Chinese routers to be banned in the US also widespread in Estonia
Routers manufactured by Chinese company TP-Link, which are set to be banned in the United States, are widely used in Estonia as well. However, according to the Estonian Information System Authority (RIA), it has no legal basis to approve or prohibit devices from any specific manufacturer.
This week, The Wall Street Journal reported that the United States plans to ban routers made by Chinese manufacturer TP-Link, citing security risks. TP-Link devices have been linked to cyberattacks carried out by Chinese hackers.
Estonian electronics stores also offer a wide selection of routers from the same manufacturer. Arno Põder, communications specialist at the Estonian Information System Authority (RIA), confirmed to ERR that TP-Link routers are popular in the lower price range and, as a result, widely used in Estonia.
"Security vulnerabilities have been discovered and exploited in routers from various manufacturers in recent years. Therefore, it is essential to apply software updates as soon as they are released by the manufacturer," Põder said.
He added that TP-Link routers are especially popular among home users and small business owners, many of whom do not prioritize cybersecurity.
"Thus, consumer choices and responsibility are also important. For instance, deciding whether to buy the cheapest device on the market, failing to change the default password, not updating the software and so on," he said. Põder recommended researching the manufacturer's background and comparing products from different brands online before purchasing a new device.
According to Põder, the RIA does not have the legal authority to approve or reject devices from specific manufacturers. However, it can assist organizations and companies in assessing cybersecurity risks associated with device usage, which is mandatory for providers of essential services in Estonia.
One of the main risks of using Chinese technology is that Chinese companies are legally required to cooperate with state intelligence agencies and share data collected during their business activities.
"Such data could be used by the Chinese government for purposes like training artificial intelligence or other activities. Therefore, it is advisable for government institutions, critical infrastructure and technology companies, as well as universities – entities that might be of heightened interest to foreign intelligence services – to exercise caution when using Chinese devices," Põder said.
He also noted that over-reliance on the technology of a single country or manufacturer poses additional risks in the long term.
Põder pointed out that under Estonia's Electronic Communications Act, hardware or software used in communication networks must not compromise national security. The law requires telecom operators to obtain a permit from the Consumer Protection and Technical Regulatory Authority (TTJA) for the use of such hardware or software in communication networks. However, this requirement does not extend to so-called customer premises equipment, such as routers.
A broader regulation on device security will come into force in the European Union in 2027.
TP-Link currently holds approximately 65 percent of the U.S. home and small business router market, and its devices are also used by the U.S. Department of Defense and other government agencies.
An analysis published by Microsoft in October revealed that Chinese hackers have used TP-Link routers to carry out cyberattacks. The targets included think tanks, government organizations, non-governmental organizations and defense contractors.
--
Follow ERR News on Facebook and Twitter and never miss an update!
Editor: Karin Koppel, Marcus Turovski