{"id":6711,"date":"2024-12-20T11:23:44","date_gmt":"2024-12-20T17:23:44","guid":{"rendered":"https:\/\/www.darkreading.com\/endpoint-security\/us-ban-tp-link-routers-politics-exploitation-risk"},"modified":"2024-12-20T11:23:44","modified_gmt":"2024-12-20T17:23:44","slug":"us-ban-on-tp-link-routers-more-about-politics-than-exploitation-risk","status":"publish","type":"post","link":"https:\/\/ddi.mohflo.net\/index.php\/2024\/12\/20\/us-ban-on-tp-link-routers-more-about-politics-than-exploitation-risk\/","title":{"rendered":"US Ban on TP-Link Routers More About Politics Than Exploitation Risk"},"content":{"rendered":"<div class=\"media_block\"><a href=\"https:\/\/i0.wp.com\/eu-images.contentstack.com\/v3\/assets\/blt6d90778a997de1cd\/blte4633ce684052bbc\/6764a1bfc6486768a63edfe5\/metamorworks-china-networking-shutterstock.jpg?ssl=1\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/us-ban-on-tp-link-routers-more-about-politics-than-exploitation-risk.jpg?w=640&#038;ssl=1\" class=\"media_thumbnail\"><\/a><\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">With US government agencies and lawmakers reportedly considering a ban on TP-Link&#8217;s products in the United States, one might think the company would rank high on the list of networking vendors with the most vulnerabilities currently being exploited by cyberattackers.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Not by a long shot.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The Chinese firm, whose products are popular among consumers and small businesses, currently has two security issues gracing the Known Exploited Vulnerabilities (KEV) list curated by the Cybersecurity and Infrastructure Security Agency (CISA), compared with 74 for Cisco Systems, 23 for Ivanti, and 20 for D-Link.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Yet US government officials&#8217; concern is less about known vulnerabilities, and more about unknown risks, including its routers&#8217; popularity in the United States \u2014&nbsp;where it accounts for about two-thirds of the market \u2014 and the degree to which the company is beholden to China&#8217;s government.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">While no researcher has called out a specific backdoor or zero-day vulnerability in TP-Link routers, restricting products from a country that is a political and economic rival is not unreasonable, says Thomas Pace, CEO of extended Internet of Things (IoT) security firm NetRise and a former head of cybersecurity for the US Department of Energy.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;The value to me [of a ban] is almost more around economic policy value than pure technical cybersecurity value,&#8221; he says. &#8220;To me, there is value in saying you shouldn&#8217;t buy these things because of X, Y, and Z reasons [and to make it] more difficult for small businesses, or whoever, to get their hands on devices from these companies.&#8221;<\/span><\/p>\n<p data-component=\"related-article\" class=\"RelatedArticle\"><span data-testid=\"related-article-title\" class=\"RelatedArticle-Title\">Related:<\/span><a class=\"RelatedArticle-RelatedContent\" data-discover=\"true\" href=\"https:\/\/www.darkreading.com\/endpoint-security\/blackberry-sell-cylance-arctic-wolf\" target=\"_self\">BlackBerry to Sell Cylance to Arctic Wolf<\/a><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"TP-Link \u2014 Not a Vulnerability Stand-Out\">TP-Link \u2014 Not a Vulnerability Stand-Out<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">In April 2024, one of two TP-Link vulnerabilities attracted the most vulnerability scanning by threat actors, according to <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.f5.com\/labs\/articles\/threat-intelligence\/sensor-intel-series-top-cves-april-2024\">an analysis<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> by cloud and application-security firm F5. The issue, a command injection vulnerability for TP-Link&#8217;s Archer AX21 router (<\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/cve-2023-1389\">CVE-2023-1389<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">), allows an unauthenticated attacker to easily compromise a device via a simple POST request.<\/span><\/p>\n<div readability=\"8\"><img data-recalc-dims=\"1\" decoding=\"async\" data-testid=\"content-image\" data-component=\"image\" class=\"ContentImage-Image ContentImage-Image_align_left\" data-src=\"https:\/\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/us-ban-on-tp-link-routers-more-about-politics-than-exploitation-risk-1.jpg\" src=\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/us-ban-on-tp-link-routers-more-about-politics-than-exploitation-risk-1.jpg?w=640&#038;ssl=1\" loading=\"lazy\" alt=\"A chart of networking vendors with vulns\" title=\"A chart of networking vendors with vulns\"><\/p>\n<p class=\"ContentImage-Link\">TP-Link ranks low on the list of networking vendors with known exploited vulnerabilities. Source: Author from CISA data<\/p>\n<\/div>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">In another incident, security firm Check Point Software Technologies discovered that TP-Link devices were also compromised with an implant known as <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/research.checkpoint.com\/2023\/the-dragon-who-sold-his-camaro-analyzing-custom-router-implant\/\">Camaro Dragon<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">. The implanted components were discovered in modified TP-Link firmware images, and not the original software shipped by the company, says Itay Cohen, research lead at Check Point Research.