In Depth

Outdated routers ‘pose hacking risk’ to millions of internet users

New research suggests two-thirds of older network devices in use in UK may have security flaws

Millions of internet users in the UK are at risk of being hacked as a result of “outdated” routers, according to a new Which? report.

A study by the consumer group found that more than two-thirds of older router models provided to customers by internet providers including EE, Sky and Virgin Media had security flaws that could enable hackers to access their network.

Of 13 models scrutinised by the researchers, nine “would fail to meet requirements proposed as part of government plans to improve legislation around connected devices”, the Manchester Evening News reports. 

Which? estimates that as many as 7.5 million people in the UK could be affected by the flaws, which include weak, easily guessable default passwords and a lack of security updates designed to protect customers from new viruses.

The devices found to be lacking in updates include: Sky SR101 and SR102, Virgin Media Super Hub and Super Hub 2, as well as TalkTalk HG635, HG523a, and HG533.

Other problems revealed in the lab tests include “a network vulnerability with EE’s Brightbox 2, which could give a hacker full control of the device”, reports the BBC.

In response, Virgin said that it did not “recognise or accept the findings of the Which? Research”, and that 90% of its customers were using its latest router models. BT, which owns EE, also said that “the vast majority” of its customers used the latest modem.

 TalkTalk said the routers that were analysed represented a “very small proportion” of those in use by its customers, who can “change their passwords easily at any time”.

And Vodafone reports that one of its devices examined by Which? had not been supplied to customers beyond August 2019, adding that updates would continue “as long as the device remains on an active customer subscription”.

All the same, Which? computing editor Kate Bevan argues that new government legislation “can’t come soon enough”.

“Internet service providers should be much clearer about how many customers are using outdated routers and encourage people to update devices that pose security risks,” she said.  Under the proposed laws, easy-to-guess default passwords will be banned on virtually all devices, and manufacturers of smart devices will have to say when devices stop receiving security updates. New rules will also be introduced to make it easier for users to report software bugs that could be exploited by hackers.

Recommended

How police ‘missed opportunities’ to prevent Manchester Arena bombing
Paramedics arrive at the Manchester Arena in 2017
Why we’re talking about . . .

How police ‘missed opportunities’ to prevent Manchester Arena bombing

Is the Conservatives’ ‘blue wall’ beginning to crumble?
New Lib Dem MP Sarah Green
Today’s big question

Is the Conservatives’ ‘blue wall’ beginning to crumble?

NHS facing ‘biggest pressure in history’ as 12 million await treatment
Health Secretary Matt Hancock
The latest on . . .

NHS facing ‘biggest pressure in history’ as 12 million await treatment

Quiz of The Week: 12 - 18 June
Matt Hancock meets paramedics at Chelsea & Westminster Hospital
Quizzes and puzzles

Quiz of The Week: 12 - 18 June

Popular articles

The GB News reviews: foxy, fresh or utterly deadly?
GB News launch
In Review

The GB News reviews: foxy, fresh or utterly deadly?

Sex doll’s husband considers dating humans
A sex doll
Tall Tales

Sex doll’s husband considers dating humans

Inside Boris Johnson’s plan for how the UK can ‘live with Covid’
Boris Johnson walks up Downing Street to No. 10
Behind the scenes

Inside Boris Johnson’s plan for how the UK can ‘live with Covid’