US congressional committee on China urges Americans to ditch TP-Link routers

A U.S. congressional committee on Wednesday urged Americans to remove Chinese-made wireless routers from their homes, including those made by TP-Link, calling them a security threat that opened the door for China to hack U.S. critical infrastructure.

The House of Representatives' select committee on China has pushed the Commerce Department to investigate China's TP-Link Technology Co, which according to research firm IDC, is the top seller of WiFi routers internationally by unit volume.

U.S. authorities are considering a ban on the U.S. sale of the company's routers, according to media reports.

Rob Joyce, former director of cybersecurity at the National Security Agency, told a committee hearing that TP-Link devices, exposed individuals to cyber intrusion through which hackers could gain leverage to attack critical infrastructure.

The company appeared to be dominating U.S. retail market share by selling devices at low prices to drive out competition, Joyce said.

"We need to all take action and replace those devices so they don't become the tools that are used in the attacks on the U.S.," Joyce said, adding that he understood the Commerce Department was considering a ban.

TP-Link did not respond immediately to a request for comment.

The committee's Democratic ranking member Raja Krishnamoorthi, holding up a consumer-grade TP-Link router, said: "Don't use this."

"I don't have one at home either. It's not a good idea," Krishnamoorthi said.

Joyce said Chinese government-linked hackers were "approaching a peer status" with U.S. cyber capabilities, and that he had grave concerns that the Trump administration's efforts to cut the federal workforce could undermine U.S. cyber defenses.

"Eliminating probationary employees will destroy a pipeline of top talent essential for hunting and eradicating PRC threats," Joyce said, referring to the People's Republic of China.

Democratic Representative Shontel Brown said the Trump administration had laid off more than 130 officials from the Cybersecurity and Infrastructure Security Agency (CISA).

In 2023, CISA said TP-Link routers had a vulnerability that could be exploited to execute remote code.

Krishnamoorthi said the U.S. must deter Chinese hackers by going on offense.

"I think that we should also consider potentially enlisting private sector actors to hack back at the hackers. I'm going to get in a lot of trouble for saying that, but I think you have to sometimes use fire against fire," Krishnamoorthi said.