US government proposing a ban on future sales of TP-Link routers

U.S. government agencies are proposing a ban on future sales of TP-Link routers, America's most popular home WiFi brand, citing national security risks tied to the company's Chinese origins and potential for embedded vulnerabilities.

TP-Link, spun off from a Chinese firm and now based in Irvine, California, faces scrutiny for slow responses to known security flaws, according to cybersecurity experts.

Routers serve as internet gatekeepers, beaming WiFi to devices and controlling data flow into homes—making them prime targets for remote hijacking by criminals or state-sponsored hackers.

Such exploits could turn user gadgets into unwitting launchpads for scams, corporate espionage, or broader cyber operations, without directly stealing personal data.

Cisco Talos outreach head Nick Biasini warned: “You don’t want the FBI to knock on your door.”

The proposal builds on Huawei precedents, targeting future imports to curb reliance on foreign hardware susceptible to backdoors.

Device security firm Finite State CEO Matt Wyckhouse defended TP-Link, claiming its track record matches competitors, but acknowledged industry-wide lapses in enforcing digital standards.

Many TP-Link models, praised for affordability and performance on review sites, lack robust protections against exploits.

The ban highlights broader IoT vulnerabilities: cars, vacuums, doorbells, and garage openers connect online with minimal safeguards, exposing households to remote attacks.

TP-Link stated it “promptly troubleshoots and patches vulnerabilities” and exceeds peer standards.

Users with existing TP-Link routers face no immediate replacement mandate, but experts urge switching to non-Chinese alternatives with stronger security histories.

Internet provider-supplied routers often obscure manufacturers, complicating checks.