Michigan congressman urges probe into security concerns with Chinese routers

(The Center Square) – A Michigan congressman has called on the Department of Commerce to launch a probe into Chinese Wi-Fi routers sold in America, citing their use in recent hacking attempts traced to the People’s Republic of China.

Chairman John Moolenaar, R-Mich, of the House Select Committee on the Strategic Competition Between the United States and the Chinese Communist Party submitted a letter this week with Ranking Member Raja Krishnamoorthi, D-Ill.

The letter specifically asked the department to investigate China-based TP-Link Technologies, which is the world’s largest provider of small office/home office Wi-Fi routers – or SOHO routers – and takes up a substantial portion of the U.S. market as well.

“TP-Link’s unusual degree of vulnerabilities and required compliance with PRC law are in and of themselves disconcerting. When combined with the PRC government’s common use of SOHO routers like TP-Link to perpetrate extensive cyberattacks in the United States, it becomes significantly alarming,” the letter reads. “Given the PRC’s data and national security laws, the proliferation of PRC-made SOHO routers in the United States, and…hacking campaigns using PRC-affiliated SOHO routers like those made by TP-Link, we request that Commerce verify the threat posed.”

The letter cited actions by Volt Typhoon, a Chinese hacking group, that exploited significant vulnerabilities in TP-Link SOHO routers to target critical U.S. infrastructure in January.

“China’s hackers are targeting American civilian critical infrastructure, pre-positioning to cause real-world harm to American citizens and communities in the event of conflict,” FBI Director Christopher Wray said following the attack. “Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors. Their pre-positioning constitutes a potential real-world threat to our physical safety.”

The representatives requested the department to take action no later than Aug. 30.