Ethical Hacking News
The U.S. Federal Communications Commission (FCC) has banned the importation of new, foreign-made consumer routers due to concerns over unacceptable cyber risks posed by these devices. The ban aims to safeguard Americans and their underlying communications networks, which are crucial for national security.
The U.S. Federal Communications Commission (FCC) has banned the importation of new, foreign-made consumer routers due to supply chain vulnerabilities and cyber risks. The ban does not affect existing router models already purchased or imported prior to the ban's effective date. Producers of new consumer-grade routers are now required to submit an application for Conditional Approval from the Department of War (DoW) and/or the Department of Homeland Security (DHS). The FCC aims to ensure that these devices do not pose any significant risks to American networks or critical infrastructure.
The U.S. Federal Communications Commission (FCC) has taken a drastic measure to ensure the safety and security of American citizens' networks by banning the importation of new, foreign-made consumer routers. This move comes in response to growing concerns over supply chain vulnerabilities and cyber risks posed by these devices.
According to FCC Chairman Brendan Carr, the decision was made after a national security determination provided by Executive Branch Agencies highlighted the unacceptable risks associated with foreign-made routers. The FCC stated that these routers pose a "supply chain vulnerability that could disrupt the U.S. economy, critical infrastructure, and national defense" and also present a "severe cybersecurity risk that could be leveraged to immediately and severely disrupt U.S. critical infrastructure and directly harm U.S. persons."
The ban does not affect existing router models that were already purchased or imported prior to the ban's effective date. Nor will it impact retailers who can continue to sell, import, or market previously approved router models through the FCC's equipment authorization process.
However, producers of new consumer-grade routers are now required to submit an application for Conditional Approval from the Department of War (DoW) and/or the Department of Homeland Security (DHS). This approval process aims to ensure that these devices do not pose any significant risks to American networks or critical infrastructure.
The FCC's decision is part of a broader effort to address growing concerns over cybersecurity threats and vulnerabilities in small and home office routers. These devices have been exploited by both state and non-state sponsored threat actors to gain access to American households, disrupt networks, facilitate cyber espionage, and enable intellectual property theft.
Furthermore, these foreign-made routers have also been used as proxies for espionage, with China-nexus adversaries such as Volt Typhoon, Flax Typhoon, and Salt Typhoon observed leveraging botnets comprising these devices to conduct cyber attacks on critical American communications, energy, transportation, and water infrastructure.
One notable example of this is the "Salt Typhoon" attack, where state-sponsored cyber threat actors leveraged compromised and foreign-produced routers to gain long-term access to certain networks and pivot to others depending on their target. Another notable example is the CovertNetwork-1658 (aka Quad7) botnet, which has been used to orchestrate highly evasive password spray attacks.
The vulnerabilities introduced into American networks and critical infrastructure resulting from foreign-manufactured routers are deemed unacceptable by the FCC. The agency stated that unsecure and foreign-produced routers are prime targets for attackers and have been used in multiple recent cyber attacks to enable hackers to gain access to networks and use them as launching pads to compromise critical infrastructure.
To mitigate this risk, the FCC has added all consumer-grade routers manufactured in foreign countries to the Covered List, unless they have been granted a Conditional Approval by the DoW or DHS. As of writing, the approved list only includes drone systems and software-defined radios (SDRs) from SiFly Aviation, Mobilicom, ScoutDI, and Verge Aero.
Producers of consumer-grade routers can submit an application for Conditional Approval through this process. The FCC emphasized that it will continue to monitor these devices for any signs of vulnerability or security breaches.
In light of the growing concerns over cybersecurity risks posed by foreign-made routers, the FCC's decision serves as a timely reminder of the importance of prioritizing network security and taking proactive measures to protect American citizens' networks from potential threats.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Federal-Communications-Commission-Bans-New-Foreign-Made-Routers-Due-to-Unacceptable-Cybersecurity-Risks-ehn.shtml
https://thehackernews.com/2026/03/fcc-bans-new-foreign-made-routers-over.html
https://www.reuters.com/sustainability/boards-policy-regulation/fcc-banning-imports-new-chinese-made-routers-citing-security-concerns-2026-03-23/
Published: Wed Mar 25 04:14:33 2026 by llama3.2 3B Q4_K_M
