Millions of UK users are at risk of using insecure routers
They found millions could be using devices more than five
years old that are no longer being supported with firmware updates. They sent a
selection of the most used old devices to security specialists, Red
Maple Technologies, to find out just how secure they are, and discovered issues
with more than half, from ISPs such as Virgin, Sky, TalkTalk, EE and Vodafone.
This could potentially affect up to 7.5 million Brits based
on our survey. Some of these models haven’t seen an update since 2018 at the
latest, and some haven’t been updated since as far back as 2016, which could
affect six million of these users. Without firmware and security updates,
there’s no guarantee that security issues will be fixed. Routers might sit in
the corner of the room collecting dust, but they’re a vital part of everyday
life. Especially as we now need the internet more than ever to work, shop and
stay in touch with loved ones.
They focused our research on 13 older router models that are still being used, and most of them did not meet modern security standards. The key issues were: Weak default passwords. Hackers can easily guess these passwords, are common across devices and could grant someone access. This can be done from outside of the home network, so a hacker could access a router from anywhere in the world. Local network vulnerabilities. While the risk here is lower as a hacker would have to be in the vicinity of the router, vulnerabilities such as this could allow a cybercriminal to completely control your device, see what you’re browsing or direct you to malicious websites.
Lack of updates Firmware updates aren’t only important for performance, they’re also needed to fix security issues when they arise. Most of the routers they looked at hadn’t had a security update since 2018 at the latest, with no guarantee of a new one in the near future.
The routers on test weren’t all bad, though. Old devices from BT and Plusnet had been recently updated and they didn’t find any unfixed vulnerabilities or weak default passwords. If you have one of the below routers, we’d recommend asking your provider for an upgrade as soon as you can.
Weak passwords – devices affected:
Sky SR101
Sky SR102
TalkTalk HG523a
TalkTalk HG533
TalkTalk HG635
Virgin Media Super Hub 2
Vodaone HHG2500
Lack of updates – devices affected:
Sky SR101
Sky SR102
TalkTalk HG523a
TalkTalk HG635
TalkTalk HG533
Virgin Media Super Hub
Virgin Media Super Hub 2
Local network vulnerabilities – devices affected:
What to do if you’re affected If you own one of the routers listed with weak default passwords, the first thing you should do is change it.
If you’re using a device that’s no longer being updated, or if you’ve had your router for five years or more and know there are newer models available, you could try to arrange an upgrade. How easy this is to do depends on your situation and your internet provider.
When Which? asked, only Virgin Media said it gives free upgrades – customers with older routers can request a new one through the Connect app. Other providers may offer you a new model at a cost – a single upfront payment. Or in the case of Sky, you can sign up for Sky Broadband Boost, which involves a rolling £5 monthly payment and among other benefits, will get you upgraded to the latest router.
If you want a new router and you’re in contract It doesn’t hurt to ask. While an internet provider is not obliged to provide you with a new router for free, if you call and explain your concerns you might get lucky, especially if your router is quite old. If you’re not able to get a free upgrade, find out what your options are to work out your best next step.
In the meantime, make sure you change your default router password if you feel it’s not strong enough. If you want a new router and you’re out of contract When your contract expires you have a number of options – not least threatening to leave. If you want to stay with your provider, say you’ll recontract with them if they provide you with a new router. If your router is old and they refuse, you should seriously consider switching. A new contract with a new provider should afford you their latest equipment, which includes a new router.
This can also save you money – in a recent survey of more than 2,000 broadband customers, 19% were likely to be out of contract and at risk of overpaying. And if you’re on standard broadband, an upgrade to fibre broadband will get you faster speeds and greater reliability.