Get all your news in one place.

100's of premium titles.
One app.

Start reading

Get all your news in one place.

100's of premium titles. One news app.

Start reading

Daily Mirror

Business

Emma Munbodh

10 Wi-Fi router models that could leave your home at risk of being hacked

Millions of people are at risk of being hacked in their own homes due to old and out-of-date Wi-Fi routers, a report has warned.

Consumer group Which? said 7.5milion households are at risk of cyber-attacks due to outdated routers from broadband providers that have security flaws.

People across the country are using their home broadband more than ever to work, educate their children or keep in touch with loved ones.

But it said equipment provided by internet service providers including EE, Sky, TalkTalk, Virgin Media and Vodafone in the past five years could be putting families at risk of hackers spying on what they are browsing online or even directing them to malicious websites used by scammers.

Is your Wi-Fi router up to date? (Getty)

Which? investigated 13 old router models and found nine of them had flaws that would likely see them fail new security laws currently being passed through Parliament.

The consumer group's lab testing found many have not received security updates in years.

The models that failed had weak default passwords and a lack of firmware updates – which meant some had not been updated since 2016.

It also identified a local network vulnerability issue with the EE Brightbox 2 which it said could give a hacker full control of the device, and allow them to add malware or spyware, although they would have to be on the network already to attack.

However, all old BT and Plusnet routers passed the security tests. Researchers said they did not find password issues, a lack of firmware updates or a local network vulnerability with these devices.

The government is planning a new law to make sure virtually all smart devices meet new safety checks (PA)

The consumer group is calling for the government to ban default passwords and also prevent manufacturers from allowing consumers to set weak passwords that may be hackable.

Kate Bevan, computing editor at Which?, said customers to speak to their supplier for an updated device if they have a particularly old router that may be failing security checks.

“Given our increased reliance on our internet connections during the pandemic, it is worrying that so many people are still using out-of-date routers that could be exploited by criminals," he added.

“Internet service providers should be much clearer about how many customers are using outdated routers and encourage people to upgrade devices that pose security risks.

“Proposed new government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement.”

The government is planning a new law to make sure all smart devices meet new safety checks.

This would include telling the customer the how long their device will qualify for security updates for at the point of sale.

New laws will also include a ban on manufacturers using universal default passwords, such as ‘password’ or ‘admin’ (AFP via Getty Images)

It will also include a ban on manufacturers using universal default passwords, such as ‘password’ or ‘admin’.

In response to the findings, BT, which also owns EE, said: “The vast majority of our customers are using our award winning BT Smart Hub 2 or EE Smart Hub.

“We want to reassure customers that all our routers are constantly monitored for possible security threats and updated when needed. These updates happen automatically so customers have nothing to worry about. If a customer has any issues, they should contact us directly and we will be happy to help.”

A Virgin Media spokesperson said: “We do not recognise or accept the findings of the Which? research – nine in ten of our customers are using the latest Hub 3 or Hub 4 routers.

“The safety and security of our customers is always a top priority and we have robust processes in place to protect them by rolling out security patches and firmware updates as well as issuing customer communications where necessary.”

Virgin Media said it completely disagrees with the allegations (Universal Images Group via Getty Images)

TalkTalk said: “These routers make up a very small proportion of those in use by our customers. Customers using all of these routers can change their passwords easily at any time.”

Plusnet added: “These updates happen automatically so customers have nothing to worry about. If a customer has any issues, they should contact us directly and we will be happy to help.”

Vodafone said: “All new Vodafone routers have device specific passwords. Vodafone stopped supplying the HHG2500 router to customers in August 2019.

“Customers who still have the HHG2500 router will continue to receive firmware and security updates as long as the device remains on an active customer subscription.”