You can keep using your existing router.
  • 𝕸𝖔𝖘𝖘@infosec.pub
    1·
    4 hours ago

    Friggin verge and their paywall. Here’s the text. Sorry for the poor formatting.

    The US government just banned consumer routers made outside the USThe US claims foreign-made routers pose national security risks. by Sean Hollister

    Mar 23, 2026, 6:47 PM EDT

    is a senior editor and founding member of The Verge who covers gadgets, games, and toys. He spent 15 years editing the likes of CNET, Gizmodo, and Engadget. In December, the Federal Communications Commission banned all future drones made in foreign countries from being imported into the United States, unless or until their maker gets an exemption. Now, the FCC has done the exact same for consumer networking gear, citing “an unacceptable risk to the national security of the United States and to the safety and security of U.S. persons.”

    If you already have a Wi-Fi or wired router, you can keep on using it — and companies that have already gotten FCC radio authorization for a specific foreign-made product can continue to import that product.

    But since the vast majority — if not all — consumer routers are manufactured outside the United States, the vast majority of future consumer routers are now banned. By adding all foreign-made consumer routers to its Covered List, the FCC is saying it will no longer authorize their radios, which de facto bans new devices from import into the country.

    Now, router makers need to A) secure a “conditional approval” that lets them keep getting new products cleared for US entry while they work to convince the government that they’ll open up manufacturing in the US, or B) make the decision to skip selling future products in the US, like dronemaker DJI already did.

    Like with the foreign drone ban, the FCC has a National Security Determination that it says justifies these actions, one which claims that “Allowing routers produced abroad to dominate the U.S. market creates unacceptable economic, national security, and cybersecurity risks,” and that “routers produced abroad were directly implicated in the Volt, Flax, and Salt Typhoon cyberattacks which targeted critical American communications, energy, transportation, and water infrastructure.”

    “Given the criticality of routers to the successful functioning of our nation’s economy and defense, the United States can no longer depend on foreign nations for router manufacturing,” reads another passage.

    It is true that a great many router vulnerabilities have surfaced over the years, which make them a popular target for hackers and botnets. It is also true that one China-founded company, TP-Link, is dominant in the US consumer market; US authorities had previously considered a specific TP-Link ban due to that dominance and national security concerns. (TP-Link has been attempting to distance itself from China, splitting off from the Chinese entity in 2022, establishing a global headquarters in California in 2024, and suing Netgear in 2025 for suggesting that TP-Link had been infiltrated by the Chinese government.)

    It is not clear how simply moving production of routers domestically would make them safer. In the Volt Typhoon hack, Chinese state-sponsored hackers primarily targeted Cisco and Netgear routers, routers designed by US companies, according to the Department of Justice. They were vulnerable because those US companies had stopped providing security updates to the specific targeted routers, which had been discontinued by those companies.

    While the FCC’s Covered List makes it sound like the US is banning all “routers produced in a foreign country,” it’s defined a bit more narrowly than that. It’s specifically banning “consumer-grade routers” as defined in NIST Internal Report 8425A, which refers to ones “intended for residential use and can be installed by the customer.”

    “Virtually all routers are made outside the United States, including those produced by U.S.-based companies like TP-Link, which manufactures its products in Vietnam,” reads part of a statement from TP-Link via third-party spokesperson Ricca Silverio. “It appears that the entire router industry will be impacted by the FCC’s announcement concerning new devices not previously authorized by the FCC.”

    Update, March 23rd: Clarified how TP-Link has distanced itself from China, and added company statement.

    • Hux@lemmy.ml
      49·
      2 days ago

      Probably not. The goal isn’t to sell American routers.

      The goal is to sell routers to Americans with government back doors built-in.

      Any companies with approval will be providing that back door.

      • sanzky@beehaw.org
        14·
        2 days ago

        There is also the possibility that Pumpkin Harkonnen just wants some ‘donations’ to provide individual exceptions to brands.

      • 𝕸𝖔𝖘𝖘@infosec.pub
        2·
        4 hours ago

        That’s just not true. Bigotry and conspiracy theories are also produced there, and I read they’re among the top exporters.

      • Kwakigra@beehaw.org
        3·
        24 hours ago

        Yesterday the site and its mirrors redirected to an eero page saying it was blocked because it was “dangerous.” Today it was a more general couldn’t connect page.

  • orca@orcas.enjoying.yachts
    46·
    2 days ago

    This has pay-to-play written all over it. It’s also opening a door to US companies capturing a market, which you know is going to mean the US government gets a big ol’ backdoor. Suddenly Meta is in the router market… 💀

  • NeatNit@discuss.tchncs.de
    27·
    2 days ago

    To be honest, this is probably justified. My knee-jerk reaction was “oh look, USA in antagonizing everyone else again”, but consumer routers are a really significant security junction which historically has always been somewhat neglected. I only read a few sentences before the paywall stopped me, but sounds like they’ll whitelist any foreign manufacturers that are legitimate.

