US Congressional Panel Urges Americans To Ditch China-made Routers

A U.S. congressional committee has urged Americans to remove Chinese-made wireless routers from their homes, including those made by TP-Link, calling them a security threat that opened the door for China to hack U.S. critical infrastructure. From a report: The House of Representatives Select Committee on China has pushed the Commerce Department to investigate China's TP-Link Technology Co, which according to research firm IDC is the top seller of WiFi routers internationally by unit volume. U.S. authorities are considering a ban on the sale of the company's routers, according to media reports.

Rob Joyce, former director of cybersecurity at the National Security Agency, told Wednesday's committee hearing that TP-Link devices exposed individuals to cyber intrusion that hackers could use to gain leverage to attack critical infrastructure. "We need to all take action and replace those devices so they don't become the tools that are used in the attacks on the U.S.," Joyce said, adding that he understood the Commerce Department was considering a ban.

Canada

[fluffernutter]

Why should I care about hacking US infrastructure? They no longer care about us.

Re:

[Valgrus Thunderaxe]

The NSA does the same thing to "American" routers. This persons sounds like a hypocrite.

Re:

[Brain-Fu]

That makes no sense.

When the snake says "don't trust the scorpion," do you then defiantly trust the scorpion?

No. You trust neither the snake nor the scorpion.

Clue: Both sides may lie. Verify things yourself.

[drnb]

You can pretty much assume that anytime the US government tells me I shouldn't trust China I should do exactly that.

That's foolish. Here's is some quite useful knowledge:

When when side is untrustworthy, that does NOT mean the other side is trustworthy. Both may be untrustworthy.

Also, the untrustworthy may tell the truth if circumstances are coincidentally on their side.

This is why we apply scientific and logical principles and verify things ourselves.

Re: Canada

[fluffernutter]

It sounds like it's just one model router and the fact that it was a POST leads me to believe it was in the web console. It's there even any concern if your tplink router is behind a firewall?

Re: Canada

[barryvoeten]

If your router is behind the firewall (regular setup) then the router can set up a connection to the outside anytime. Which can then be used to get data in as well. Using regular technology. We're not looking at the backdoors the FBI has ordered to be available in any telco product since 1994.

Re: Canada

[fluffernutter]

Can you please link to something that explains that as the actual issue? I thought this was about an attack from the outside. If we are not going to trust Chinese firmware at all then what wifi IS safe?

Re:

[Sique]

It's easy. It's called "Command & Control". Device connects to the control server in the outside world and then waits for the command to come in via the already established connection.

Re: Canada

[fluffernutter]

Ok you have not read. When I google on it, there is no explanation of any attack that has been seen from or against a tplink router ever. People aren't going to get rid of equipment because of some vague reference to 'an attack is possible', especially without explaining what distinguishes TpLink among all other companies that are out of China. How do you even know what router to buy to replace it without exposing yourself to the same thing again?

Re:

[TrumpShaker]

People aren't going to get rid of equipment because of some vague reference to 'an attack is possible'

Agreed. In my opinion, much of the U.S. public ignores that kind of reference. Not important and they can always claim ignorance.

Re: Canada

[fluffernutter]

It's not that they are ignoring it, but most people can't afford to buy a new router at the drop of the hat.

Re:

[sg_oneill]

Yeah as an Aussie, while we havent (for now) copped the same absurd venom the poor canadians have , for absolutely no morally sound reason, I fear it might be only time.

China is a problem. The Americans could become a problem.

Mikrotik! Latvians aint posed us no threat at all.

Re: Canada

[fluffernutter]

You are in Putins hemisphere.

Re:

[rsilvergun]

So just because the current administration is actively hostile to the American people doesn't mean the Chinese government has suddenly our friends.

The phrase, the enemy of my enemy is my friend, refers to your two enemies fighting themselves instead of you.

Those enemies are still a problem when they are actively attacking you individually.

Re:Canada

[karmawarrior]

I don't trust China either. But... if someone's going to spy on me, given I don't work for the government or for any company the Chinese might want to compete with, there's an argument that I'd be better off with China doing it than the US. I mean, China sucks, but I can sit there posting Tank-guy memes and there's not a lot they can do about it. And that'll be true in four years too. But I'm not sure in four years I'll be able to post in support of various marginalized groups and not have the US government, or the security-state remnants of it, come to fuck with me in some shape or form.

Or maybe that won't happen and sanity will prevail, but things are dark right now.

Re:

[Fons_de_spons]

You could buy an extra Chinese router and hook it up to the network to aid the Chinese.

My chinese router runs OpenWRT

[Anonymous Coward]

My cheap Chinese router runs OpenWRT, and I don't think Chinese state actors have managed to insert malicious code into that project given how thoroughly it is reviewed by its developers and the F/OSS community.

