Millions of broadband users could be at risk of cyber attack due to ageing internet routers in their homes. That’s the latest findings from a new report from consumer group Which? who says outdated equipment supplied by some Internet Service Providers (ISPs) have serious security flaws which could make it simple for hackers to access personal information or direct people to malicious websites.
ISPs including EE, Sky, Virgin Media and Vodafone were all found to have old equipment still in use with issues such as weak default passwords and a lack of firmware updates – which keep devices safe from new threats – just some of the problems discovered.
Which? says that it investigated 13 old router models and found more than two-thirds, nine of them, had flaws. These issues would likely see them fail to meet requirements proposed in upcoming government laws to tackle the security of connected devices. This new legislation is yet to come into force and so, right now, ISPs aren’t currently breaking any laws.
Another concern is that Which? also found that that a whopping 2.4 million users haven’t had a router upgrade in the last five years.
If you think that your equipment is well past its sell-by date, then it’s a good idea to ring your ISP and ask if they are offering an upgrade to the latest kit. Along with being faster and more powerful, it should solve any security nightmares.
When Which? contacted the ISPs with its findings, most of them said that they monitor for security threats and provide updates if needed.
Aside from Virgin Media, none of the ISPs Which? contacted gave a clear indication of the number of customers using their old routers. Virgin said that it did not recognise or accept the findings of the Which? research and that nine in 10 of its customers are using the latest Hub 3 or Hub 4 routers.
One company that did perform better was BT with its devices all getting regular upgrades.
BT told Which? that older routers still receive security patches if problems are found – although Which? did find an unfixed vulnerability on the EE (part of the BT Group) Brightbox 2 router.
Speaking about the report, Kate Bevan, Which? Computing editor, said: “Given our increased reliance on our internet connections during the pandemic, it is worrying that so many people are still using out-of-date routers that could be exploited by criminals.
“Internet service providers should be much clearer about how many customers are using outdated routers and encourage people to upgrade devices that pose security risks.
“Proposed new government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement.”
Weak passwords – devices affected: TalkTalk HG533 • TalkTalk HG523a • TalkTalk HG635 • Virgin Media Super Hub 2 • Vodafone HHG2500 • Sky SR101 • Sky SR102 •
Lack of updates – devices affected: Sky SR101 • Sky SR102 • Virgin Media Super Hub • Virgin Media Super Hub 2 • TalkTalk HG523a • TalkTalk HG635 • TalkTalk HG533
Network vulnerabilities – devices affected: EE Brightbox 2
The three routers that passed the security tests: BT Home Hub 3B • BT Home Hub 4A • BT Home Hub 5B
Published at Thu, 06 May 2021 06:07:08 +0000