Texas Lawsuit Alleging TP-Link Misled Consumers on Router Security and China Ties
Texas Attorney General Ken Paxton filed a lawsuit against TP-Link Systems Inc., alleging the company deceptively marketed its networking and smart-home devices as secure and privacy-protective while the products were allegedly exposed to exploitation by China-linked state-sponsored actors. The complaint also asserts TP-Link misled consumers about product origin—promoting “Made in Vietnam” labeling while claiming manufacturing and development are dominated by China-based subsidiaries and supply chains, with Vietnam facilities described as performing largely final assembly.
Texas further argues that TP-Link’s China-linked supply chain and alleged affiliations create national-security risk, including the possibility of compelled cooperation under Chinese data and intelligence laws. The state cited prior public reporting and research— including a May 2023 Check Point Research report tying Camaro Dragon activity to exploitation of TP-Link firmware vulnerabilities—as part of its rationale that the devices have been leveraged in campaigns targeting U.S. interests. TP-Link rejected the allegations, calling the lawsuit “without merit,” and stated it is an independent American company with core operations and infrastructure located in the U.S.
Related Entities
Vulnerabilities
Threat Actors
Sources
2 more from sources like the record media and texasattorneygeneral
Related Stories
US Government Proposes Ban on TP-Link Routers Over National Security Concerns
Multiple US federal agencies, including the Commerce, Justice, Defense, and Homeland Security departments, have backed a proposal to ban the sale of TP-Link routers in the United States. The move is driven by concerns that TP-Link, which controls a significant share of the US home router market, may still be subject to influence by the Chinese government, potentially exposing American users to surveillance risks. The proposal follows an investigation into the company's ties to China and comes amid heightened scrutiny of foreign technology firms over national security issues. Officials argue that mitigation measures short of a ban would not sufficiently address the perceived threat, although there is a possibility for TP-Link to provide guarantees that its hardware and software are developed independently of China. The company, which has established a US headquarters and claims to have separated from its Chinese parent, denies the allegations. The proposed ban could have sweeping implications for both consumers and businesses, echoing previous US actions against foreign technology providers such as Kaspersky Lab.
4 months agoTexas Lawsuit Against Major TV Manufacturers Over Smart TV Data Collection
The Texas Attorney General has filed lawsuits against five leading smart TV manufacturers—Samsung, LG, Sony, Hisense, and TCL—alleging that their devices unlawfully collect and transmit users' personal data without consent. The lawsuits claim that these companies use Automated Content Recognition (ACR) technology to capture screenshots of what users are watching every 500 milliseconds, monitor viewing activity in real time, and send this information back to company servers. The data is then allegedly sold for targeted advertising purposes, raising significant privacy concerns, especially regarding sensitive information such as passwords and banking details that could be exposed. Texas is seeking damages under the Texas Deceptive Trade Practices Act, including up to $10,000 per violation and higher penalties for violations affecting seniors. The state also wants restraining orders to halt the collection, sharing, and selling of ACR data while the lawsuits proceed. Additional concerns have been raised about the potential for Chinese companies Hisense and TCL to be compelled to share U.S. consumer data with the Chinese government under China's National Security Law. The lawsuits emphasize that the collection of ACR data for advertising does not meet a consumer-necessity standard and constitutes an invasive breach of privacy.
3 months ago
Privacy Class Action Alleges Lenovo Website Trackers Enabled Bulk Data Transfers to China
A proposed US privacy class action alleges *Lenovo.com* embedded extensive advertising and analytics tracking that enabled **bulk transfers of Americans’ sensitive identifiers and browsing context** to entities tied to **China**, potentially violating the Justice Department’s **Data Security Program** and its **Bulk Sensitive Data Transfer Rule** (`28 C.F.R. Part 202`). The complaint—filed in the US District Court for the Northern District of California by **Almeida Law Group** on behalf of a San Francisco resident—claims Lenovo’s web infrastructure used pixels, scripts, cookies, and real-time bidding components to collect persistent identifiers (e.g., IP addresses, advertising IDs/cookies) and “full-string URLs” that can reveal detailed user behavior. The suit argues the DOJ framework was designed to prevent adversarial countries from acquiring large-scale behavioral data usable for surveillance or exploitation, and it cites thresholds and categories for “covered personal identifiers” (including device identifiers such as IMEI/MAC/SIM and advertising IDs). It alleges Lenovo’s site loaded numerous first- and third-party trackers from major ad-tech/analytics providers (including **TikTok, Meta/Facebook, Microsoft, and Google**) and that Lenovo knowingly permitted access to, or transfer of, bulk US sensitive personal data to “covered persons,” including entities allegedly under Chinese jurisdiction such as Lenovo’s foreign parent structure—claims Lenovo has not been shown to concede in the cited reporting.
3 weeks ago