Beware - your old router could be putting you at risk of cyberattack

(Image credit: Kittichai Boonpong / EyeEm)

Millions of homes across the UK could be at risk of being attacked due to the security flaws in old internet routers, new research has warned.

Consumer watchodg Which? has warned that around 7.5 million people are thought to be using devices that are falling short of upcoming government regulation on the security of connected devices.

Around six million of these could be using a router that has not been updated since 2018 or earlier, meaning they lack proper security updates and protection against the latest threats.

We've built a list of the best endpoint protection software available
Keep your devices virus free with the best malware removal software
Also check out our roundup of the best firewall

Router security risk

Which?'s report found that consumers will often use the router sent to them by their internet service provider (ISP) but not change any of the default security settings, including passwords. The report adds that around 2.4 million users are not thought to have had a router upgrade in the last five years.

The watchdog investigated 13 old router devices sent out by most of the UK's most popular ISPs, including EE, Sky, TalkTalk, Virgin Media and Vodafone. Nine of the routers were found to have significant security flaws, including using weak of default passwords, a lack of firmware updates, and in one case (the EE Brightbox 2), a local network vulnerability that could give a hacker full control of the device.

The UK government is set to bring in new rules governing the security protection of connected devices such as routers, but as the legislation is not yet in force, none of the ISPs investigated by Which? are breaking the law.

Which? is now calling on ISPs to make it easier for customers to get a router upgrade, and be clearer about how long routers will receive firmware and security updates. This is a key part of the proposed new government rules, but Which? is also asking for the government to ban default passwords as well as demanding that manufacturers stop consumers from setting weak passwords.

“Given our increased reliance on our internet connections during the pandemic, it is worrying that so many people are still using out-of-date routers that could be exploited by criminals," said Kate Bevan, Which? Computing editor.

“Internet service providers should be much clearer about how many customers are using outdated routers and encourage people to upgrade devices that pose security risks. Proposed new government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement.”

These are the best wireless routers around today

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.

Latest

Jelly Roll performs during The Beautifully Broken Tour at Little Caesars Arena on November 06, 2024 in Detroit, Michigan.

How to watch CMA Awards 2024 online – stream the 58th Annual Country Music Association Awards from anywhere

See more latest ►

Router security risk

Are you a pro? Subscribe to our newsletter

Most Popular