The U.S. government is considering banning TP-Link routers due to national security concerns. The primary reason stems from fears that TP-Link, a Chinese company, could potentially be subject to Chinese government influence, especially regarding cybersecurity risks. In this blog post, we will outline the key reasons behind these concerns and provide some mitigations to reduce the impact of this threat.
TP-link Router Concerns
- Chinese Government Influence: The U.S. government has long been wary of Chinese technology companies due to concerns over the Chinese government’s ability to potentially influence or access data through these companies. This is especially true with internet infrastructure devices like routers, which can potentially be used for surveillance, data theft, or cyberattacks.
- Cybersecurity Risks: The U.S. has increasingly cited cybersecurity vulnerabilities in foreign-made equipment, particularly from Chinese companies. Routers, as critical devices in any network, could be exploited to launch cyberattacks or spy on users, creating risks to national security and sensitive information.
- Unsubstantiated Allegations: Although no concrete evidence has been presented to suggest TP-Link routers are being used for espionage, the U.S. government has taken a precautionary approach, banning equipment that might be vulnerable to misuse.
- Password Spray Attacks: A password spraying attack involves a threat actor using a single common password against multiple accounts on the same application. This avoids the account lockouts that typically occur when an attacker uses a brute force attack on a single account by trying many passwords. Password spraying is particularly effective against businesses that participate in password sharing. The investigation into TP-link routers comes after a Microsoft report in October that revealed that a botnet of hacked SOHO routers—tracked as Quad7, CovertNetwork-1658, or xlogin and operated by Chinese threat actors—is mainly made from TP-Link devices. Microsoft assessed that multiple Chinese threat actors used the credentials acquired from CovertNetwork-1658 password spray operations to perform computer network exploitation (CNE) activities.
Managed Security Services for your Hybrid Workforce
Despite that fact that these concerns are being raised by the U.S. government, many Canadians are also using TP-Link routers in their home networks. Here's a list of some of the ways you can protect yourself and business:
- Replace your TP-link router with another brand
- Avoid password reuse
- Enforce multi-factor authentication on all accounts
- Consider transitioning to a passwordless primary authentication method
- Cybersecurity awareness training: Educate users about phishing attempts and MFA fatigue attacks
- Invest in Managed Endpoint Services
If you are concerned about security at your hybrid workplace, reach out to us for assistance.