In the Volt Typhoon and Flax Typhoon attacks, the routers themselves weren’t compromised because they were foreign-made routers. Far from it! They were compromised because they were unpatched, Internet-exposed, and end-of-life. The router manufacturers were no more guilty of opening the doors to these attacks than Microsoft is for your company’s Windows 7 PCs being hacked in 2026.
Only the Salt Typhoon assault on Cisco IOS XE software, which was running on enterprise-grade routers—specifically, ASR 1000 Series, ISR 4000 Series, and Catalyst 8000 Series edge platforms—can be linked directly to Chinese-made routers.
Guess what, though? You can still buy, use, and deploy this Cisco hardware, which is used as core routers by top American telecoms such as AT&T, Verizon, and T-Mobile. Uncle Joe wants to replace his router with a brand-new Wi-Fi 7 model router? Nope, he can’t do it. Multi-billion-dollar companies decide to replace vital infrastructure routers that carry billions of messages every day? Sure, go for it!
You know, if it were me, I’d be taking a long, hard look at the actual modern enterprise networking gear that we know has been breached. Why isn’t the FCC doing this? Darned if I know.
Even the FCC acknowledges that some of Cisco’s problems have nothing to do with who made the hardware and where it was built. For example, the truly awful CVE-2023-20198 vulnerability, with its CVSS score of 10, was all about a boneheaded security hole in Cisco IOS XE Web UI, not the firmware or hardware.
The FCC argues, however, that consumer routers pose unique risks because they’re deployed in millions of homes with minimal security oversight, thus making them ideal for botnet infrastructure. I can’t argue with that. But that has nothing to do with who made these devices and where.