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Yet Cohen stresses that the implants were written in a firmware-agnostic manner and not specific to any particular product or vendor.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;It is worth noting that this kind of attack is not aimed specifically at sensitive networks, but rather at regular residential and home networks,&#8221; he says. &#8220;Therefore, infecting a home router does not necessarily mean that the homeowner was a specific target, but rather that their device was merely a <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/endpoint-security\/feds-confirm-remote-killing-volt-typhoon-soho-botnet\">means to an end for the attackers<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">.&#8221;<\/span><\/p>\n<p data-component=\"related-article\" class=\"RelatedArticle\"><span data-testid=\"related-article-title\" class=\"RelatedArticle-Title\">Related:<\/span><a class=\"RelatedArticle-RelatedContent\" data-discover=\"true\" href=\"https:\/\/www.darkreading.com\/endpoint-security\/versa-introduces-integrated-endpoint-data-loss-prevention-in-sase-solution\" target=\"_self\">Versa Introduces Integrated Endpoint Data Loss Prevention in SASE Solution<\/a><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">The threat posed by such vulnerabilities and implants are real, but the data from the KEV catalog shows that other manufacturers are just as likely to have their vulnerabilities exploited \u2014 and there are more of them. The lesson is that vulnerabilities in embedded devices are not unique to any one manufacturer or country of origin, says Sonu Shankar, chief product officer at Phosphorus Cybersecurity, an extended IoT cybersecurity provider.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;Nation-state actors frequently exploit weaknesses in devices from companies worldwide, including those sold by American manufacturers,&#8221; he says. &#8220;Devices lacking basic security hygiene \u2014 such as the use of strong passwords, timely firmware patching, or proper configurations \u2014 can become easy targets for cyberattacks.&#8221;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">TP-Link stressed this fact in a statement sent to Dark Reading.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;Many brands of consumer electronics are targeted by hackers, and we support government efforts to hold all producers to the same standard,&#8221; a company spokesperson said. &#8220;We&nbsp;welcome opportunities to engage with the federal government to demonstrate that our security practices are fully in line with industry security standards, and to demonstrate our ongoing commitment to the American market, American consumers, and&nbsp;addressing US national security risks.&#8221;<\/span><\/p>\n<p data-component=\"related-article\" class=\"RelatedArticle\"><span data-testid=\"related-article-title\" class=\"RelatedArticle-Title\">Related:<\/span><a class=\"RelatedArticle-RelatedContent\" data-discover=\"true\" href=\"https:\/\/www.darkreading.com\/endpoint-security\/test-your-cyber-skills-with-the-sans-holiday-hack-challenge\" target=\"_self\">Test Your Cyber Skills With the SANS Holiday Hack Challenge<\/a><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"China's Government Oversight Is Pervasive\">China&#8217;s Government Oversight Is Pervasive<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">But those assertions may be minimizing the influence of the Chinese government on the company&#8217;s operations: Most Western companies do not understand the degree to which Chinese officials monitor China&#8217;s business sectors \u2014 and cybersecurity firms \u2014&nbsp;as a component of government policy and national strategy, NetRise&#8217;s Pace says.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;It&#8217;s a totally different business culture,&#8221; he says. &#8220;There is a member of the PRC in every company&nbsp;\u2014&nbsp;that&#8217;s not even like an opinion, it&#8217;s just how it is. And if you think they&#8217;re not there to exert their influence, then you&#8217;re just an unbelievably naive person, because that&#8217;s exactly what they do, [including] for the purposes of intelligence gathering.&#8221;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Threat intelligence analysts have flagged the Chinese government national strategy documents and evidence showing their increasing efforts to compromise rival nations&#8217; infrastructure \u2014 such as the attacks by <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/governments-telcos-chinas-hacking-typhoons\">Volt Typhoon and Salt Typhoon<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;In recent years we see Chinese threat actors\u2019 increasing interest in compromising edge devices, aiming to both build resilient and more anonymous C2 infrastructures, and to gain a foothold in certain targeted networks,&#8221; Check Point stated in its analysis, but added that the &#8220;discovery of the firmware-agnostic nature of the implanted components indicates that a wide range of devices and vendors may be at risk.&#8221;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">China&#8217;s networking products are not alone in being targeted by the US government, which also <\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"><a class=\"ContentText-BodyTextChunk ContentText-BodyTextChunk_link\" target=\"_blank\" href=\"https:\/\/www.darkreading.com\/cybersecurity-operations\/kaspersky-us-customers-deadline-govt-ban\">banned the products of antivirus firm Kaspersky<\/a><\/span><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\"> because of national security concerns, given that it&#8217;s a Russian company.