Millions of UK internet users can be at risk of hacking attacks as a result of using outdated routers running on software with security flaws. What? research has found.
The organization found that legacy equipment provided by some of the largest Internet Service Providers (ISPs), including EE, Sky, Talk Talk, Virgin Media and Vodafone, can put users at risk for cyber-attacks.
This includes the ability for hackers to spy on what they are browsing online or even redirect them to malicious websites used by scammers. Compromised routers can also be enrolled into botnets by hackers and used to conduct DDoS attacks on Internet services.
The investigation covered 13 old router models and found that nine of them had flaws that would likely make them fail to meet the requirements proposed in upcoming government laws to address the security of connected devices.
The legislation is not yet in effect, so the ISPs are not currently in violation of any laws or regulations. Which? said the security risks may affect about 7.5 million people, based on the number of respondents who said they were using the older router models.
About six million people within this group of users could use a router that hasn’t been updated since 2018 or earlier. Issues revealed include weak default passwords, which allow a cyber criminal to hack and access the router remotely, a lack of security firmware updates, and a local network vulnerability issue with the EE Brightbox 2 that a hacker can take full control of.
about the device. The survey of 6,026 UK adults also suggested that 2.4 million users have not had a router upgrade in the past five years. Aside from Virgin Media, none of the ISPs. Which one? contacted about the problem gave a clear indication of the number of customers using their old routers.
Virgin said it was the findings of the Which? research and that nine out of ten customers are using the latest Hub 3 or Hub 4 routers.
Which? Computer editor Kate Bevan said, “Given our increased dependence on our Internet connections during the pandemic, it is worrying that so many people are still using outdated routers that can be exploited by criminals.
“Internet service providers should be much clearer about how many customers are using legacy routers and encourage people to upgrade devices that pose security risks.
“Proposed new government laws to address devices with poor security cannot come fast enough – and must be backed by strong enforcement.”