Reps. John Moolenaar (R-Mich.) and Raja Krishnamoorthi (D-Ill.), chair and ranking member of the House Select Committee on China, are urging the federal government to launch a probe into China’s TP-Link Technology Co and its affiliates over concerns about cyber attacks on the United States, calling it a “glaring national security issue.”
“We request that Commerce verify the threat posed by (China-affiliated small office/home office) routers—particularly those offered by the world’s largest manufacturer, TP-Link,” they wrote in an Aug. 13 letter to Commerce Secretary Gina Raimondo.
The lawmakers requested a response by Aug. 30 and asked the department to take action if an investigation reveals national security issues.
The Commerce Department did not immediately respond to an inquiry from The Epoch Times.
Founded in Shenzhen, China, in 1996, TP-Link bills itself as the “world’s #1 provider of consumer WiFi networking devices.” It doesn’t broadcast its Chinese origins. Instead, it lists on its website that it has offices in Singapore and the United States. As of 2022, research group IDC put TP-Link’s global market share of WLAN devices at 17.8 percent.
“Pursuant to the PRC’s increasingly draconian data protectionist and national security-focused legal regime, companies like TP-Link are required to provide data to the PRC government and otherwise comply with the demands of its national security apparatus,” the letter reads. PRC is an acronym for the nation ruled by the Chinese Communist Party (CCP), the People’s Republic of China.
TP-Link did not immediately respond to an inquiry from The Epoch Times. The Chinese Embassy said it hoped that authorities would “have enough evidence when identifying cyber-related incidents” and called the allegations groundless.
Krishnamoorthi and Moolenaar also cited reports about vulnerabilities in TP-Link routers and equipment that have been exploited, as well as cases where European government officials were targeted by cyberattacks through firmware security flaws.
In 2023, Check Point Research found that malicious actors made use of an implant for TP-Link routers that would allow them to take control of the devices while evading detection. They attributed the attacks to a CCP-sponsored hacker group and found that the cyberattacks targeted European foreign affairs entities.
The Indian government issued its own warning about TP-Link routers earlier this year after cybersecurity company ONEKEY published a report in May that detailed a specific vulnerability. TP-Link issued a statement in May about working with ONEKEY to address the concern.
The lawmakers’ request comes on the heels of mounting national security concerns over CCP cyber espionage.
During an April congressional hearing, FBI Director Christopher Wray said Chinese hackers have the ability to strike a “devastating blow“ at any time, as they are already connected to critical infrastructure in the United States.
Wray told Congress that the CCP hacking campaign known as Volt Typhoon, which began in 2021, has already burrowed into several American companies in telecommunications, energy, water, pipeline operations, and other critical industries.
“TP-Link’s unusual degree of vulnerabilities and required compliance with PRC law are in and of themselves disconcerting,” Krishnamoorthi and Moolenaar’s letter continued.
“When combined with the PRC government’s common use of SOHO routers like TP-Link to perpetrate extensive cyberattacks in the United States, it becomes significantly alarming.”
The UK issued a similar warning in March, which said that CCP cyberattacks on British officials have been higher than ever.
Reuters contributed to the report.