<\/span><\/p>\n<h2 class=\"ContentText ContentText_variant_h2 ContentText_align_left\" data-testid=\"content-text\" id=\"The Global Cyber Reality of Home Routers: Buyer Beware\">The Global Cyber Reality of Home Routers: Buyer Beware<\/h2>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">Companies and consumers should do their due diligence, keep their devices up to date with the latest security patches, and consider whether the manufacturer of their critical hardware may have secondary motives, says Phosphorus Cybersecurity&#8217;s Shankar.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;The vast majority of successful attacks on IoT are enabled by preventable issues like static, unchanged default passwords, or unpatched firmware, leaving systems exposed,&#8221; he says. &#8220;For business operators and consumer end-users, the key takeaway is clear: adopting basic security hygiene is a critical defense against both opportunistic and sophisticated attacks. Don\u2019t leave the front door open.&#8221;<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">For companies worried about the origin of their networking devices or the security their supply chain, finding a trusted third party to manage the devices is a reasonable option. In reality, though, almost every device should be monitored and not trusted, says NetRise&#8217;s Pace.<\/span><\/p>\n<p class=\"ContentParagraph ContentParagraph_align_left\" data-testid=\"content-paragraph\"><span class=\"ContentText ContentText_variant_bodyNormal\" data-testid=\"content-text\">&#8220;It&#8217;s a crazy world that exists when it comes to device security,&#8221; he says. &#8220;You&#8217;re accepting this device that you know nothing about \u2014 and that you really can&#8217;t know anything about \u2014 unlike Windows [or another operating system] &#8230; where you can also install three agents and a firewall in front of it to mitigate the risk of the software.&#8221;<\/span><\/p>\n<p><a href=\"https:\/\/www.darkreading.com\/endpoint-security\/us-ban-tp-link-routers-politics-exploitation-risk\">Source<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>With US government agencies and lawmakers reportedly considering a ban<\/p>\n","protected":false},"author":12,"featured_media":6712,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[1],"tags":[809],"class_list":["post-6711","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-uncategorized","tag-dark-reading"],"featured_image_urls":{"full":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/us-ban-on-tp-link-routers-more-about-politics-than-exploitation-risk.jpg?fit=1920%2C1080&ssl=1",1920,1080,false],"thumbnail":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/us-ban-on-tp-link-routers-more-about-politics-than-exploitation-risk.jpg?resize=150%2C150&ssl=1",150,150,true],"medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/us-ban-on-tp-link-routers-more-about-politics-than-exploitation-risk.jpg?fit=300%2C169&ssl=1",300,169,true],"medium_large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/us-ban-on-tp-link-routers-more-about-politics-than-exploitation-risk.jpg?fit=640%2C360&ssl=1",640,360,true],"large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/us-ban-on-tp-link-routers-more-about-politics-than-exploitation-risk.jpg?fit=640%2C360&ssl=1",640,360,true],"1536x1536":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/us-ban-on-tp-link-routers-more-about-politics-than-exploitation-risk.jpg?fit=1536%2C864&ssl=1",1536,864,true],"2048x2048":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/us-ban-on-tp-link-routers-more-about-politics-than-exploitation-risk.jpg?fit=1920%2C1080&ssl=1",1920,1080,true],"chromenews-featured":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/us-ban-on-tp-link-routers-more-about-politics-than-exploitation-risk.jpg?fit=1024%2C576&ssl=1",1024,576,true],"chromenews-large":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/us-ban-on-tp-link-routers-more-about-politics-than-exploitation-risk.jpg?resize=825%2C575&ssl=1",825,575,true],"chromenews-medium":["https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/us-ban-on-tp-link-routers-more-about-politics-than-exploitation-risk.jpg?resize=590%2C410&ssl=1",590,410,true]},"author_info":{"display_name":"Dark Reading","author_link":"https:\/\/ddi.mohflo.net\/index.php\/author\/darkreading\/"},"category_info":"<a href=\"https:\/\/ddi.mohflo.net\/index.php\/category\/uncategorized\/\" rel=\"category tag\">Uncategorized<\/a>","tag_info":"Uncategorized","comment_count":"0","jetpack_featured_media_url":"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2024\/12\/us-ban-on-tp-link-routers-more-about-politics-than-exploitation-risk.jpg?fit=1920%2C1080&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6711","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/users\/12"}],"replies":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/comments?post=6711"}],"version-history":[{"count":0,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/posts\/6711\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media\/6712"}],"wp:attachment":[{"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/media?parent=6711"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/categories?post=6711"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ddi.mohflo.net\/index.php\/wp-json\/wp\/v2\/tags?post=6711"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}