In a week that saw TikTok’s rapid banning and unbanning, concerns are being revisited about another technology presence in American homes. In an interview with CNBC, Rep. Raja Krishnamoorthi (D-IL), ranking member of the House Select Committee on Strategic Competition between the United States and the Chinese Communist Party, expressed concerns about TP-Link — the Chinese networking giant that powers roughly two-thirds of U.S. home internet connections.
The scrutiny began last summer with a letter to the U.S. Department of Commerce from Krishnamoorthi and Rep. John Moolenaar (R-MI), first reported by the Wall Street Journal. The letter flagged “unusual vulnerabilities” and required compliance with the People’s Republic of China (PRC) law as particularly concerning. “When combined with the PRC government’s everyday use of SOHO routers like TP-Link to perpetrate extensive cyberattacks in the United States, it becomes significantly alarming,” the letter stated, according to CNBC. Note that SOHO router refers to “small office/home office” routers.
Krishnamoorthi maintains a strong stance on the issue. “I would not buy a TP-Link router, and I would not have that in my home,” he told CNBC, noting that he similarly avoided having TikTok on his phone. “The PRC has every intent to collect this data on Americans and they will, why give them another backdoor?”
However, cybersecurity data presents a more nuanced picture. According to the Cybersecurity and Infrastructure Security Agency’s vulnerability database, TP-Link has recorded only two known security issues, compared to Cisco Systems’ 74 vulnerabilities, Ivanti’s 23, and D-Link’s 20, Dark Reading reports. While the routers have been linked to several significant security incidents, including the Typhoon Volt attacks and compromises of European officials’ networks, security experts note these incidents often involved default password configurations — a vulnerability common across all router brands, not just TP-Link.
This context could challenge prevailing narratives about Chinese-made networking equipment. The high number of compromised TP-Link devices appears to reflect their dominant market position rather than inherent security flaws, as every router manufacturer ships devices with default passwords (often simple combinations like “admin” and “admin”) that users are advised to change.
Beyond The Headlines: What Security Data Really Shows
The path to TP-Link’s market dominance follows what Krishnamoorthi describes to CNBC as a familiar pattern — “make a lot more than they need, export the surplus to undercut the competition, and use the technology to backdoor access or to disrupt.” This strategy has led to TP-Link’s prominent position on Amazon, where CNBC reports that its best-selling router retails for $71. Amazon has not responded to CNBC’s questions about whether it plans to pull the routers.
TP-Link Technologies has denied to CNBC that its routers have any cybersecurity vulnerabilities. TP-Link Systems, which has operated in California since 2023 and recently built a new headquarters in Irvine, says most of the routers made for the U.S. market come from Vietnam, according to statements made to the Orange County Business Journal earlier this month. In addition, the company tells CNBC that it “is proactively seeking opportunities to engage with the federal government to demonstrate the effectiveness of our security practices and to demonstrate our ongoing commitment to the American market, American consumers and addressing U.S. national security risks.”
Reducing Home Network Risks
While the policy debate continues, cybersecurity experts emphasize that router security depends more on configuration and monitoring, than manufacturer origin. Matt Radolec, vice president of incident response at Varonis, identifies unencrypted communication as a fundamental concern. “All unencrypted communications on these routers could be compromised, which is worrisome because intra-network communication is often unencrypted for performance’s sake,” he explained to CNBC. Even if banking information is encrypted, that wouldn’t protect all the unprotected personal data passing through a vulnerable home router.
For concerned users, there are a number of network monitoring tools available, like Wireshark — a free protocol analyzer that provides unprecedented visibility into home network activity. Similar to putting network traffic under a microscope, Wireshark allows users to capture and examine data flowing through their networks, identifying unusual patterns, potential security threats, and unencrypted communications that might put personal data at risk.
Policy Implications And Potential Impact
Ultimately, the resolution of this issue could set precedents for how nations approach technology infrastructure security, and the scrutiny of TP-Link follows a pattern of increasing oversight of Chinese technology in U.S. infrastructure. In 2022, the Federal Communications Commission unanimously banned several Chinese firms, including Huawei and ZTE, from selling new equipment in the U.S.
Guy Segal, vice president of corporate development at cybersecurity services company Sygnia emphasizes broader implications, telling CNBC that the “pervasiveness of this technology and the potential risks associated with it do present security concerns for users that should be taken seriously, whether at the consumer level or a national security consideration for government entities.”
Thomas Pace, former Department of Energy cybersecurity head and current CEO of NetRise, also suggests to Dark Reading that the issue transcends pure security considerations, pointing toward “economic policy value” in these decisions. This perspective suggests a broader shift in U.S.-China tech relations, where security concerns increasingly intersect with economic strategy.
As for consumers, from TikTok’s brief disappearance, to concerns about router security, the public is facing an increasingly complex relationship with Chinese technology. With major tech platforms pushing deeper into our homes through smart devices, streaming services, and cloud connectivity, the security of internet connections has never been more critical. The outcome could influence not just how we buy routers, but how comfortable users feel about building their digital lives around technology that connects them to the world – regardless of where that technology comes from.
