UK ISPs ‘At Risk Of Attack’ Due To Security Failings

The companies responsible for providing the UK’s internet could be in danger of putting millions of customers at risk due to widespread shortcomings in their online security, a new report has warned.

Security researcher Paul Moore examined the publicly available information of the six largest ISPs in the UK and found plenty of bugs that could be used by hackers.

The companies involved included Virgin Media, TalkTalk. EE, BT, PlusNet and Sky, and followed the major data breach that hit TalkTalk last month.

Under attack

And Moore says that his research showed that the attack on TalkTalk could have affected any of the other providers.

“There have been a couple of incidents where I had to contact ISPs to report things that were serious,” he told the BBC, noting that many of the companies had since contacted him in order to improve their security protection.

“Ordinarily they would not be so open and honest with me but, after what happened at TalkTalk, they have been stepping in quickly,” he said.

“On one occasion I notified BT and PlusNet about a bug at 14:00 and they kept people back until 22:00 to fix it.”

Moore’s research uncovered a range of security failings, including passwords being stored in plain text, exposed code that would allow hackers to inject their own code on to ISPs’ websites and potentially load malware on to them.

There were also issues with website encryption certificates which would have allowed anyone to apply for administrative control over them from the certificate authority and then pose as the webmaster for websites owned by an ISP.

Following the attack on their network, TalkTalk confirmed that 156,959 customers had had their personal details accessed.

Of that, no more than 15,656 bank account numbers and sort codes were accessed. The ISP also admitted that 28,000 obscured credit and debit card numbers were also accessed.

Are you a data breach expert? Take our quiz to find out!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

Intel ‘Playing Politics’ Over Delayed Ohio Chip Factory, Alleges Governor

Ohio Governor Mike DeWine alleges Intel's Ohio factory delay is a negotiating tactic, despite Pat…

3 hours ago

Steve Jobs Posthumously Awarded US Medal Of Freedom

President Joe Biden has named Apple co-founder and former CEO Steve Job, as a posthumous…

4 hours ago

Twitter Seeks Judicial Review Of Indian Takedown Order

Clash continues, Twitter court challenge against Indian government order to remove certain content it deems…

5 hours ago

TikTok ‘Halts E-Commerce Expansion Plans’

TikTok reportedly scraps plans to expand TikTok Shop livestream commerce in Europe and US after…

24 hours ago

European Parliament Passes Landmark Tech Regulations

European Parliament votes to adopt Digital Markets Act and Digital Services Act, but campaigners warn…

1 day ago

Indian Economic Police Raid Offices Of Smartphone Maker Vivo

Indian economic crime agency Enforcement Directorate raids dozens of locations across India belonging to China's…

1 day ago