Older broadband routers are vulnerable to hackers, report warns
Millions of households across the UK could be vulnerable to hackers because of old broadband routers which have security flaws, consumer group Which? has said.
The organisation said its testing of a number of old router models used by internet service providers found two-thirds contained a security flaw that could allow hackers access to the network.
The Which? research suggested a number of the devices had weak default passwords that were easily guessable and could therefore enable a hacker to gain access, while others did not receive regular security updates designed to protect them from new viruses or had other local network vulnerabilities.
Hacking a router can give attackers the ability to spy on people as they browse online and even direct them to malicious websites.
Which? said routers from EE, Sky, TalkTalk, Virgin Media and Vodafone were among those affected.
As part of its investigation, Which? said it tested 13 older router models for flaws and found that nine of them would fail to meet requirements proposed as part of Government plans to improve legislation around connected devices.
The consumer group said as many 7.5 million people could potentially be affected by the apparent flaws, based on a survey of people by Which? who were found to be using the affected models.
Kate Bevan, Which? computing editor, said: “Given our increased reliance on our internet connections during the pandemic, it is worrying that so many people are still using out-of-date routers that could be exploited by criminals.
“Internet service providers should be much clearer about how many customers are using outdated routers and encourage people to upgrade devices that pose security risks.
“Proposed new government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement.”
In response to the research, Virgin Media said it did not “recognise or accept the findings” of the Which? research and that 90% of its customers were using its latest router models.
“The safety and security of our customers is always a top priority and we have robust processes in place to protect them by rolling out security patches and firmware updates as well as issuing customer communications where necessary,” a Virgin Media spokesperson said.
The BT Group, which also owns EE, said it wanted to “reassure customers that all our routers are constantly monitored for possible security threats and updated when needed”.
“These updates happen automatically so customers have nothing to worry about. If a customer has any issues, they should contact us directly and we will be happy to help,” the company said.
In response to Which?’s warning that older routers had weak default passwords, TalkTalk said a “very small proportion” of the affected devices were being used by customers and users can “change their passwords easily at any time”.
Vodafone said it had stopped supplying one of the devices named in the research in August 2019 and the other “will continue to receive firmware and security updates as long as the device remains on an active customer subscription”.