Your internet router could be China-linked: FCC cracks down on ‘unacceptable’ security risks

The U.S. Federal Communications Commission (FCC) is moving to block new foreign-made internet routers from entering the U.S. market, citing mounting concerns that overseas supply chains could expose American networks to cyber threats inside their own homes. 

The move expands the agency’s "covered list," which bars equipment deemed to pose an unacceptable risk to national security and will effectively prevent new foreign-manufactured routers from being authorized for sale in the U.S. 

The order effectively means new routers must be built in the United States or clear a national security review that scrutinizes ownership, supply chains and software control to be sold domestically.

The list includes communications equipment and services considered "to pose an unacceptable risk to the national security of the United States or the safety and security of United States persons," the FCC said.

LAWSUIT CLAIMS SECURITY CAMERAS SOLD IN THE US CARRIED UNDISCLOSED SURVEILLANCE RISKS

The agency warned that "malicious actors have exploited security gaps in foreign-made routers to attack American households, disrupt networks, enable espionage, and facilitate intellectual property theft," citing multiple cases in which such devices were used in cyberattacks targeting U.S. infrastructure.

The rule applies broadly to devices produced outside the country but largely targets routers with Chinese origins. The world's networking hardware supply is largely dependent on China for manufacturing and engineering.

Estimates in recent years indicate that devices with significant Chinese supply chain ties account for the majority of home routers used in the U.S.

TP-Link, a China-founded router manufacturer and one of the top-selling brands on Amazon, has faced growing scrutiny in Washington amid cyber incidents and broader concerns about foreign-linked networking equipment.

GOOGLE DISMANTLES 9M-DEVICE ANDROID HIJACK NETWORK

A review of router manufacturing and supply chains by Fox News Digital indicates that nearly all major router brands sold in the United States depend extensively on Chinese manufacturing, engineering talent or components, even when marketed as American or allied products.

Companies that have shifted production to countries like Vietnam often still rely on Chinese-owned manufacturers and engineering teams, meaning the supply chain footprint remains largely unchanged.

Core elements of router development — including firmware and hardware design — frequently are supported by engineering teams based in China, raising concerns about vulnerabilities within widely used networking equipment.

FCC ANNOUNCES BAN ON NEW CHINESE-MADE DRONES OVER NATIONAL SECURITY CONCERNS

Those risks have already surfaced in real-world cyber operations.

In 2023, the Justice Department disrupted a network of hundreds of compromised U.S. home and small-business routers that had been hijacked by Chinese state-backed hackers known as "Volt Typhoon." The infected devices were used to conceal the origin of cyberattacks targeting critical infrastructure, allowing malicious traffic to appear as if it came from inside the U.S.

By routing activity through compromised devices, hackers can make attacks harder to trace and maintain access inside targeted networks.

A single router often connects dozens of devices inside a home or small business, including phones, laptops, security cameras, smart TVs and baby monitors. A compromised device can give attackers visibility into network traffic and provide a foothold to move across connected systems or launch additional attacks.

U.S. officials say the broader campaign targeted sectors including energy, water, telecommunications and transportation, part of an effort to establish access that could be used to disrupt systems during a future conflict.

The FCC’s move is the latest step in a broader push in Washington to reduce reliance on foreign — and particularly China-linked — technology across critical sectors, including telecommunications equipment, semiconductors and consumer applications.

Supporters of the policy say it addresses long-standing supply chain risks and reduces the chances of foreign adversaries gaining access to U.S. networks. But the rule could strain supply chains and push up prices, given that most routers sold in the U.S. are manufactured overseas.

The policy does not apply to routers already legally purchased or currently in use. Companies can continue selling routers that are already in the U.S. and previously approved, but once that inventory runs out, new foreign-made models would be effectively blocked unless they pass a national security review.

The rule does not mean routers already in American homes are known to be compromised. But cybersecurity officials have long warned outdated or unpatched devices can be vulnerable, and in some cases have been used as part of larger botnet networks that support cyberattacks.

The Chinese embassy and relevant router companies could not immediately be reached for comment.