US bans new foreign-made consumer internet routers

13 minutes ago

ShareSave

Kali HaysTechnology reporter

ShareSave

Reuters

FCC chairman Brendan Carr

The US has banned new foreign-made consumer internet routers over national security concerns.

In an update on Monday to a list of equipment seen as not secure enough for use, the Federal Communications Commission (FCC) added all consumer-grade routers made outside the US.

It puts routers - which are used widely in homes and businesses to connect computers, phones, TVs and other devices to the internet - on a par with foreign-made drones, which were banned at the end of last year.

“Malicious actors have exploited security gaps in foreign-made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft,” the FCC said.

While people will still be able to use foreign-made routers they already own, the ban applies to all “new device models.”

The ban stems from growing concern over the last year that routers were a point of easy-access for malicious actors.

TP-Link, a router brand made in China that is a best-seller on Amazon, became the subject of some US political anxiety last year after a spate of cyberattacks.

Any new router made outside the US will now need to be approved by the FCC before it can be imported, marketed, or sold in the country.

In order to get that approval, companies manufacturing routers outside the US must apply for conditional approval in a process that will require the disclosure of the firm’s foreign investors or influence, as well as a plan to bring the manufacturing of the routers to the US.

Certain routers may be exempted from the list if they are deemed acceptable by the Department of Defense or the Department of Homeland Security, the FCC said. Neither agency has yet added any specific routers to its list of equipment exceptions.

The FCC’s move follows a decision on Friday by government agencies working on national security that internet routers made overseas “posed unacceptable risks” to the US.

Those risks include potentially far-reaching impacts to the American supply chain, and the possibility of a cybersecurity attack that could disrupt infrastructure or cause harm to people, according to a summary of the decision.

The FCC noted that malicious access to routers was involved in three cyberattacks - referred to as Volt, Flax, and Salt Typhoon - aimed at US infrastructure between 2024 and 2025.

US government investigations into those attacks blamed actors within, or working on behalf of, the Chinese government.

The vast majority of Internet routers are assembled or manufactured outside of the US, often in Taiwan or China.

The FCC ban applies even if a router is designed in the US, but built abroad.

Popular brands of router in the US include Netgear, a US company, which manufactures all of its products abroad.

One exception to the general absence of US-made routers is the newer Starlink WiFi router. Starlink is part of Elon Musk’s company SpaceX.

The company says the Starlink routers are made in Texas.

Anthropic sues US government for calling it a risk

FCC chair threatens to revoke broadcasters’ licences over Iran coverage

International Business

China

Cyber-attacks

Donald Trump

Internet