After TikTok, the WiFi router in your home may be next Chinese tech ban target
The logo of TP-Link appears on the products of router manufacturer TP-Link in Fuyang, China, on December 19, 2024. (Photo by Costfoto/NurPhoto via Getty Images)
Nurphoto | Nurphoto | Getty Images
While the TikTok ban has lawmakers scurrying and chatter about Chinese influence over U.S. tech at a fever pitch, another danger is lurking. One of Amazon’s top-selling router brands, TP-Link, has been under scrutiny by regulators as posing a threat to American infrastructure. Experts worry that China could exploit the routers to launch attacks on critical infrastructure or steal sensitive information.
Rep. Raja Krishnamoorthi (D-IL) and Rep. John Moolenaar (R-MI) sent a letter to the U.S. Department of Commerce last summer, touching off a flurry of investigations and calls for a ban. The letter, which the Wall Street Journal first reported, flagged “unusual vulnerabilities” and required compliance with PRC law as disconcerting. “When combined with the PRC government’s everyday use of SOHO [small office/home office] routers like TP-Link to perpetrate extensive cyberattacks in the United States, it becomes significantly alarming,” the letter stated.
But so far, no action has been taken, and Krishnamoorthi is concerned.
“I am not aware of any plans to get them out,” Krishnamoorthi said. He pointed to the government’s “rip and replace” plan with Huawei network equipment as a precedent that could be followed. The government mandated in 2020 that companies rid themselves of Huawei equipment, which was deemed to pose a national security threat. Efforts to remove the equipment are still ongoing.
According to data he cited, TP-Link has a 65% share of the U.S. router market, and its success has followed a similar playbook used by China with other technology: make a lot more than they need, export the surplus to undercut the competition, and use the technology to backdoor access or to disrupt.
“I am wondering whether something similar needs to be done, at least in regards to national security agencies, Department of Defense, and Intelligence,” Krishnamoorthi said. “It just doesn’t make sense for the U.S government to be buying the routers.”
The routers were among brands in the market linked to hacks on European officials and the Typhoon Volt attacks.
An Amazon best seller inside our online histories
Krishnamoorthi’s concerns go beyond the federal government. State and local utilities that have them could be vulnerable, he said, as well as people who have the routers at home.
“The PRC has every intent to collect this data on Americans and they will, why give them another backdoor?” Krishnamoorthi said.
Browsing history, and family and employer information, are all at risk.
“I would not buy a TP-Link router, and I would not have that in my home,” he added, and noted that he never had TikTok on his phone.
Ranking member Raja Krishnamoorthi (D-IL) participates in the first hearing of the U.S. House Select Committee on Strategic Competition between the United States and the Chinese Communist Party, in the Cannon House Office Building on February 28, 2023 in Washington, DC. The committee is investigating economic, technological and security competition between the U.S. and China.
Kevin Dietsch | Getty Images News | Getty Images
There are multiple versions of TP-Link routers available on Amazon, with one labeled a “best seller” retailing for $71. Amazon did not respond to questions about whether it planned to pull the routers.
A spokesman for the majority of the Select Committee on the Chinese Communist Party, chaired by Moolenar, told CNBC the TP-Link routers pose an espionage risk to Americans because the company is beholden to the Chinese government, who are engaged in a full-scale hacking campaign against the United States and our people. “Because of this, we hope to see TP-link routers banned in the coming year, coupled with programs to replace existing Chinese routers with safe American alternatives.”
TP-Link Technologies has said in response to the accusations that it does not sell router products in the U.S. and denied its routers have any cybersecurity vulnerabilities. TP-Link Systems, which recently built a new headquarters for the U.S. market in Irvine, California, has had operations in the state since 2023, and says it is a separate company with separate ownership, and most of the routers made for the U.S. market come from Vietnam.
“TP-Link Systems is proactively seeking opportunities to engage with the federal government to demonstrate the effectiveness of our security practices and to demonstrate our ongoing commitment to the American market, American consumers and addressing U.S. national security risks,” the company told the Orange County Business Journal earlier this month.
The People’s Republic of China’s ministry in the United States did not respond to a request for comment.
The problem of unencrypted communication
A consensus on the best way to combat the problem, and enact a ban, remains elusive, given how widespread use of the routers already is within U.S consumer and business markets.
Guy Segal, vice president of corporate development at cybersecurity services company Sygnia, said in addition to TP-Link router prevalence in government institutions, including defense organizations, the company has the majority of the U.S. market in routers for homes and small businesses.
