Does the impending ban on TP-Link routers make sense?
What is the rationale for the ban?
The cybersecurity industry is now abuzz with the news that routers made by TP-Link (a Chinese company) be banned from sale in the US next year. However, after reading the various media reports about the ban, I still cannot find any clear articulation of the rationale for the ban.
Bad cybersecurity practice?
Are TP-Link routers being targeted because of their slack cybersecurity practices? There are complaints about TP-Link having a poor track record in dealing with cybersecurity issues in their products. As a result, they are often exploited by hackers, including suspected state-sponsored Chinese hackers.
If this is the reason, then it does not make sense.
This ban is for the future sales of TP-Link routers. What about the existing routers in the 65 per cent of the US market for homes and small businesses? Banning future sales of their routers will not make a difference in the cybersecurity of existing routers.
If cybersecurity is the concern, then it will make more sense to give TP-Link an ultimatum to get their act together (including demanding that they deal with the existing vulnerabilities in existing routers) within a certain period, or else a future sales ban will be forthcoming. So far, I have not seen any discussion about how to rectify the cybersecurity vulnerabilities of existing TP-Link routers, which is 65 per cent of the US market.
Link to China?
TP-Link is a Chinese company.
From the media articles I have read, the only cited ‘link’ between suspected state-sponsored Chinese hackers and TP-Link routers is the latter are being exploited by the former in hacking attacks. Reading between the lines, it seems that the hidden accusation is that TP-Link deliberately weakened the cybersecurity of their routers to help state-sponsored Chinese hackers.
Again, this does not make sense. If TP-Link routers are vulnerable, they are vulnerable to ALLhackers, regardless of nationality, motivation or sponsorship.
Furthermore, TP-Link routers are probably used extensively in China as well. If so, they will be vulnerable to American hackers too.
Backdoor?
So far, I have not seen any accusations that TP-Link routers contain backdoors for Chinese state-sponsored hackers to use. Reading between the lines, it seems that the future sales ban may be motivated by worries that TP-Link routers can contain backdoors.
Again, if this hidden motivation is the rationale, it does not make sense.
If TP-Link routers contain backdoors, banning future sales alone will not do anything to the backdoors in existing routers. With TP-Link routers already in 65 per cent of the US home and small-office markets, the horse has already bolted from the barn. A future sales ban does not make sense.
Other products made in China?
If TP-Link routers are banned because they are being made by a Chinese company, then what about the other technology devices and computers made in China? For example, most iPhones are made in China too. Oppo smartphones are very popular and they are also a Chinese company. Why is TP-Link specifically targeted this time?
In summary, a future sales ban is an incoherent policy that does not make sense.
DON'T GET HACKED!