Re: My chinese router runs OpenWRT

[anonymouscoward52236]

Congress critter: oh... well... now I haven't though if that one. Arrest him he's a witch with his custom firmwares!

Re: My chinese router runs OpenWRT

[mysidia]

This is all just more frustrating xenophobic economic protectionist bullshit from our legislators.

Essentially all routers with services exposed to WAN are containing security vulnerabilities.
Because none of the manufacturers are paying adequate attention to security issues.

Chinese manufacturers like TP-LINK are not in any way special.

A ban on one manufacturer does not solve the problem nor does it make people less hackable.
If you believe it is important that consumers have secure routers, then you need regulation of
IT security issues in consumer products.

Re:

[AmiMoJo]

What's special about TP-Link is that even their low end hardware runs the same OS as the high end gear. Some features might be disabled due to performance limitations, but for the most part you get all the "premium" features.

That annoys Western manufacturers who like to differentiate their product tiers by disabling features on the cheaper ones. Chinese cars often do the same thing.

Re:

[txyoji]

TP Link specifically uses a remote service to manage access to the device. TP-Link has access to and can reset passwords on any device running their OS. That's alwasy weirded me out about their new stuff. Google/Nest has a similar deal. OpenWRT is a great option to have full function of your device.

Re:

[DarkOx]

Services exposed to the WAN are probably not a real concern.

It is the epic mountain of the software on all your other devices any of which could call home and be a C&C channel and be sending back any manor of data about your inside network. It is all encrypted and it is all going to Azure/AWS/GCP/Ali/etc IP blocks.

Your poor router has no ability to provide you any protection because there is nothing to make a decision on the traffic is opaque and the destination is cloudy and conflated with 100,000 leg

Re: My chinese router runs OpenWRT

[fluffernutter]

This is the case with every router.

Re:

[Bert64]

You don't need to expose services on WAN to have security vulnerabilities...
Plenty of things exploitable via XSRF, or via wireless, or potentially in the ALGs etc.

Re:My chinese router runs OpenWRT

[echo123]

Ninja'd! I came here to say the same thing. And one of the great things about OpenWRT is it runs on all kinds of stuff, including a TP-Link ac1750, which is a good, cheap, reliable option. My parent's house has used one since 2008 with repeaters. QoS FTW!

https://openwrt.org/toh/start [openwrt.org]

Re:My chinese router runs OpenWRT

[hcs_$reboot]

I'm all for OpenWRT, and only buy OpenWRT compatible devices.

My cheap Chinese router runs OpenWRT, and I don't think Chinese state actors have managed to insert malicious code into that project

But beware that often OpenWRT doesn't/cannot (if in ROM) replace the bootloader, the code that runs first when the device is switched on (then hands over control to the OS).

Re:

[fahrbot-bot]

I'm all for OpenWRT, and only buy OpenWRT compatible devices.

My cheap Chinese router runs OpenWRT, and I don't think Chinese state actors have managed to insert malicious code into that project

But beware that often OpenWRT doesn't/cannot (if in ROM) replace the bootloader, the code that runs first when the device is switched on (then hands over control to the OS).

I recently bought a TP-Link Archer C7 v5 (AC1750) for a friend and installed OpenWRT on it. It was inexpensive and is very well supported by OpenWRT. According to their Supported devices page, it uses U-Boot for its bootloader. In any case, I'm comfortable with this.

Re:

[fahrbot-bot]

Ninja'd! I came here to say the same thing. And one of the great things about OpenWRT is it runs on all kinds of stuff, including a TP-Link ac1750, which is a good, cheap, reliable option. My parent's house has used one since 2008 with repeaters. QoS FTW!

https://openwrt.org/toh/start [openwrt.org]

I recently got an AC1750 (v5) for a friend and installed OpenWRT on it. Picked it specifically as it was inexpensive, fairly capable and very well supported by OpenWRT. Seems pretty solid. At home, I just replaced my D-Link DSR-250 with a spare PC running OPNsense, attaching my D-Link DAP-2660 AP for wireless devices -- which is also supported by OpenWRT, but I haven't switched it to that (yet).

Re:

[DrMrLordX]

Okay, what about the people using stock firmware?

buy American!

[Thud457]

geeze, does Philco^W RCA even make routers?!!

Re:

[UnknowingFool]

I am pretty sure Tandy makes routers, right?

Re:

[echo123]

There's always Zenith, who developed the three button TV remote control clicker that never needs batteries. They must still be in business.

Re:

[dskoll]

Zenith is still in business. Though, it's a wholly-owned subsidiary of LG since 1999.

And that clicker remote-control was pretty clever for its time.

Re:

[TrumpShaker]

I think they got bought/absorbed by LG?

Re:

[ArchieBunker]

I checked with Crosley and Atwater Kent and neither make routers.

Re:

[Temkin]

I checked with Crosley and Atwater Kent and neither make routers.

