Why Is the US So Scared of Chinese WiFi?

On December 18, the U.S. Department of Commerce, the Department of Defense, and other agencies launched a “national security threat” investigation into Chinese router manufacturer TP-Link, which could lead to a complete ban of the brand in the U.S. market.

The Wall Street Journal reports that according to “people familiar with the matter”, TP-Link routers may have security flaws. New York Post accuses hackers of being able to exploit the vulnerabilities to carry out ransomware attacks and other cyber crimes.

However, according to CNN, there is no evidence that TP-Link equipment was exploited in hacks, but US officials are scrambling to take a much broader look at the vulnerabilities in telecom infrastructure. Brendan Carr, who will lead the Federal Communications Commission for Trump’s government, believes the US networks are thoroughly compromised by Chinese hackers.

Brendan Carr(left), Commissioner of the Federal Communications Commission of the United States

Brendan Carr’s decision will likely influence millions of US families and Google. Because of its competitive price, TP-Link has been the global routers sales champion for 11 consecutive years, with a 65% market share in the U.S., according to Forbes. TP-Link routers have also garnered praise for their performance, with Google choosing them as the hardware supplier for its WiFi router, OnHub, which is on par with ASUS.

Interestingly, while U.S. politicians may not be more knowledgeable about cyber security than tech giants like Google, they certainly care more about WiFi than anyone else. And a recent report from Chinese security agencies reveals why.

In October of this year, China’s national Internet emergency response centre, National Engineering Laboratory for Computer Virus Prevention and Control Technology, and 360 Security Group jointly released a report on Volt Typhoon, a “China threat” narrative created by U.S. intelligence agencies that need to control routers as much as possible.

Volt Typhoon is a hacker network responsible for spreading ransomware, which has previously impacted U.S. networks on a large scale. Chinese investigation revealed that the operation was actually a self-inflicted plot by U.S. security agencies. The aim was to amplify the “China threat” narrative in order to manipulate Congress into allocating more funding.

In order to convince the US Congress that China has massively hacked into US networks, the first step in this operation was to infiltrate small commercial or home routers and use a technique called “fileless malware.” This method allows malicious code to be executed directly in system memory without leaving files on the local hard drive, making it invisible to antivirus software. As a result, even if victims pay ransom to unlock their computers, it’s difficult to trace the source of the attack, giving U.S. security agencies the opportunity to blame China.

However, this plan has a fatal flaw: if the routers can intercept this attack method or even retain key evidence, the entire plot could be exposed.

Another notable point is that, according to The Wall Street Journal, Microsoft played a pivotal role in launching this accusation, issuing a report to smear China, which then provided the U.S. government with justification to target TP-Link. Coincidentally, Chinese investigations suggest that Microsoft may have also been involved in Volt Typhoon. When the Volt Typhoon carried out fileless attacks in 10 other countries, it exclusively used Windows’ built-in management tools, Windows Management Instrumentation (WMI), to delete system logs, further complicating efforts to trace the attacks.

This raises a critical question: the U.S. government’s investigation into TP-Link cites delays in security vulnerability patches as one reason for the success of hacker groups. If that logic holds, since Volt Typhoon frequently exploited Windows system vulnerabilities, should Microsoft also be accused of threatening U.S. national security? Should it be investigated or even banned? The first large-scale Volt Typhoon attack in the U.S. occurred in February 2023, and yet, as of now, Microsoft has not faced any investigations. Interestingly, in March 2023, Microsoft received a $9 billion contract from the U.S. Department of Defense’s Joint Warfighting Cloud Capability (JWCC) Project.

Moreover, as the supplier for Google’s OnHub router, TP-Link being labelled a national security risk would undoubtedly tarnish Google’s brand image. Notably, in the Chinese investigation report on Volt Typhoon, it was revealed that Google’s ‘Virus Total’ multi-engine virus analysis platform was used, significantly enhancing the investigation’s efficiency and exposing Microsoft’s inaccurate or concealed virus sample reports. This raises another pertinent question: “Is Microsoft’s report part of a strategy of unfair competition disguised as a ‘China threat’ narrative?” This may be an issue the U.S. Department of Commerce should investigate more closely.

TP-Link Systems’ spokesperson told CNN, TP-Link this year announced a corporate restructuring, establishing a headquarters in California, which means it has already separate from its China operations. “As a U.S.-headquartered company, TP-Link Systems Inc.’s security practices are fully in line with industry security standards in the U.S.”

If anyone in Trump’s cabinet actually reads the news, perhaps it will help ease their nerves.