Old Routers Pose Security Risk, Warns Which?

Consumer group Which? has issued a warning about unsecured routers that can no longer receive firmware updates.

The group said that its investigation found these old routers are often unsecured or have weak passwords, which coupled with a lack of updates and network vulnerabilities, poses a real risk.

The group had in December 2020 surveyed more that 6,000 adults to discover what routers they were using at home. It discovered that up to 7.5 million Brits could be using a router that is over five years old, and which is no longer being supported with firmware updates.

Router vulnerabilities

Which? said that it sent a selection of the most commonly used old devices to security specialists, Red Maple Technologies, to find out just how secure they are.

Of those tested by Red Maple, issues were discovered with more than half, from ISPs such as Virgin, Sky, TalkTalk, EE and Vodafone.

“Some of these models haven’t seen an update since 2018 at the latest, and some haven’t been updated since as far back as 2016, which could affect 6 million of these users,” said the group. “Without firmware and security updates, there’s no guarantee that security issues will be fixed. Routers might sit in the corner of the room collecting dust, but they’re a vital part of every day life.”

The main issues found with the old routers are weak default passwords – these passwords can be easily guessed by hackers, are common across devices and could grant someone access.

Another common problem found was local network vulnerabilities. This a lower risk vulnerability, as it requires a hacker to be in the vicinity of the router, but it could allow someone to gain complete control of your device.

Another issue found was a lack of updates. Firmware updates are important for both performance gains, but also to tackle security issues when they arise.

No updates

Most of the routers we looked at had not seen a security update since 2018 at the latest, with no guarantee of a new one in the near future. The routers on test weren’t all bad, though.

But it seems that while some routers were not updated since 2018, old routers from BT and Plusnet (which BT owns) had been recently updated and the specialists did not find any unfixed vulnerabilities or weak default passwords.

Which? provided a list of routers that it has discovered problems with. It recommends asking the ISP for a new router as soon as possible.

But it warned that only Virgin Media tends to give free upgrades. Other ISPs tend to levy a charge.

If this is the case, it said users should consider leaving their ISP if out of contract.

It should be remembered that security issues with routers have been a common theme for the best part of the past decade.

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Elon Musk Disagrees With US Tariffs On Chinese EVs

Tesla's Elon Musk confirms opposition to the Biden Administration's implementation of 100 percent tariffs on…

7 hours ago

Former Cybersecurity Boss Warns UK Not Heeding China Threat

Ciaran Martin, ex-chief executive of the National Cyber Security Centre, explains growing cyber threat posed…

9 hours ago

YouTube Threatens To Block Russian Protest Group’s Anti-War Content

YouTube threatens to pull anti-war content from Russian rights group, after complaint from Putin regime's…

10 hours ago

ICO Warns PSNI It Faces £750k Fine Over Data Breach

Police Service of Northern Ireland (PSNI) says it cannot afford a £750,000 fine from the…

12 hours ago

Apple Appeals Against EU’s $2bn Music Streaming Fine

Appeal begins appeal against European Commission's €1.84bn fine over Apple's alleged ‘anti-competitive’ music streaming restrictions

15 hours ago

OpenAI Agrees Content Deal With News Corp

Another content deal signed. Agreement reached between OpenAI and News Corp for permission to its…

16 hours ago