Millions of UK users are at risk of using insecure routers
Which? says old devices are not receiving updates leaving up to 7.5 million vulnerable
Millions of people in the UK could be using routers which are not secure, according to an investigation carried out by Which?
A survey of more than 6,000 adults conducted in December 2020 found that millions of households could be using devices which are more than five years old and are no longer being supported with firmware updates.
Which? claims it sent some of the most commonly used older devices to security specialists Red Maple Technologies, who discovered issues with more than half of them which included ISPs such as Virgin, Sky, TalkTalk, EE and Vodafone.
This could potentially affect up to 7.5 million Brits, Which? says, with some routers not being updated since 2016. The consumer not-for-profit has called for ISPs to do more to prevent security risks.
"We think it's unacceptable that customers are being left on old, unsupported kit - our research suggests that up to 2.4 million UK adults haven't had a new router in the past five years," Which? said.
"ISPs should be far more upfront about how long routers will be receiving firmware and security updates, and they should actively upgrade customers who are at risk.
"We went to the ISPs with our findings and most told us they would monitor devices for security threats, updating them if needed. However, there's no guarantee.
"BT Group told Which? that older routers still receive security patches if problems are found, but the EE Brightbox 2 has a security vulnerability that is still unfixed. Aside from Virgin Media, none of the ISPs we contacted gave a clear indication of customers using their old routers.
"Virgin said that it didn't recognise or accept the findings of our research and that nine in 10 of its customers are using the latest Hub 3 or Hub 4 routers. However, our survey was of all those using or with devices connected to the router, rather than just the paying account holders."
Among the security flaws discovered were weak default passwords which are easy to guess by hackers, as well as local network vulnerabilities which would allow hackers to direct users to malicious websites.
Which? also claims that most of the routers examined had not been updated since 2018 meaning potential security issues had not been fixed.
It recommends that customers check to see if they have a secure enough password and changing it if not, as well as trying to arrange an upgrade if your router is more than five years old.