    Yes, it’s gonna have corruption and bribes all over it… But on paper, it’s justified.

    • B0rax@feddit.org
      18·
      2 days ago

      What? Because companies from other countries are evil? What makes you think that companies in your own country are better?

      Why does the country even matter?

      • teawrecks@sopuli.xyz
        14·
        2 days ago

        It’s just another routine fascist strategy:

        “All within the state, nothing outside the state, nothing against the state.”

        “When goods don’t cross borders, soldiers will”

      • NeatNit@discuss.tchncs.de
        3·
        2 days ago

        I’m not from the US. And I think the way they’re trying to tackle it is stupid, roughly for the reasons you say. But on a surface level it’s good that there is some action taken on this matter.

        The country does matter. It allows oversight and regulation to a greater extent. And if it turns out that there’s a backdoor in a router, if it’s made locally there will be someone to criminally charge, whereas if it’s made in China or wherever, that would be impossible.

        Then again, it’s the US, so they’d probably charge some random worker instead of the CEO who demanded the back door be implemented.

        • B0rax@feddit.org
          8·
          2 days ago

          What kind of oversight are you talking about? Locally produced items do not need to fulfill more regulations.

          If this was about cyber security there would be a mandatory certification (like there is for emc, like the FCC). But blanket statements like „foreign company bad!“ don’t do anything for increasing cyber security

          • kibiz0r@midwest.socialEnglish
            6·
            2 days ago

            Yeah, items are licensed according to where they’re sold, not made. “More oversight” makes no sense.

    • Cris_Citrus@piefed.zipEnglish
      21·
      2 days ago

      I hope things like hardware made by/for openwrt remain available, but it sounds like they will cease to be?

      My first thought was the risk of the us demanding us manufacturers include a backdoor

      It sounds like the exemption for foreign companies is an option while they create plans for american manufacturing

      • Successful_Try543@feddit.org
        7·
        2 days ago

        I hope things like hardware made by/for openwrt remain available, but it sounds like they will cease to be?

        It seems like professional equipment will not be affected:

        While the FCC’s Covered List makes it sound like the US is banning all “routers produced in a foreign country,” it’s defined a bit more narrowly than that. It’s specifically banning “consumer-grade routers” as defined in NIST Internal Report 8425A, which refers to ones “intended for residential use and can be installed by the customer.”

        • floofloof@lemmy.ca
          21·
          2 days ago

          That’s not reassuring. It sounds like they don’t want home users to be able to get any router they could manage themselves.

        • Cris_Citrus@piefed.zipEnglish
          2·
          2 days ago

          I’m not sure their like bananapi based router would be considered professional. More home tinkerer

          I’m not sure what that’ll mean for the impact of this change, but I guess we’ll see 🤷🏻‍♂️

          • definitemaybe@lemmy.ca
            2·
            1 day ago

            Yeah, I’m not too worried for enthusiasts. imho, this is a bigger deal for the 99% of the rest of everyone. So, like, kinda a big deal.

            And, like, the erosion of civil liberties and human rights, and the rise of fascism. If you care about those.

    • Successful_Try543@feddit.org
      10·
      2 days ago

      but consumer routers are a really significant security junction which historically has always been somewhat neglected.

      You’re right, but simply shifting the production from overseas to US doesn’t inherently make the routers more secure. The article mentions the lack of software updates for discontinued products as a big threat that has been exploited in the past.

      I only read a few sentences before the paywall stopped me,

      Fortunately, there is no paywall for me. Here is the article on archive.org.

      but sounds like they’ll whitelist any foreign manufacturers that are legitimate.

      No, the article mentions only one exception:

      Now, router makers need to A) secure a “conditional approval” that lets them keep getting new products cleared for US entry while they work to convince the government that they’ll open up manufacturing in the US, or B) make the decision to skip selling future products in the US, like dronemaker DJI already did.

    • Scrubbles@poptalk.scrubbles.techEnglish
      16·
      2 days ago

      Routers are incredibly simple. You can run your own using openwrt or opnsense. Then some dumb switches and access points and you’re good to go.

      • dfi@lemmy.nz
        8·
        2 days ago

        Upvoting this, you can turn any computer into a router as well. You can have control of your own hardware.

        • Ooops@feddit.org
          2·
          2 days ago

          The problem is that this is not targeting the <1% that would just build their own router. Surveilance and control of the other 99% is sufficient.

          • Scrubbles@poptalk.scrubbles.techEnglish
            2·
            2 days ago

            I totally agree, but hopefully with some advocacy we can get it from 99 to 98%. Doesn’t sound like much, but that’s 2 million people who have switched then, and whoever else may live in their house using their non-routers.

    • Cris_Citrus@piefed.zipEnglish
      10·
      2 days ago

      It sounds like you should still be able to buy stuff, I don’t believe it takes active effect immediately

    • Successful_Try543@feddit.org
      8·
      2 days ago

      It only applies to router models that aren’t approved by FCC yet. I.e., you will be able allowed to buy those (current and future) models who already have an FCC approval.