As I bask in the aftermath of CES 2025, I’ve been taking a bit of time to catch up on other tech sites’ coverage of the event. It’s like the tech journalist equivalent of an athlete watching sports highlights to improve their game next time around. One that really caught my attention was iFixit’s ‘Worst in Show’ awards, which are mostly humorous jabs at tech companies, but also featured one inclusion that suddenly has me a bit concerned about my home Wi-Fi system.
This entry was the new TP-Link Archer BE900, a powerhouse quad-band Wi-Fi 7 router - not a product I plan to buy, but I do already have a TP-Link Deco M9 Plus mesh Wi-Fi system set up in my home. As highlighted by Paul Roberts of SecuRepairs (an iFixit partner site formed by cybersecurity professionals who support right-to-repair), TP-Link is the biggest router brand in the US, but its ties to the Chinese government have resulted in some less-than-consumer-friendly problems with security on its devices.
I’m always learning new things about the tech world - it’s an industry that moves at a shockingly rapid pace - but this was one that took me by surprise. I know that TP-Link was a Chinese company, of course; we’ve featured TP-Link hardware on the site many times, with inclusions in our best router and best mesh Wi-Fi system guides. The brand is a regular fixture at events such as CES. But as iFixit and SecuRepairs point out, Chinese law mandates that any security flaws identified in its products must first be reported to the Chinese Ministry of Industry and Information Technology (MIIT) before revealing them to the public. I’ll be honest - that’s a big problem.
Digital distrust
As you’ve probably already figured out, this policy essentially means that any malicious actors within the Chinese state have a window in which to potentially execute cyber-attacks before security vulnerabilities are made public. SecuRepairs points out that “hacks of TP-Link devices have been a common theme in China’s state-sponsored hacking campaigns, which are targeting US businesses, government agencies, and critical infrastructure”. The US Departments of Justice and Commerce commenced investigations into TP-Link in late 2024.
Now, I’m not saying that I think that the CCP wants to specifically invade my privacy so they can read my Twitter drafts crapping on Elon Musk, but compromised Wi-Fi devices can be used as part of a network of affected hardware which is then deployed en masse to perform cyberattacks such as password spraying and DDOS assaults. Unsurprisingly, I don’t like the sound of that.
But global politics aside, it’s also just a seriously anti-consumer practice. I appreciate that TP-Link wasn’t the one to create that law, but at the end of the day, the company is willing to cooperate with the MIIT and effectively leave security holes un-plugged for longer than they need to be - even if China doesn’t enact state-sponsored cyberattacks with that knowledge, leaving a known system vulnerability out of the public eye like that potentially opens the door for independent cybercriminals to conduct attacks against innocent individuals.
So in other words, I think I’ll be looking for a new mesh Wi-Fi system soon. I’ve just bought a new house, so it’s a good opportunity to upgrade my home network anyway. I recall that Asus has some rather nice ones…
You might also like...
