FCC Prohibits Import of New Overseas-Made Consumer Routers Due to Security Concerns

The Federal Communications Commission has prohibited the import of new consumer routers made overseas, due to cybersecurity threats. The order, published late Monday, includes all consumer-grade routers from foreign countries. Existing routers’ imports or usage are not affected, but new devices might be exempted if approved by the Departments of Defense or Homeland Security. The FCC cited national security risks from China-backed hacking groups Volt, Salt, and Flax Typhoon. Reuters reports China controls about 60% of the consumer router market. The FCC’s decision follows hackers exploiting foreign-made router flaws to attack U.S. homes, disrupt networks, and facilitate cybercrime and surveillance. Routers are prime targets as they access home or business networks and can be used for distributed denial-of-service attacks by hackers. The FCC didn’t provide evidence on the security of U.S.-made routers over foreign-made ones, nor did they respond to a request for comment. Salt Typhoon has been involved in espionage, hacking telecom giants globally, including Cisco routers. Flax Typhoon has been accused of operating a large botnet from both U.S. and foreign routers, affecting many devices in and out of the U.S. FCC chairman Brendan Carr emphasized their commitment to protect U.S. cyberspace and infrastructure. Despite numerous Chinese hacks, Carr was among FCC commissioners who voted to repeal cybersecurity rules for telecom operators.