Try Babcock & Wilcox...

Re:

[TrumpShaker]

Hmm...wouldn't be a bad idea to start a company, let's call it 'TruePatriot Link", as an example. Get some stickers (make sure the stickers are produced in America). Buy some bulk routers on Alibaba or...better yet, buy bulk TP Link stuff. Slap an American Flag and "Made in America" stickers on it. Profit.

Okay... which leaves _what_ exactly?

[Pizza]

Please, oh wise congressional panel, tell us which models on the market today _aren't_ at least partially made in China.

Re:

[UnknowingFool]

Seriously the only two routers I owned that I know that were not made in China were ones I assembled from spare, unused computers. Even then some of the parts were probably made in China.

Difference

[JBMcB]

There is a difference between a Chinese company building routers and a Taiwanese or American company having routers assembled in China. That difference is that, by law, if a Chinese company finds a CVE in their router, they have to first disclose it to the Chinese state security agency. A Taiwanese or American company is under no such restriction, unless their programmers and primary operations are located in China.

Re:

[Fons_de_spons]

Devil's advocate: "I am glad you asked. We have a brand new TRUMP router available. It carries your favorite president's picture and it is gold plated. On top of that it is made in America*!" Your internet will never have been so smooth and fast. The TRUMP router will not give you headaches like those nasty Chinese models do.
All hail America!"

* the continent

Re:

[fahrbot-bot]

We have a brand new TRUMP router available.

Stop giving him ideas. :-)

And use what?

[VirtuallyUnlimited]

So what exactly are the average, non technical, user supposed to use?
What routers are not made in or by China?
I seem to recall an issue where Cisco equipment was getting extra chips installed during manufacturing that sent packets to other places.

Shouldn't we just harden out BGP and IP approve lists to prevent packet from going to specific regions if we want to improve security?

Re:

[hierofalcon]

With the ability to run cloud based servers anywhere, exactly how are you going to determine if a packet is ultimately destined for China? Any information really important can be downloaded "locally" and go in a diplomatic pouch.

Re:

[Anonymous Coward]

Use Cisco so you can get pwned by the NSA+FBI+CIA as Gov intended. There have been so many backdoors found in Cisco stuff - just look at the CVEs (e.g. undocumented hard coded credentials with no workaround other than update). Meanwhile I just hear mainly accusations vs the Huawei stuff, they don't link to the CVEs (or the CVEs aren't even Huawei stuff, or they look as much as backdoors as Microsoft's bugs).

So if you use Huawei they would find it more inconvenient to pwn you (maybe they'd have to burn some

Re:

[DarkOx]

Not that it is entirely free of Chinese chips but most RPi's are assembled in the UK, IIRC.

but yes, be Congress, CISA, NSA, NIST or whoever just keeping an ever lengthening list of names which might be re-branding something else anyway that people are supposed to stay away from is unhelpful.

They need of an affirmative list of recommended suppliers/equipment if they expect even a finite number of people to pay attention.

That said does this market even exist anymore? Sure every nerd has their own router but i

Re:

[TrumpShaker]

What about a Fritz!Box? Are those still in production in Germany?

Great

[MobileTatsu-NJG]

A U.S. congressional committee has urged Americans to remove Chinese-made wireless routers from their homes, including those made by TP-Link, calling them a security threat that opened the door for China to hack U.S. critical infrastructure.

Oh good, let's go buy new shit immediately after kicking off economic chaos.

Re:

[UnknowingFool]

Except I think those new routers are made in China as most of them are, I suspect.

Re:

[TrumpShaker]

Surely, you can afford it! (pun intended). Very affordable at the moment, maybe not after tariffs are in for a while.
Make your own router [stlmotherhood.com]

Yeah that is not happening soon

[UnknowingFool]

I do not know about you but the last two consumer routers I have purchased were made in China. Like other electronics, I suspect most of them are made in China. That advice is like asking Americans not to buy gasoline that is sourced from foreign crude oil.

Ditch China made routers?

[nikkipolya]

Most hardware is China made. Our laptops, desktops, mobiles... the list is endless. Are they going to ask us to ditch all of it eventually? Do they have a contingency plan or are they just pulling this ribbon out of their rear? Who are these people in the US congressional committee and were they sleeping all these decades to suddenly ask us to do this?

Re:

[txyoji]

He probably typed up that memo on his lenovo laptop.

Re:

[gweihir]

The do not want to clean Chinese stuff out. They just want to make sure it is US companies you buy the Chinese stuff from.

Re: How about a trade in program

[fluffernutter]

Their mesh router is cheap for the area coverage. Almost half the price of Netgear version.

How am I to know about Asus?

[jddj]

Should be Taiwanese, but seems like they'd be a very likely infiltration target for China.

Re:

[bill_mcgonigle]

If you believe the NSA the Supermicro boards were bugged from the factory.