“The pervasiveness of this technology and the potential risks associated with it do present security concerns for users that should be taken seriously, whether at the consumer level or a national security consideration for government entities,” he said.
If a ban is to come, it is more likely going to be spurred by the national security concerns, and the implications the routers could have on military readiness and national security, than the risk to home internet consumers. Segal said if momentum for a ban picks up inside the government, the action would have to be implemented in phases, given the ubiquity of the TP-Link router. The most practical approach would be to start by banning use in the federal and defense sectors.
The letter from the Congressional group to Commerce last summer cited a PRC government that has demonstrated a willingness to sponsor hacking campaigns using PRC-affiliated SOHO routers, “particularly those offered by the world’s largest manufacturer, TP-Link — and consider using its ICTS authorities to properly mitigate this glaring national security issue.”
Matt Radolec, vice president of incident response and cloud operations at security company Varonis, says that the government is on the right track, and consumers should not ignore the issue even if the threat of a ban on home devices may not be imminent. “Banning routers from certain manufacturers is a sound security decision,” Radolec said. “Consumers, in general, should be aware of the implications to their personal privacy.”
The underlying problem with the TP-Link routers, he said, is unencrypted communication, and it is an issue where the public is underinformed.
“All unencrypted communications on these routers could be compromised, which is worrisome because intra-network communication is often unencrypted for performance’s sake. You’ll get faster internet speeds, but you could be risking your personal data,” Radolec said.
Even if banking information, for instance, is encrypted, that wouldn’t protect all the unprotected personal data that passes through an unprotected, vulnerable home router.
“It’s time for the general public to be aware of the differences between encrypted and unencrypted communications, and browser and device manufacturers must do a better job informing the public about the privacy risks when you send your data over unencrypted links,” Radolec said. “I think we need to ask ourselves, as consumers, is that something we want to be potentially exposed to?”
The Google logo is displayed during the Made By Google event at Google headquarters on August 13, 2024 in Mountain View, California.
Justin Sullivan | Getty Images
Google employees have begun circulating an internal petition titled “job security” ahead of expected cost cuts this year, CNBC has learned.
The petition has been signed by more than 1,250 employees and was viewed by CNBC. It is the latest sign of employee upheaval at Google, which has struggled to maintain high morale among its workforce after a year filled with embarrassing product rollouts, worker protests sparked by controversial enterprise contracts and continued rounds of layoffs that stretch back to 2023 and are expected to continue.
“We, the undersigned Google workers from offices across the US and Canada, are concerned about instability at Google that impacts our ability to do high quality, impactful work,” the petition says. “Ongoing rounds of layoffs make us feel insecure about our jobs. The company is clearly in a strong financial position, making the loss of so many valuable colleagues without explanation hurt even more.”
New CFO Anat Ashkenazi said in October that one of her top priorities would be to drive more cost cutting as Google expands its spending on artificial intelligence infrastructure in 2025.
“Any organization can always push a little further and I’ll be looking at additional opportunities,” she said, referring to cost cutting, which sparked an internal reaction. Shortly after Ashkenazi’s statements, employees pressed executives for clarity but weren’t given any more details on Ashkenazi’s plans.
The petition calls on Google CEO Sundar Pichai to offer buyouts before conducting layoffs, to guarantee severance to employees that get laid off and to not give low performance review ratings for the purpose of removing employees. The petition also calls for Google’s leadership to offer voluntary buyouts before enacting layoffs.
In the petition, Google employees call on the company’s leadership to not “force” low performance reviews to justify removing certain employees. Results from the company’s annual performance review process, known as Google Reviews and Development, or GRAD, are expected soon.
The company does not have forced rating distributions for GRAD, and every employee is rated on their performance and impact based on their role, level and the expectations they set with their manager, a spokesperson for Google told CNBC.
The petition asks for guaranteed severance equivalent to what laid off employees were offered in January 2023. That year, Google laid off more than 12,000 employees. At the time, Google executives boasted of its severance package, which included 16 weeks salary plus two weeks for every additional year employees worked at the company.
Since then, Google has continued with more rounds of layoffs throughout its various division, and impacted employees have told CNBC that their severance packages have varied.
– CNBC’s Salvador Rodriguez contributed to this report.
WATCH: Twenty years in, Google Maps turns to AI to maintain dominance
Satya Nadella, CEO of Microsoft, speaking on CNBC’s Squawk Box outside the World Economic Forum in Davos, Switzerland on Jan. 22nd, 2025.
Gerry Miller | CNBC
Microsoft is in the middle of the artificial intelligence boom, but it’s been a while since investors have seen the rewards.
