Summary
- Texas sues TP-Link over “Made in Vietnam” labels and alleged China-linked security threats.
- TP-Link has come under fire several times in recent years for security practices and ties to Chinese hacking groups.
- If you have a TP-Link router, your best bet is probably to switch brands, but there are some other options.
The Texas Attorney General has filed a lawsuit against TP-Link Systems, Inc., the US arm of TP-Link. The lawsuit alleges deceptive trade practices and national security risks. The core complaints are that the company’s “Made in Vietnam” stickers mislead consumers about the company’s ties to China and that the company has been used by state-sponsored Chinese hacking groups to launch cyber attacks against the United States.
This isn’t the first time TP-Link has drawn scrutiny
There have been concerns about TP-Link going back to 2023.
For those who aren’t familiar, here’s a brief history of the TP-Link controversy:
- Starting in about 2019, TP-Link’s popularity began to grow rapidly, taking a significant portion of the router market share in the US.
- In 2023, security researchers discovered an “implant” in TP-Link routers attributed to a state-sponsored group of Chinese hackers called Camaro Dragon.
- In early 2024, the FBI and CISA issued warnings about a Chinese hacking group called Volt Typhoon that was using routers from several brands, including TP-Link, to build a botnet of routers.
- In late 2024, multiple probes were opened into TP-Link. The company split its US arm off from its Chinese parent company and moved some manufacturing to Vietnam to avoid “Made in China” labels.
That brings us up to the present lawsuit. At this point, it’s safe to say that even if nothing comes of the suit, TP-Link’s reputation will have taken a major hit. In fact, the US has been considering a ban on TP-Link routers for some time.
What you can do if you own a TP-Link router
If you have a TP-Link router and you’re concerned about privacy and security, you have a few options.
Switch router brands
The simplest and most effective option is to replace it with a different router brand.
- ASUS is based in Taiwan and generally well-regarded for security.
- Netgear is a well-known, reputable American brand.
- Ubiquiti is another American brand with strong security features.
ASUS and Netgear are probably the most popular alternatives to TP-Link, and they have a ton of models to choose from to fit different needs and budgets.
Use a VPN
If you can’t (or don’t want to) replace your TP-Link router, consider using a VPN. In fact, you should probably be using one regardless of your router. Even if your router is compromised, a VPN will ensure that anyone looking can’t see your traffic. You can even self-host your own VPN for maximum control.
The main downside here is that VPNs only work on the devices connected to them. If the VPN is running on your laptop, other devices on your network aren’t protected. Technically, you can run the VPN directly on your router, but if the router is compromised, this may actually be a bad idea.
Manage your router locally
TP-Link routers use a TP-Link ID and a smartphone app for management. These connect to the internet, so they’re a potential avenue of data loss if the routers are truly compromised. You can work around this somewhat:
- Unbind your TP-Link ID: Log into the TP-Link web interface by going to http://tplinkwifi.net/. Log in with your admin password, navigate to Advanced > TP-Link ID, and click Unbind next to your email address. This stops the router’s main “call home” avenue.
- Manage the router locally: Delete the smartphone management app and manage your network locally using the router’s management page.
These measures don’t necessarily guarantee that the router won’t phone home, but it does eliminate the most common reasons for it to do so.
Ultimately, if you have a TP-Link router, you don’t necessarily need to get rid of it (yet), but we definitely recommend taking some extra security measures and keeping an eye on new developments in this case.
