TP-Link routers are some of the most popular in the United States. However, they could be facing a ban within the next calendar year according to a new report from the Wall Street Journal.
The company, based out of Shenzhen, China, is reportedly under investigation by a trio of US government agencies including the Departments of Commerce, Defense and Justice due to security concerns and potential ties to Chinese cyberattacks.
Sources told the Journal that routers from TP-Link allegedly ship with security vulnerabilities and the company is resistant to address these flaws.
The report does not indicate that TP-Link routers were used in the huge telecommunications providers data breach earlier this year. That breach which reportedly hit both AT&T and Verizon, among others, was confirmed to be carried out by the Chinese hacking group Salt Typhoon, which supposedly has ties to the Chinese government.
However, Microsoft's Threat Intelligence group released a report in October that found TP-Link routers largely the most compromised devices in a Chinese "password spray" attacks calling the hacks "nation-state threat actor activity." That assessment track attacks going back to August 2023.
TP-Link has been under investigation by at least the Defense Department since August of this year when it opened an investigation into the vulnerabilities of Chinese routers. A House Committee called for an investigation into the company's routers around the same time.
Lawmakers wrote, "TP-Link’s unusual degree of vulnerabilities and required compliance with PRC law are in and of themselves disconcerting. When combined with the PRC government’s common use of SOHO [small office/home office] routers like TP-Link to perpetrate extensive cyberattacks in the United States, it becomes significantly alarming.”
Tom's Guide reached out to the Irvine-based U.S. subsidiary of TP-Link for comment and a company spokesperson provided further details on these vulnerabilities, saying:
"We fully acknowledge that vulnerabilities exist across the industry. However, contrary to claims of widespread vulnerabilities, comparative data places TP-Link on par with, or in some cases ahead of, other major industry players in terms of security outcomes. For example, public vulnerability data (sourced from recognized security repositories like CVE Details and VulDB) shows that TP-Link’s rate of vulnerabilities per product is significantly lower than those of other leading manufacturers."
Meanwhile, a spokesperson told the Journal that the company welcomes opportunities to work with the government and "to demonstrate that our security practices are fully in line with industry security standards, and to demonstrate our ongoing commitment to the U.S. market, U.S. consumers, and addressing U.S. national security risks."
The US vs China and bans
Whether under Trump, who banned the sale of Huawei products in the U.S. to Biden, whose administration is working on banning TikTok and DJI Drones, these sorts of bans have largely been enacted under the auspices of national security and claimed threats of Chinese spying or hacking activity.
However, unlike Huawei and DJI, a TP-Link ban would affect millions of people, businesses and both federal and local government agencies.
If a bans is enacted, it will most likely originate from an office created under the first Trump administration, the Office of Information and Communications Technology and Services, which was granted the power to prohibit companies from designated nations from selling their products or services in the US. That office recently banned the Russian software company Kaspersky from selling its antivirus software in the U.S.
A TP-Link ban would be massive and according to the Journal, TP-Link routers make up nearly 65% of the US market and are in everything from people's homes to government offices and military institutions. In general, TP-Link routers are much less expensive than competitors and the Department of Justice is investigating whether those cheap prices are violating federal laws on attempts to create monopolies by selling its products for less than they cost to manufacture. A TP-Link spokesperson denied those charges though.
How to improve your router's security
At Tom's Guide, TP-Link routers are featured quite often on our best Wi-Fi routers lists from the best gaming routers and best mesh Wi-Fi systems to the best Wi-Fi 7 routers. This is due to their excellent performance, affordability and the fact that they have a wide variety of devices to choose from.
We are monitoring this story and will reevaluate those choices as more information comes out, especially if a ban goes into effect. In the meantime, there are plenty of other alternatives to TP-Link on our lists from Netgear, Asus, eero and the other biggest names in home networking.
If you do have a TP-Link router in your home or office, you might have concerns that it could potentially be compromised though.
The Microsoft analysis from October found that many TP-Link routers were compromised when people failed to change their default password which is the first thing you should do when setting up a new router.
Here are a few other steps you can take to make your router more secure:
Create custom login credentials: Many, if not most, cybersecurity issues arise because people keep the default login credentials set by the manufacturer of their devices or their internet provider who supplied them. Most routers have apps where you can update your login credentials or you can do so by typing your IP address into your browser's address bar. As always, avoid common words or character combinations (no 123456 passwords for instance). Longer is better and you want to use a combination of letters, symbols and numbers to create strong passwords for all of your devices and accounts. Likewise, you never want to reuse passwords across accounts because if hackers compromise one of them, they will then try those credentials to access your other accounts/devices.
Update your firmware: Most router manufacturers, including TP-Link, regularly send out firmware updates that include security patches. Be sure to keep your router up to date and regularly check for firmware updates.
Ensure your firewall and Wi-Fi encryption are on: While firewalls and Wi-Fi encryption tend to be on by default, it never hurts to actually make sure they're still enabled Having these turned on makes it more difficult for bad actors to see data sent between your router and connected devices. These settings can also be found in relevant router apps or websites. Likewise, you can also use one of the best VPNs to keep the data sent from your devices to the internet private and secure.
Consider a new router: TP-Link gained massive market share over the years by undercutting the competition with less expensive routers. Since your router is something you and the rest of your household use everyday, upgrading to a new one is a worthwhile investment, especially if you're worried. However, this could also give you a chance to outfit your house with the latest wireless tech in the form of Wi-Fi 6E or Wi-Fi 7 if you're using an older Wi-Fi 5 or Wi-Fi 6 device.
More from Tom's Guide
- I upgraded to Wi-Fi 7 and it convinced me to finally ditch cable internet for fiber
- 5 reasons why you should buy a router instead of using the one from your ISP
- I test wireless routers for a living — 9 things to look for before you buy
