Congress Funds Removal of Chinese Telecom Gear as Feds Probe Home Router Risks

Congress approved $3 billion Wednesday for a long-languishing project to cull Chinese equipment from networks nationwide over fears they are vulnerable to cyberattacks, underscoring the risk Beijing-sponsored hackers pose to phone and internet networks. From a report: The new funding comes as the Commerce Department reviews whether to ban routers made by the Chinese-owned company TP-Link, which account for more than half of the U.S. retail router market.

The actions reflect the heightened attention among Washington policymakers to the threat posed by Chinese state-linked hackers. U.S. officials revealed the "Volt Typhoon" hack last year and in recent months have expressed alarm over the even bigger "Salt Typhoon" hack. In both cases, Chinese government hackers successfully penetrated major U.S. phone networks and critical infrastructure facilities, and U.S. officials said they still have not been able to expel the Salt Typhoon interlopers.

It isn't just TP-Link

[Baron_Yam]

And, in a rare defence of China, it ain't the CCP either.

It's what happens when you pay bottom dollar for your electronics and an entire industry arises to supply them in a country that doesn't care about anything you do except your money. The CCP exploits the situation, of course, but I doubt Chinese intelligence helped design deliberate exploitable flaws into the stuff.

Now, the high end stuff rolling off Chinese assembly lines? That I'd look at closely for backdoors.

Re:

[ichthus]

but I doubt Chinese intelligence helped design deliberate exploitable flaws into the stuff.

I'm not saying I think you're wrong, but what reason do you have to believe this?

Re:

[Baron_Yam]

Because it's utterly unnecessary. Why risk exposure when the devices are already full of holes because they're all cheaply designed on mostly shared code?

It's like asking why home door locks don't have a master key for cops when doors are already subject to small battering rams or a good hard kick.

Re:

[dfghjk]

Right, and the door opens into a hallway closet.

Re:

[ZipNada]

"TP-Link routers are routinely shipped to customers with security flaws, which the company often fails to address, according to people familiar with the matter. While routers often have bugs, regardless of their manufacturer, TP-Link doesn’t engage with security researchers concerned about them"
https://www.msn.com/en-us/mone... [msn.com]

Re:

[korgitser]

Is there any network gear at all that is not manufactured in China?

Re:

[BadgerStork]

It depends on you definition of China. There are a few that are made in Taiwan.

Taiwan, officially the Republic of China, is a country in East Asia.

Re:

[dfghjk]

And it depends on the definition of "manufactured" as well. We're talking about software here, does anyone think retail routers have hardware backdoors?

Re:

[stabiesoft]

Exactly what I was thinking. So what, they'll give everyone a check for their TP-Link, then everyone will go out and buy a different Chinese branded router. Because the Chinese one is 70 bucks (or less) but the US made one, is there one? Reddit said no. What might it cost? 2 grand? Reddit did suggest getting a UK made pi (and yes I've got some UK ones, but random. Some are made in China, some UK) and dropping WRT software on it or some other firewall software. I just don't see how the US could make it, mayb

Re:

[drinkypoo]

The CCP exploits the situation, of course, but I doubt Chinese intelligence helped design deliberate exploitable flaws into the stuff.

If the NSA had Cisco put back doors into IOS then why not the CCP having TP-Link put back doors into their software, or the SOC manufacturers (or similar) put back doors into their hardware?

I'm not saying it's happening, because I would only do that if I had evidence or at least had read about someone having evidence. I'm saying, on what basis does it make sense to believe they would not do that, when we've done it?

Re:

[dfghjk]

Also, I don't know if TP-Link accounts for "more than half of the U.S. retail router market", but what market are we even talking about? A "nationwide" "network" market or the "retail router" market? These seem like very different things, and these differences impact the very thing the OP is commenting on. I don't think the CCP cares what's happening on my home network, but my ISP and the US backbone, sure.

Re:

[drinkypoo]

I don't think the CCP cares what's happening on my home network

On your home network? They probably don't. On some people's home networks? They certainly do. A compromised gateway device on your network can be used to launch attacks against others, including other wireless networks visible from your router.

None of this is me stating that it's happening, only that there's value to doing it.

