InfoSecBulletin Cybersecurity for mankind
Texas sued networking giant TP-Link Systems, accusing the company of deceptively marketing its routers as secure while allowing Chinese state-backed hackers to exploit firmware vulnerabilities and access users’ devices.
The lawsuit follows an investigation launched in October and claims that TP-Link misled buyers by labeling its products “Made in Vietnam” while sourcing nearly all components from China. According to Texas Attorney General Paxton, this is important because Chinese law can compel companies with Chinese supply-chain ties to cooperate with government intelligence requests and hand over user data.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
“This week, my office is launching a coordinated series of actions against CCP-aligned companies to send a clear message that in the Lone Star State we will always put Texas and America First,” said Paxton. “TP Link will face the full force of the law for putting Americans’ security at risk. Let this serve as a clear warning to any Chinese entity seeking to compromise our nation’s security.”
The lawsuit highlights past security issues, such as weaknesses in firmware used by Chinese hackers and the company’s routers being part of a major credential theft operation linked to password attacks.
“Despite its claims of privacy and security, TP Link’s products have been used by People’s Republic of China’s (“PRC”) state-sponsored hacking entities to launch multiple cyber-attack operations against the United States,” Paxton added.
“With nearly all of its products’ parts imported from China, TP Link’s deliberate deception towards Texans regarding the nationality, privacy, and security capabilities of its networking devices is not just illegal—it is also a national security threat that enables the secret surveillance and exploitation of Texas consumers.”
Paxton now seeks civil monetary penalties and injunctions that would require TP-Link to disclose the Chinese origins of its devices and stop collecting consumer data without informed consent.
A TP-Link spokesperson told BleepingComputer that Texas Attorney General Paxton’s allegations are “without merit and will be proven false,” that neither the Chinese government nor the Chinese Communist Party (CCP) exercises control over the company, its products, or user data, and added that all U.S. user data is stored on Amazon Web Services servers.
“TP-Link Systems Inc. is an independent American company. Neither the Chinese government nor the CCP exercises any form of ownership or control over TP-Link, its products, or its user data. TP-Link’s founder and CEO, Jeffrey Chao, resides in Irvine, CA, and is not and never has been a member of the CCP,” the spokesperson said.
“To ensure the highest level of security, our core operations and infrastructure are located entirely within the United States, and all U.S. users’ networking data is stored securely on Amazon Web Services servers. We will continue to vigorously defend our reputation as a trusted provider of secure connectivity for American families.”
