. Despite these concerns, TP-Link maintains that its security practices align with industry standards. The company, which was founded in 1996 in Shenzhen, China, is known for its widespread consumer reach, selling over 160 million products annually across 170 countries. TP-Link routers became particularly popular during the in recent years, with their market share in the U.S. increasing from 20% in 2019 to an estimated 60-65% today. Concerningly, many government agencies use TP-Link routers, in the U.S and all over the world
TP-Link’s routers have been linked to previous cyberattacks. In August 2024, U.S. lawmakers called for an investigation into the company’s potential role in state-sponsored hacking campaigns, citing vulnerabilities in its Wi-Fi devices, and in 2023, the U.S. Cybersecurity and Infrastructure Agency flagged a critical remote code execution vulnerability in the company’s routers.
As the investigation continues, questions remain about TP-Link’s accountability in addressing these risks, with potential consequences looming for the company as U.S. authorities explore further action.