Just fucking great.
Yet another Chinese Communist Party-linked company has been supplying technology to critical entities within the broader U.S. national security apparatus, The National Pulse can report.
In a previous investigation, it was revealed that smart TVs manufactured by the Chinese government were being sold on U.S. military bases and were potentially sending data on millions of Americans back to China. This followed another National Pulse story that exposed a Silicon Valley tech startup that was sharing massive amounts of Americans’ personal data with Chinese state-owned firms.
Now, it has been discovered that TP-Link – one of the top manufacturers of internet routers and other electronic devices in the world – have been discovered to have many security vulnerabilities. The U.S. Government’s National Institute for Science & Technology (NIST) maintains a database of such vulnerabilities and the list for TP-Link is extensive.
A review of the online retail websites for United States military exchanges, the retail stores located on American military bases worldwide, shows multiple TP-Link devices being sold. This has the potential for an enormous risk of data compromise and should be considered a matter of national security. The Army & Air Force Exchange Service, which also serves the Space Force, currently lists 28 TP-Link devices through its online store. The Navy Exchange lists 13 TP-Link devices on its site. No TP-Link devices were found listed on the Marine Corps Exchange or Coast Guard Exchange websites.
In addition to online sales and retail stores on military bases, a review of federal contracts through the website USASpending.gov reveals purchases of TP-Link equipment by the Department of Defense for operational purposes.
……The agency within DOD that awarded these particular contracts was the Defense Information Systems Agency (DISA) located at Fort Meade in Maryland, which is also home to U.S. Cyber Command, the National Security Agency (NSA), and other military intelligence units. According to an article from 2020, DISA has planned to partner more with the intelligence community, particularly the NSA, on cyber capabilities. They may want to start with not purchasing vulnerable Chinese equipment.
Four additional contracts between 2021-2022 totaling $9,703 were awarded for purchases of TP-Link equipment by the Defense Logistics Agency. In 2017, the Naval Undersea Warfare Center purchased 8 fiber network converters made by TP-Link. In 2014, NASA purchased 3 TP-Link power over ethernet injectors for Kennedy Space Center. As TP-Link is one of the most popular brands of networking products, there are likely many more such devices throughout the government, however, the examples listed above were specifically noted in publicly available contract documents.
TP-Link primarily manufactures routers, network switches, access points, wi-fi range extenders, and related accessories, including mesh network devices under the brand name Deco. They also make smart home devices under the brand name Tapo, including smart lighting, smart plugs, smart switches, smart cameras, and robot vacuums. Additionally, they have entered the smartphone market under the brand name Neffos.
As with the Chinese smart TV companies, TP-Link collects an extensive amount of data through its devices and openly states that anyone’s personal information can be shared throughout the companies’ network, which means that user data will end up in China.
TP-Link’s Privacy Policy states, “Your information will be transferred or transmitted to, or stored and processed in…Places we have infrastructure or data centers, including the United States, Ireland, and Singapore, among other Countries where TP-Link Products and Services are available.” TP-Link is headquartered in Hong Kong and Shenzhen, China.
The policy goes on to say, “These countries may have different privacy standards that differ from where you are. Please note that data processed in another country may be subject to different laws and may be accessible to government, judicial, law enforcement, and regulatory agencies in those countries.”
According to a company news release, TP-Link enjoys a 17.8 percent global market share and has been ranked the number one provider of wireless local area network (WLAN) products for 11 years running by International Data Corporation (IDC), a global market intelligence firm.
……TP-Link products are a notorious security risk. A search of the NIST National Vulnerability Database for “TP-Link” yields over 250 results dating all the way back to 2012, documenting an extremely serious threat posed by these devices. In March 2022, the website GizChina, which reviews Chinese technology products, reported that TP-Link routers had been discovered sending a users traffic to a third-party company, despite user settings that had been switched off to prevent this.
In 2016, the company was ordered to pay a $200,000 settlement following an investigation into TP-Link routers that were found to violate FCC regulations. In November 2022, the FCC banned the importation or sale of devices made by other Chinese companies that pose a national security threat, including Huawei Technologies, ZTE Corporation, Hytera Communications, Hangzhou Hikvision Digital Technology, and Dahua Technology. TP-Link was not on the list.
With all of the security vulnerabilities being discovered in electronics manufactured in China that can be exploited by the Chinese government, it seems these vulnerabilities are more of a feature, not a bug. An article last fall from Cybernews detailed a major security flaw in other commonly–sold Chinese-made routers being sold under the brand names Wavlink and Jetstream. The routers were found to have a built-in backdoor, which they called an “undocumented functionality,” that would allow internet traffic to be intercepted, detection of nearby networks, and remote control of network devices, among other things.
In addition to China’s creeping control over technology used in the United States, many have also sounded the alarm regarding Chinese purchases of American agricultural land. A number of state governments are looking to ban such purchases. According to the Silicon Valley Business Journal, TP-Link’s Chairman, Jeffrey Chao, recently purchased a 284-acre ranch in California in 2016.
The ChiComs have their claws into this country pretty deep. They’re buying up land next to military bases. They’ve hacked into U.S. weapon system designs.
The government and American businesses are treating Beijing like a business partner. The Chinese have engaged in cyber attacks, spying, economic espionage, and actual threatening of U.S. Naval vessels. Yet these traitors think giving them money, technology, and contributing to the Chinese threat are good ideas.
Propping up a communist totalitarian regime with capitalist dollars is suicidal. China is an enemy and should be treated as such instead of having the privilege of being a business associate. Doing business with a communist country will not transform it into a freedom-nurturing society.
They’re also busy digging into our election system.
With idiots like the Defense Department, who the hell needs enemies?
Related post: