



An investigation by a UK consumer watchdog found that millions of households had older models of routers with various security flaws. Surprisingly, most of the vulnerable devices came from renowned UK internet providers such as EE, Sky, TalkTalk, Virgin Media and Vodafone.

This study covered security threats such as weak default passwords, lack of firmware updates, and local network vulnerabilities. Research shows that affected Internet users face serious router security risks, including hacking, spying, and redirection to malicious websites.

The report was in line with new government laws proposed to address the security issues of connected devices.

According to reports, users are unaware of security risks.

which? According to the report, most UK internet users were unaware of the router security risks posed by outdated equipment provided by internet providers.

About 7.5 million homes have been affected, 6 million haven’t updated their routers since 2016, most haven’t received any updates since 2018, another 2.4 million homes or 7 out of 13 routers haven’t been upgraded in the last 5 years Did not.

which? Computing editor Kate Bevan noted that reliance on old routers is a concern as reliance on the Internet increases during the epidemic.

which? We advised users to discuss old router upgrades with their internet providers, and the consumer surveillance team urged internet providers to be transparent about their plans to support continuous routers with firmware and security updates.

Internet service providers should be much clearer about how many customers are using old routers and should encourage people to upgrade devices that pose a security risk, Bevan said.

Security risks posed by outdated equipment include spying, hacking, and redirecting Internet users to malicious websites.

Similarly, some older router models have weak default passwords that can be easily cracked by cybercriminals. They are also exposed to various security risks due to lack of firmware updates. report.

The consumer watchdog team found that out of 13 router models offered by UK internet providers, two-thirds had various router security risks and would violate proposed government regulations.

But which are some older models? There were no security vulnerabilities. These include weak passwords, firmware updates, and older BT and Plusnet routers that have passed local network vulnerability testing.

The report also discovered a security vulnerability in EE Brightbox2, giving hackers full control over the device. This vulnerability could allow resident threat actors to install malware.

Internet Provider’s Conflict Security Risk Report

Internet service provider BT Group refused to supply vulnerable and outdated routers, claiming that older router models still received security updates.

Conversely, which one? The Brightbox 2 router powered by EE, which is part of the BT group, said it has found an active vulnerability.

Virgin Media also did not admit or accept claims that 90% of customers are using the latest Hub 3 or Hub 4 routers. which? Virgin explained that it counted only paying customers, not everyone using the router.

TalkTalk said earlier router models accounted for a very small percentage of networking devices. According to the company, customers can also change their passwords at will.

Plusnet said it monitored all routers for possible security threats and firmware updates. These updates happen automatically, so customers don’t have to worry.

Which is also Vodafone? All routers reported having device-specific passwords. The UK-based carrier added that it stopped supplying the HHG2500 router model in 2019.

Additionally, customers with HHG2500 router models will continue to receive firmware and security updates as long as their devices remain active customer subscriptions.

The company also encouraged users with default passwords to change using the instructions provided.

“Most devices that can be deployed today are updated automatically, from new Wi-Fi systems to connected exercise bikes,” said Tim Erlin, Tripwire’s vice president of product management and strategy. This is the level of automation we should expect from consumer devices, but it puts a strain on our vendors to deliver updates in a timely manner.

