The FCC will ban new foreign-made routers in the U.S. over security risks, unless approved by DHS or defense authorities. The U.S. FCC announced a ban on importing new foreign-made consumer routers, citing unacceptable cyber and national security risks. The decision, backed by Executive Branch assessments, means such devices can no longer be sold or […] The FCC will ban new foreign-made routers in the U.S. over security risks, unless approved by DHS or defense authorities. The U.S. FCC announced a ban on importing new foreign-made consumer routers, citing unacceptable cyber and national security risks. The decision, backed by Executive Branch assessments, means such devices can no longer be sold or marketed in the U.S. unless they receive special approval. Routers will be added to the Covered List, with exceptions only for those cleared by the Department of Homeland Security or defense authorities after the Department of Homeland Security or defense authorities verify they pose no threat to communications networks. “Today, the Federal Communications Commission updated its Covered List to include all consumer-grade routers produced in foreign countries. Routers are the boxes in every home that connect computers, phones, and smart devices to the internet.” reads the announcement published by FCC. “This followed a determination by a White House-convened Executive Branch interagency body with appropriate national security expertise that such routers “pose unacceptable risks to the national security of the United States or the safety and security of United States persons.”” The U.S. “Covered List” is a security list maintained by the Federal Communications Commission under the Secure and Trusted Communications Networks Act. It identifies communications equipment and services that pose national security risks to U.S. networks. Anything placed on this list is effectively banned from being authorized, marketed, or sold in the United States. U.S. authorities warn that foreign-made routers create serious supply chain and cybersecurity risks, potentially disrupting the economy, critical infrastructure, and national defense. Policy guidance stresses reducing dependence on foreign components for essential technologies. These routers have already been exploited by threat actors for hacking, espionage, and intellectual property theft, and were linked to major cyber espionage campaigns like Volt Typhoon, Flax Typhoon, and Salt Typhoon targeting U.S. infrastructure. Manufacturers can still request Conditional Approval if their devices are proven safe. The rules apply only to new models, meaning existing routers already in use or previously approved can still be sold and used without restrictions. Currently, only a few products, like drones and software-defined radios from SiFly Aviation, Mobilicom, ScoutDI, and Verge Aero, are approved. Router manufacturers can seek Conditional Approval, while U.S.-made devices such as Starlink routers are exempt. The FCC warns foreign routers pose major supply chain and cybersecurity risks, potentially disrupting infrastructure and the economy. Weak security in home and small office routers has already been exploited for hacking, espionage, and data theft, and can also turn devices into botnets for large-scale cyberattacks. Follow me on Twitter: @securityaffairs and Facebook and Mastodon Pierluigi Paganini (SecurityAffairs hacking, router)
Published: 2026-03-25T11:22:21