Older broadband routers are vulnerable to hackers, report warns

New research from Which? suggests a number of older devices could house security flaws which make them vulnerable to hackers.
Technology Ethernet Cable Stock
PA Archive
Martyn Landi5 May 2021

Millions of households across the UK could be vulnerable to hackers because of old broadband routers which have security flaws, consumer group Which? has said.

The organisation said its testing of a number of old router models used by internet service providers found two-thirds contained a security flaw that could allow hackers access to the network.

The Which? research suggested a number of the devices had weak default passwords that were easily guessable and could therefore enable a hacker to gain access, while others did not receive regular security updates designed to protect them from new viruses or had other local network vulnerabilities.

Hacking a router can give attackers the ability to spy on people as they browse online and even direct them to malicious websites.

Which? said routers from EE, Sky, TalkTalk Virgin Media and Vodafone were among those affected.

Proposed new government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement

Kate Bevan

As part of its investigation, Which? said it tested 13 older router models for flaws and found that nine of them would fail to meet requirements proposed as part of Government plans to improve legislation around connected devices.

The consumer group said as many 7.5 million people could potentially be affected by the apparent flaws, based on a survey of people by Which? who were found to be using the affected models.

Kate Bevan, Which? computing editor, said: “Given our increased reliance on our internet connections during the pandemic, it is worrying that so many people are still using out-of-date routers that could be exploited by criminals.

“Internet service providers should be much clearer about how many customers are using outdated routers and encourage people to upgrade devices that pose security risks.

“Proposed new government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement.”

In response to the research, Virgin Media said it did not “recognise or accept the findings” of the Which? research and that 90% of its customers were using its latest router models.

“The safety and security of our customers is always a top priority and we have robust processes in place to protect them by rolling out security patches and firmware updates as well as issuing customer communications where necessary,” a Virgin Media spokesperson said.

The BT Group which also owns EE, said it wanted to “reassure customers that all our routers are constantly monitored for possible security threats and updated when needed”.

“These updates happen automatically so customers have nothing to worry about. If a customer has any issues, they should contact us directly and we will be happy to help,” the company said.

In response to Which?’s warning that older routers had weak default passwords, TalkTalk said a “very small proportion” of the affected devices were being used by customers and users can “change their passwords easily at any time”.

Vodafone said it had stopped supplying one of the devices named in the research in August 2019 and the other “will continue to receive firmware and security updates as long as the device remains on an active customer subscription”.

Create a FREE account to continue reading

eros

Registration is a free and easy way to support our journalism.

Join our community where you can: comment on stories; sign up to newsletters; enter competitions and access content on our app.

Your email address

Must be at least 6 characters, include an upper and lower case character and a number

You must be at least 18 years old to create an account

* Required fields

Already have an account? SIGN IN

By clicking Create Account you confirm that your data has been entered correctly and you have read and agree to our Terms of use , Cookie policy and Privacy policy .

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in