Millions at security risk from old routers, Which? warns

By Explorer -

 Millions of people could be using outdated routers that put them at risk of being hacked, Which? has warned.

The consumer watchdog examined 13 models provided to customers by internet-service companies such as EE, Sky and Virgin Media and found more than two-thirds had flaws.

It estimated about six million people could have a device not updated since 2018 or earlier.

So, in some cases, they would not have received crucial security updates.

Weak passwords

Problems found by its lab tests included:

  • weak default passwords cyber-criminals could hack were found on most of the routers
  • a lack of firmware updates, important for security and performance
  • a network vulnerability with EE's Brightbox 2, which could give a hacker full control of the device

The devices found to be lacking in updates included:

  • Sky SR101 and SR102
  • Virgin Media Super Hub and Super Hub 2
  • TalkTalk HG635, HG523a, and HG533

Several routers from BT, including the Home Hub 3B, 4A and 5B, and Plusnet's Hub Zero 270N, passed all the security tests.

The government plans to ban default passwords being preset on devices, as part of upcoming legislation covering smart devices. 

It is also planning to make manufacturers:

  • tell customers for how long their device will receive security-software updates 
  • provide a public point of contact to make it simpler for anyone to report a vulnerability

Which? computing editor Kate Bevan said that proposed legislation "can't come soon enough".

"Internet service providers should be much clearer about how many customers are using outdated routers and encourage people to update devices that pose security risks," she added.

'Constantly monitored'

In response, Virgin said nine out of 10 of its customers were using its latest modem and it did not "recognise or accept the findings of the Which? research".

BT, which owns EE, also said "the vast majority of its customers" used its latest modem.

"We want to reassure customers that all our routers are constantly monitored for possible security threats and updated when needed," it said. 

"These updates happen automatically so customers have nothing to worry about."

TalkTalk said the routers looked at in the research represented a "very small proportion" of those in use - and customers could easily change their passwords at any time.

And Vodafone said its HHG2500 router examined by Which? had not been supplied to customers beyond August 2019 but updates would continue "as long as the device remains on an active customer subscription".

Sky engaged with the research but did not provide a comment.

'Remotely hijacked'

Pen Test Partners security consultant Ken Munro said the research mirrored his own.

"We have been trying to convince one of the ISPs in question to fix a critical security flaw that allows several million of their customer routers to be remotely hijacked and gain access to home networks," he said.

"We reported the issue over a year ago - but they have procrastinated multiple times."

Mr Munro also suggested ISPs could be "reluctant to push updates to routers in case they fail in the process".

Source: https://www.bbc.com/news/technology-56996717

Comments

Post a Comment

Popular posts from this blog

How a cyber attack hampered Hong Kong protesters

By Explorer -
Image
Massive public protests taking place in Hong Kong over the past week are aimed at a new extradition law, known as the Fugitive Offenders Ordinance , that would see accused criminals extradited to mainland China to face prosecution. Hongkongers feel the law could be used to legalise the kidnapping of people who express views, and act in ways, that are not popular with the Chinese government . The same law could also be used to extradite tourists and visitors to China who are arrested on suspicion of having committed these crimes. Protesters want the bill scrapped. For now, debate of the legislation has been postponed . Organisers say one million people turned out for the protests, while police estimate the number was around 240,000. Either way, it was a significant number of Hong Kong’s 7.5 million population. Commentators on Twitter remarked on how well organised the protesters were. So, how did they do it? Protesters across the world are using n
Read more

‘Not Hospital, Al-Shifa is Hamas Hideout & HQ in Gaza’: Israel Releases ‘Terrorists’ Confessions’ | Exclusive

By Explorer -
 According to a video of interrogation of "Hamas terrorists" released by Israel Security Agency Shin Bet, accessed exclusively by News18, "The Shifa hospital has been made with many considerations as Hamas knew that medical places won’t be attacked by the enemy. Equipment, explosives and other material has been kept there." Hamas is using hospitals in Gaza as covers and have turned them into ammunition depots, according to a video of interrogation of “Hamas terrorists" released by  Israel Security Agency  Shin Bet, accessed exclusively by News18. ALSO READ | Israel-Hamas War LIVE Updates  HERE The Israeli military has claimed that those featuring in the video released on Saturday are Hamas terrorists, who participated in the  October 7 attack  on Israel. “Most of the tunnels are hidden in hospitals. There are multiple underground levels. Al-Shifa Hospital is not small, it is a big place that can be used to hide things," a man is seen saying. “The Al-Shifa
Read more

Islam Has Massacred Over 669+ Million Non-Muslims Since 622AD

By Explorer -
Image
In fact, no ideology has been as genocidal as Islam… Islam has killed more than 5 times the number of people killed by communism. In the total numbers we have updated over 80 million Christians killed by Muslims in 500 years in the Balkan states, Hungary, Ukraine, Russia. Then we have India. The official estimate number of Muslim slaughters of Hindus is 80 million. However, Muslim historian Firistha (b. 1570) wrote (in either Tarikh-i Firishta or  the Gulshan-i Ibrahim) that Muslims slaughtered over 400 million Hindus up to the peak of Islamic rule of India, bringing the Hindu population down from 600 mil to 200 million at the time. With these new additions the Muslim genocide of non-Muslims since the birth of Mohammed would be  over 669 million murders. Islam: The Religion of Genocide Perspective:   Think the Spanish inquisition was bad? More people are killed by Islamists each year than in all 350 years of the Spanish Inquisition* combined. The Spanish inquisition ( Tribunal del Sant
Read more