The software giant’s stock price is up less than 8% in the past year. That’s by far the weakest gain among the eight U.S. tech megacap companies. Apple has the next slimmest increase at 19%, followed by Alphabet at 26%. All the others are up at least 48%, and Tesla is the top performer in the group, up 117%.
Microsoft is also badly trailing the tech-heavy Nasdaq, which has gained 25% in the past year.
That’s the backdrop heading into Microsoft’s quarterly earnings report Wednesday. The company is kicking off tech earnings season, along with Meta and Tesla. Apple follows on Thursday, and Alphabet and Amazon report next week.
The biggest question for Microsoft shareholders surrounds the company’s Azure cloud-computing business and whether it will show accelerating growth.
In October, Microsoft told investors that demand for Azure services outstripped supply because of a delay from a third-party provider. Finance chief Amy Hood said she still foresees an increase in Azure’s growth rate in the first half of 2025, but for the December quarter, she called for 31% to 32% growth at constant currency, which would be down from 34% in the prior period. Microsoft’s stock slipped 6% the next day.
Since the last quarter of 2023, Azure growth has increased by 2 percentage points. Meanwhile, top rivals Amazon and Alphabet have seen cloud growth over that stretch accelerate by 7 points and 13 points, respectively. It’s a matter of particular importance to investors, because Microsoft now has tens of billions of dollars in quarterly capital expenditures to meet cloud and AI needs of customers.
A Microsoft spokesperson didn’t provide a comment.
Microsoft operates in many other markets. But investors gravitate to cloud first, because it’s a sizable category that’s still rapidly expanding as companies continue to move away from owning and operating their own data centers and as they add heftier workloads.
Overall, Microsoft is expected to report revenue growth of 11% from a year earlier to $68.8 billion, according to LSEG. That would mark the slowest year-over-year growth for any quarter since mid-2023. Analysts expect earnings per share to increase to $3.11 from $2.93 a year ago.
Investors were more bullish on Microsoft in 2023, sending the stock up more than 50%, its best year since 2009. The driving force was Microsoft’s intimate relationship with ChatGPT creator OpenAI, which sparked the generative AI boom and led to a historic increase in investments.
Microsoft is OpenAI’s leading backer, having poured nearly $14 billion into the AI startup. Through the partnership, Microsoft gets a lot of cloud business but also spends heavily on building out infrastructure.
The relationship changed in an important way last week, when Microsoft said OpenAI will no longer use Azure on an exclusive basis, except when it comes to handling incoming queries from developers. Going forward, OpenAI will have to check with Microsoft when it seeks more computing capacity, and Microsoft will be able to accept or turn away the request.
The announcement came at the same time as President Donald Trump’s introduction of Stargate, an AI infrastructure initiative involving SoftBank, OpenAI and Oracle.
In its own blog post, OpenAI named Microsoft as a technology partner but not a member of the group that will build and operate Stargate, which has the potential to draw up to $500 billion in investment. Microsoft has committed to $80 billion in AI-related capital expenditures in the year that ends June 30. Much of that is being directed toward Nvidia’s graphics processing units, or GPUs.
Analysts at Cowen wrote in a report that last week’s developments could help Microsoft reaccelerate the Azure growth rate into the mid-30s. They said Microsoft has been “funding GPU capex investments for OpenAI model training but not collecting revenue,” and that by pushing some of that training elsewhere, the company can “show improved capex efficiencies and stronger returns on capital spend” while keeping its access to OpenAI.
Kevin Walkush, a portfolio manager at Jensen Investment Management, said he expects the AI investment will pay off in the long run.
“If AI doesn’t show up, there’s still a long runway for cloud,” said Walkush, whose firm held about $913 million in Microsoft shares at the end of September. “But I think the chance of AI showing up is really high, so that’s the bet I’m willing to let them make to take advantage of this opportunity.”
-
Sports2 years ago‘Storybook stuff’: Inside the night Bryce Harper sent the Phillies to the World Series
-
Sports10 months agoStory injured on diving stop, exits Red Sox game
-
Sports1 year agoGame 1 of WS least-watched in recorded history
-
Sports2 years agoMLB Rank 2023: Ranking baseball’s top 100 players
-
Sports3 years ago
Team Europe easily wins 4th straight Laver Cup
-
Environment2 years agoJapan and South Korea have a lot at stake in a free and open South China Sea
-
Environment2 years agoGame-changing Lectric XPedition launched as affordable electric cargo bike
-
Business2 years agoBank of England’s extraordinary response to government policy is almost unthinkable | Ed Conway