Key takeaways:
- The FCC has banned the sale of new routers made in other countries in the US, and this sweeping order applies to almost every Wi-Fi router currently available in the US market.
- My pro advice is to hold off on buying a new router if you can.
- Under current rules, blocked routers will no longer receive critical security firmware and software updates after March 1, 2027.
- The FCC’s action effectively shut down the entire market while router companies fought to gain approval.
- More information about which router companies will be subject to the ban is expected to become clearer within the next month or two.
In my eight years of writing and reviewing broadband and routers, I have never seen a story that I would describe as unprecedented. The FCC’s recent ruling that block routers made in other countries it is unprecedented.
The sweeping order applies to any router where any stage of “manufacturing, assembly, design and development” takes place outside the US — in other words, almost any router you can buy right now. The FCC order says foreign-made routers pose “unacceptable risks” to national security.
The ban does not apply to routers that have already been approved by the FCC — that is, every router currently sold in the US — and will only affect new models that have not yet been approved. That means every router that was available before the order is still available today, and router companies can still recycle them using their existing manufacturing processes.
In effect, the FCC is freezing the entire router market. As William Budington, an expert at the digital rights nonprofit Electronic Frontier Foundation, put it to me, “This is using an extremely blunt tool.”
Where previous FCC bans have been limited to specific companies, such as last year’s push to block TP-Link routers, this affects the entire industry. So where does that leave someone who needs a new one Wi-Fi router? Should you buy a model you’ve had your eye on just in case it goes on sale? Or is it better to wait and see what companies the FCC thinks are foreign made?
I know what I would do, but I checked my advice with other industry experts. It turns out, we agree.
My advice: Hold off on buying a new router just yet
When I first saw the FCC announcement, I couldn’t stop thinking about how much chaos it would introduce to the US router market. As I tried to tease out which manufacturers might be considered “outsiders,” it quickly became clear how deep the routers’ supply chains run.
Understanding the scope of the ban
Take Netgear. Although it is a US-based and headquartered company, it builds routers in Vietnam, Thailand, Indonesia and Taiwan. Other than Starlink — the company says its new routers are made entirely in Texas, according to the BBC — I couldn’t find a single home router.
I have no problems recommending routers manufactured abroad. After all, they just went through the FCC approval process, and I haven’t seen any conclusive evidence that any router type has more hardware risks than another.
Thomas Pace, CEO of cybersecurity firm NetRise, told me last year during an interview about the possibility. TP-Link Restrictions: “We analyzed an incredible amount of TP-Link firmware. We find things, but we find things in everything.”
I’ve just finished testing, reviewing and rating over 30 routers, and after years of resistance, I’ve finally concluded. Wi-Fi 7 routers cost money at the speed you get. While I stand by my recommendations, with this restriction, the router you buy today may not be as good in a year.
A visible security risk
Then I saw the FCC’s Public Notice about the ban, which specifies that manufacturers can continue to provide software and firmware updates “at least until March 1, 2027.” That means if you own a router made in another country — if you own any router, in other words — it won’t be able to get security patches after that deadline.
That’s why I think the smart move here is to wait and buy one if you can. Keeping your router’s firmware up to date it is an important part of securing your home network. If you buy from a router company that doesn’t get an exemption from this ban, you risk having an unprotected device a year from now.
It’s an ironic side effect of an order ostensibly designed to keep Americans safe: They may no longer be able to get the latest security fixes.
“If you limit people’s ability to get security updates, you’re making the problem worse, not better,” said Alan Butler, senior counsel at the Electronic Privacy Information Center. “Most of those routers will turn into pumpkins in a year unless you extend this waiver.”
By saying you can update your firmware”at least until March 1, 2027,” the FCC leaves some wiggle room for extension. But until we know more about which companies the FCC thinks have been outsourced and which ones will be exempt, I won’t feel comfortable recommending spending money on the new route just yet.
Advice for urgent router needs
If your old router stops working, I wouldn’t tell you to wait for the FCC to give you the all-clear to switch back to Wi-Fi — the timeline for concern is more years than months. A good compromise might be to buy an older budget router than the latest Wi-Fi 7 model you’re looking at. But if you can wait a month or two, it’s worth using caution.
“I think this is going to be a mess very quickly,” Butler said.
This is the worst point in the process that we are likely to see. As the dust settles in the coming weeks, we’ll likely have a better idea of which routers will still be safe to use a year from now.
TP-Link is one of the most popular router brands in the US, and the subject of multiple government investigations in 2025.
Expert opinion: Is your current router still safe to use?
When I surveyed four cybersecurity experts, I was surprised to find that they were generally in favor of the FCC taking action to protect network security in theory, but criticized the execution.
“It’s going to impact a lot of harmless products to prevent a real problem,” Budington said. “And it’s not well targeted, because routers are only one part of the problem, as well as IoT devices.”
Concerns about national security risk
The FCC says routers manufactured abroad were “directly affected” by Volt, Flax and Salt Storm cyber attacks. This attack doesn’t necessarily target man-in-the-middle data, but it can make your router a tool to be used in a malicious attack.
“Every user who owns a router probably doesn’t know anything about it,” Butler said. “This is happening behind the scenes without their knowledge, and it doesn’t directly affect them in any way that they can see.”
In the Salt Storm attack, hackers gained access to data on millions of people through their internet providers, with the aim of obtaining information from court-ordered wiretaps. It was a bold example of the tried-and-true hacking method called “pray and pray”: Get the default login information and try it on as many connected devices as possible.
“It could be only one router in 5,000, but that would be bingo,” Sergey Shykevich, manager of threat intelligence at Check Point Research, told me about these types of attacks. “It’s mostly simple. In most cases, you don’t have to be a top actor, or even a country, to be successful.”
How to secure your router right now
It’s just as easy for hackers to gain access to your router’s default credentials as it is for you to change your settings. Most routers have an app that allows it update your login information from there, but you can also type your router’s IP address into a URL. This is separate from your Wi-Fi name and password, which should also be changed every six months or so. It’s also a good idea to keep your firmware updated, which you can do automatically in your router’s settings or by manually downloading updates from your router’s app or web portal.
When will we know more?
I wish I could point to another time when the FCC ordered a blanket ban on an entire category of consumer products, but nothing like this has happened before. Manufacturers can apply for “Conditional Approval,” and may be backstabbing for a decision. When I reached out to the FCC for more clarification on the order, I was directed to the commission’s “Consolidated List” FAQ page.
My best guess is that we’ll learn more about which companies are banned in the next month or so — an estimate borne out by two industry observers I spoke to. But the wait could be even longer. Budington told me that he thinks router companies can wait until the ban is lifted rather than rush to try to move all their chains to the US.
Regardless of how it pans out, we’ll probably look back on this as a tumultuous chapter in the router ban story. Unless you need a new router right away, there’s a good chance you’ll be able to make a more informed decision a month from now.