Re:

[rickb928]

This is not about paying 'bottom dollar' for your home router etc... Netgear also has had to give up on old hardware/firmware, for example. Cisco also has had to give up on hardware.

We think these manufacturers ought to support their products in perpetuity. This is unrealistic in every way. How long is not long enough I do not know. TP-Link is an unusual case because it seems that it is virtually incompetent, but TP-Link has provide beta firmware it claims to fix this: CVE-ID 2024-53375.

But, it seems users

Re:

[larryjoe]

It's what happens when you pay bottom dollar for your electronics and an entire industry arises to supply them in a country that doesn't care about anything you do except your money. The CCP exploits the situation, of course, but I doubt Chinese intelligence helped design deliberate exploitable flaws into the stuff.

Perhaps it's more than that. China has massively subsidized specific industries and products that it considers to be economically strategic. For these industries, China also doesn't care about money but about gaining market share and eliminating competitors. It's clear that economic dominance is a national goal for China. It's not clear if there are also military advantages that are either incidental or explicit. US military and intelligence are known to explicitly work with US companies to inject secu

Now... whose backdoor was used for salt typhoon

[i kan reed]

I bet it was the backdoors the Chinese government foisted upon us through that nefarious huawei, right?

Oh, no? It was FBI mandated backdoors in Cisco routers, the very thing we're paying to install more of?

This seems like a great idea.

Re:

[dfghjk]

You sure seem to have a penile fixation, comrade. What the minimum length you require for your anal penetration?

Re:

[damicatz]

It's not about security, it's about banning the competition. The American oligarchy is terrified of China because a strong China means that the US government will no longer able to bully the entire world and engage in economic terrorism by sanctioning any country that doesn't allow American corporations to exploit it.

Re:

[i kan reed]

I think that's largely the consensus I've seen among people who don't short circuit "China bad" in their head, yeah. But, even so, it's hard to see this as effective use of money.

Like, say you agree that the United States needs to maintain its position as de-facto hegemon. Is spending (this much) money to replace old routing equipment with newer equipment within your own borders really doing much to improve matters? I feel like it comes from a mistaken assumption that tech is tech and as long as you're i

Re:

[dgatwood]

Cisco systems' next few years of profit have been secured, but how does that facilitate any long-term strength for the US as a nation?

Does Cisco even make routing equipment for non-high-end-commercial use? They sold off Linksys back in 2013 to Belkin.

Re:

[i kan reed]

I guess the ISR-1000 series sorta counts?

They bill them as "Small business" but they're basically just home routers in a more professional looking case.

Re:

[ZipNada]

Maybe its because there is strong evidence that the routers are infested with spyware.

"An analysis from Microsoft published in October found that a Chinese hacking entity maintains a large network of compromised network devices mostly comprising thousands of TP-Link routers. The network has been used by numerous Chinese actors to launch cyberattacks."
https://www.msn.com/en-us/mone... [msn.com]

Backdoors and 9/11

[olmsfam]

I grew up during the 9/11 era and still remember when the NSA was caught backdooring cisco routers and putting custom firmware on wester digital HDDs that were crossing the border. this was even to their allies like canada. A free democratic western country did this to their own hardware.

If you think that a less democratic and ANTI west country is not doing the same, you are retarded.

Re:

[dgatwood]

I grew up during the 9/11 era and still remember when the NSA was caught backdooring cisco routers and putting custom firmware on wester digital HDDs that were crossing the border. this was even to their allies like canada. A free democratic western country did this to their own hardware.

If you think that a less democratic and ANTI west country is not doing the same, you are retarded.

So basically, you're saying the NSA doesn't want competition? :-)

Now if they'd just pay similar attention to solar

[Ungrounded Lightning]

Now if they'd just pay similar attention to solar power equipment.

Nearly all solar power smart electronics is not just contract manufactured in China, but is actually rebranded Chinese designs or Chinese/US co-designs, with the base firmware having been Chinese even if tweaked by the US brand.

It has long been suspected that there are "remote brick-it" back doors in it, suitable for shutting down solar power installations should some US-China dispute arise, both shutting down residential, small industrial,