“Malicious actors have exploited security gaps in foreign-made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft,” the FCC said in a news release discussing its justification for the ban. The agency cited the Volt, Flax, and Salt Typhoon cyberattacks in recent years as examples of cases in which Wi-Fi router security vulnerabilities have been exploited.But privacy experts are skeptical that a total ban will solve the problems.“While it’s true that consumer routers have had some issues in the past, those often proliferate because router manufacturers don’t issue patches or they don’t bother to notify people when their router is end of life and no longer receiving security updates,” said Thorin Klosowski, a privacy and security activist with the Electronic Frontier Foundation and former privacy and security editor at Wirecutter. Banning foreign-made routers from purchase would fail to address this core issue when the routers we already own present the real security problems.“A ban has clear limitations,” said Bogdan Botezatu, senior director of threat research and reporting for digital security company Bitdefender. “It does not address the large installed base of existing devices, which will remain in use for years. In practice, foreign-manufactured routers will continue to dominate US households in the near term, so any security gains will be gradual at best.”Prior to the ban, the Texas attorney general filed a lawsuit against US-based router manufacturer TP-Link, accusing the company of “deceptive trade practices” for allegedly selling routers with vulnerabilities that were knowingly being exploited by the Chinese government. TP-Link’s routers are frequently recommended by Wirecutter, and the company accounts for about 65% of the consumer and small-business router market in the US. The federal government reportedly considered banning the Irvine, California–based company from doing business in the US in 2025. But instead of narrowly focusing on TP-Link, the FCC has now banned all new foreign-made Wi-Fi routers.This isn’t the first time the FCC has banned foreign-made tech products. In 2025, the agency banned drones made outside of the US, though you can still use drones that you previously purchased. The FCC also issued a waiver that allows drone makers to release firmware updates through January 2027. Router makers have also received a waiver, and they will be able to issue software and security updates until March 1, 2027.
Source link