EE Admits To Security Flaw In Brightbox Routers

EE says it is working on fix to security flaw that could expose customers’ personal information

EE has admitted to the existence of a flaw in the Brightbox routers it provides to the home broadband customers that could allow a hacker to remotely access user’s account and personal information.

The vulnerability, which apparently affects both the Brightbox 1 and 2 routers, was discovered by British security researcher Scott Helme, who outlines how “incredibly easy” it is for a hacker to gain access to the routers.

He says all an attacker would need to gain admin level control of the router is a Wi-Fi password, information that could be easily be shared by victims of a phising scam.

Helme suggests that someone with malicious intent could even gather enough personal information to cancel a broadband subscription altogether – running up costly cancellation fees for victims. EE disputes this, explaining that users would need more than an email or user name – the only information it says anyone would be able to obtain – to cancel the account.

EE Brightbox flaw

EE BrightboxEE, which has around 714,000 fixed line customers, has been supplying the Brightbox routers since early 2012 and it is suggested that around 300,000 users are affected. The company says it is “aware of Mr Helme’s article” and warned customers to remain vigilant.

“As is the case for all home broadband customers, regardless of their provider, it is recommend they only give network access to people they trust, “ says a spokesperson. “Customers should also be suspicious of any unsolicited emails and web pages, and keep their security software up to date.

The operator is working on a security update for the flaw and promises it will be delivered soon.

“We treat all security matters seriously, and while no personal data will be compromised by the device itself, we would like to reassure customers that we are working on a service update which we plan to issue shortly, and which will remotely and automatically update customers’ Brightboxes with enhanced security protection.”

Are you up to speed on 4G? Try our quiz!