Also Cisco.

Also Ed Snowden proved they lie to Congress.

Also no arrests.

Re: How am I to know about Asus?

[BeepBoopBeep]

You wonâ(TM)t arrest yourself

Re: How am I to know about Asus?

[jddj]

Yeah, I'm aware of domestic spying and I am against it, support the EFF, EPIC and ACLU with annual donations to fight against it and other US governmental abuses.

But I'm interested here in Chinese infiltration. Asus is a pretty good choice for quality. I wanna know is it free of Chinese backdoors.

Why? Russia (hence China) are USA's friends now.

[4wdloop]

Why do in USA care anymore? Our own government openly support Russia now, as of 03/2025 and hence Russia is pretty much owned by China due to it's being supported during the war, the USA is lining up with both. So nothing to fear from China and Russia, our new "friends".

Re:

[JBMcB]

Why do in USA care anymore?

Please diagram that sentence.

Re:

[bill_mcgonigle]

The grammar is correct in Ukrainian.

Re:

[4wdloop]

Sorry, Why does USA care anymore.

Re:

[Tablizer]

It's Trump Era, chopping parts speech good! Verbs obsolete, no more woke-talk! Transitive verbs specially gotta go, turns our kids be fruits!

Re:

[Tablizer]

2 wrongs don't make 1 right.

(In Orangie's case, it's 472 wrongs.)

PFSense...

[zendarva]

My AP is manufactured in china, but my router is just a normal computer. Which... to be fair... was probably partially manufactured in china.

Yep, only US backdoors are good backdoors!

[gweihir]

They still stink just the same...

What about connected cars?

[BigMac7400]

At least you can save you investement while most router can be flashed with open source alternative like OpenWRT or PfSense. I'm much more worried about totally closed and always connected cars to mainlain China where consumers have absolutely no controle over softwares running on their car infotainment system.

Whatever credibility Congress had is long gone

[matthewcharles2006]

This Congress is stuffed with bootlicking simps, liars, proud know-nothings, and geriatrics. No one should take their advice on anything, unless its how to really get your tongue into those hidden crevices.

Re:

[bussdriver]

Geriatrics are just fine; age seems the last widely supported bigotry!
The problem is corruption not age. If you are lucky enough to have a reasonably honest politician or even more lucky to have a reasonably competent one, then you need to hold onto them as long as possible!

OpenWRT

[bill_mcgonigle]

I have a TPLink in my chicken coop/ham shack doing VLAN routing.

It runs an OpenWRT and I have zero concern about China.

Do they mean running stock hardware with remote admin web interface turned on?

Congress sounds like it is truly inept.

Re:

[alleycat0]

Fellow ham here: Would moving my shack into a chicken coop (i.e., Faraday cage) block all that pesky interference from switch-mode power supplies, LED fixtures, my RF-noisy-ass router, etc?!?

Re:

[TrumpShaker]

roflmao, I thought they had some pigs in with their chickens.

ISP Replacements

[RitchCraft]

I have Omni Fiber in Ohio that supplies TP-Link routers to their customers. Will ISPs be required to pull and replace these? And if so, with what? Damn near all tech companies have opted to have their devices built in China using slave labor. Will customers be allowed to reflash their ISP provided routers? I don't think so. And even if they could the router's boot loader does not get replaced leaving a threat still possible. The government was warned over 30 years ago that allowing companies to get so embed

As opposed to American made wireless routers?

[stripes]

remove Chinese-made wireless routers from their homes,

Ok, well I have these Google (er, Nest...no...Google?) WiFi routers, made in....oh hey China! Maybe I should ditch them and buy some American Amazon Eero WiFi routers? I think they are made in Vietnam, that’s good right? Yeah? No? Should I fall back on my very very old Apple WiFi routers most definitely made in China?

Does anyone make WiFi routers in the USA?

Also

[dskoll]

But where's the congressional panel urging the US to ditch Russian-made presidents?

Does congress even matter anymore?

[MeNeXT]

And why should I listen to what they have to say when their own constitution doesn't matter anymore? Why should anyone care when the government doesn't and allows a clown to play games with peoples lives. How can anyone believe anything coming from the US government and that clown?

Yeah Canada is causing the fentinal problem is the states because too much is getting out and into Canada. That's why we need tariffs.

King Musk running around like a chicken with his head cut off inventing lies to justify stupidit

Congressional panels

[MachineShedFred]

So where's the congressional panel's report on why we should pay any attention to literally anything this Congress says, when they've abdicated their oversight responsibilities into a glorified rubber stamp session for Mudface Caligula and his merry band of billionaires trying to auction off every bit of this country they can to the highest bidder while trying their level best to tank the economy to bread-lines degree?

Fuck those oath-breaking traitors. When they start doing their jobs again, I'll start listening to what they have to say about anything.