blank
Connect with us

Technology

Millions with old routers at risk of being hacked in their homes, Which? warns

Published

on

photo of person typing on computer keyboard

Millions of internet users could be at risk of hacking attacks due to using outdated routers from their broadband providers that have security flaws, a Which? investigation has found. 

Households across the country are using their home broadband more than ever, to work, educate their children or keep in touch with loved ones.

But many are unaware that old equipment provided by internet service providers (ISPs), including EE, Sky, TalkTalk, Virgin Media and Vodafone, could be putting them at risk of hackers spying on what they are browsing online or even directing them to malicious websites used by scammers.

Which? investigated 13 old router models and found more than two-thirds, nine of them, had flaws that would likely see them fail to meet requirements proposed in upcoming government laws to tackle the security of connected devices. The legislation is not yet in force and so the ISPs aren’t currently breaking any laws or regulations.

The consumer champion’s lab testing identified a range of issues with the routers. These security risks could potentially affect around 7.5 million people, based on the number of respondents who said they were using these router models in Which?’s nationally representative survey.

Around six million people within this group of users could be using a router that has not been updated since 2018 or earlier. This means the devices have not been receiving security updates which are crucial for defending them against cyber criminals.

The Which? report found issues with the EE Brightbox 2 router that could allow a hacker to take control of the device

The problems uncovered by Which?’s lab tests on the old router models that failed were:

  • Weak default passwords, which in certain circumstances could allow a cyber criminal to hack the router and access it from anywhere;
  • a lack of firmware updates, which are vital for both security and performance;
  • a local network vulnerability issue with the EE Brightbox 2. This could give a hacker full control of the device, and for example allow them to add malware or spyware, although they would have to be on the network already to attack.

The survey also suggested that 2.4 million users haven’t had a router upgrade in the last five years.

Which? is concerned that many customers are being left using old kit, often with no guarantee of an upgrade, and is encouraging consumers in this position to talk to their broadband provider about getting an upgrade.

Advertisement

In contrast to the other ISPs, the old BT and Plusnet routers that Which? tested all passed the security tests – researchers didn’t find password issues, a lack of firmware updates or a local network vulnerability with these devices.

Advertisement

When Which? contacted the ISPs with its findings, most of them said that they monitor for security threats and provide updates if needed. BT Group told Which? that older routers still receive security patches if problems are found – although Which? did find an unfixed vulnerability on the EE (part of the BT Group) Brightbox 2 router.

Aside from Virgin Media, none of the ISPs Which? contacted gave a clear indication of the number of customers using their old routers. Virgin said that it did not recognise or accept the findings of the Which? research and that nine in 10 of its customers are using the latest Hub 3 or Hub 4 routers. However Which? notes that Virgin was counting just paying account holders, whereas Which?’s survey was of anyone using routers within a household.

Which? believes that ISPs should be more upfront about how long routers will receive firmware and security updates – one of the requirements of proposed government laws to tackle unsecure devices – and encourage people to upgrade devices that are at risk.

Advertisement

As part of its proposed legislation to tackle unsecure devices, Which? is also calling for the government to ban default passwords and also prevent manufacturers from allowing consumers to set weak passwords that may be easily guessable and hackable.

The consumer champion also believes broadband providers should be ready to respond when security researchers warn them about possible issues – and should make it easy for researchers to contact them. Only Sky, Virgin Media and Vodafone appeared to have dedicated web pages for this.

Consumers with routers that are five years old or more should ask their provider if the device is still supported with security updates and if it is not they should ask for an upgrade.

Advertisement

Kate Bevan, Which? Computing editor, said: “Given our increased reliance on our internet connections during the pandemic, it is worrying that so many people are still using out-of-date routers that could be exploited by criminals.

Advertisement

“Internet service providers should be much clearer about how many customers are using outdated routers and encourage people to upgrade devices that pose security risks.

“Proposed new government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement.”

Advertisement

Weak passwords – devices affected:

  •  TalkTalk HG533
  •  TalkTalk HG523a
  •  TalkTalk HG635
  •  Virgin Media Super Hub 2
  •  Vodafone HHG2500
  •  Sky SR101
  •  Sky SR102

Lack of updates – devices affected:

  • Sky SR101
  • Sky SR102
  • Virgin Media Super Hub
  • Virgin Media Super Hub 2
  • TalkTalk HG523a
  • TalkTalk HG635
  • TalkTalk HG533

Network vulnerabilities – devices affected:

  • EE Brightbox 2

The three routers that passed the security tests:

  • BT Home Hub 3B
  • BT Home Hub 4A
  • BT Home Hub 5B
  • Plusnet Hub Zero 2704N
Advertisement

A spokesperson for BT Group (BT and EE) said: “The vast majority of our customers are using our award winning BT Smart Hub 2 or EE Smart Hub.

Advertisement

“We want to reassure customers that all our routers are constantly monitored for possible security threats and updated when needed. These updates happen automatically so customers have nothing to worry about. If a customer has any issues, they should contact us directly and we will be happy to help.”

A Virgin Media spokesperson said: “We do not recognise or accept the findings of the Which? research – nine in ten of our customers are using the latest Hub 3 or Hub 4 routers. The safety and security of our customers is always a top priority and we have robust processes in place to protect them by rolling out security patches and firmware updates as well as issuing customer communications where necessary.”

TalkTalk said: “These routers make up a very small proportion of those in use by our customers. Customers using all of these routers can change their passwords easily at any time.”

Plusnet said: “We want to reassure customers that all our routers are constantly monitored for possible security threats and updates with firmware. These updates happen automatically so customers have nothing to worry about. If a customer has any issues, they should contact us directly and we will be happy to help.”

Sky did engage with Which? on its findings but did not provide a comment.

Advertisement

A Vodafone spokesperson said: “All new Vodafone routers have device specific passwords. Vodafone stopped supplying the HHG2500 router to customers in August 2019. Customers who still have the HHG2500 router will continue to receive firmware and security updates as long as the device remains on an active customer subscription. Customers who haven’t already changed their password should do so, following these instructions.”


Advertisement
Click to comment

Leave a Reply

Business

Neath-based Vortex IoT acquired by national tech company

Published

on

By

The Development Bank of Wales have announced that they have successfully exited Vortex IoT Limited just three years after providing initial pre-seed capital funding to the technology start-up that now employs 35.

The Neath-based supplier of environmental sensors, networks and data solutions has been acquired by  Marston Holdings, the UK’s leading provider of integrated, technology-enabled transport solutions. Figures have not been disclosed.

Advertisement

Marston supports government, utilities and private sector clients through the delivery of market leading integrated technology-enabled solutions from design through to implementation, management and recovery.  Marston’s clients include local authorities seeking to build environmental schemes that reduce congestion and pollution.  With the acquisition of Vortex, Marston will strengthen its offering by delivering complementary air quality solutions that maximise awareness, identify pollution hotspots and improve public health. 

Headquartered in Neath, Vortex IoT was founded by CEO Adrian Sutton and CTO Behzad Heravi. It is made up of a highly-skilled team of 35 that includes engineers with expertise in emerging technologies, Artificial Intelligence (AI), 5G, LiDAR laser technology and machine learning. 

As equity funders, the Development Bank of Wales invested £250,000 pre-Seed capital followed by a further £250,000 from the Wales Business Fund alongside London-based Start-up Funding Club (SFC Capital). Having enabled Vortex to scale-up in just three years, the Development Bank has now exited.

Adrian Sutton, CEO of Vortex IoT, commented: “Joining Marston Holdings accelerates Vortex IoT’s ability to deliver social value and environmental change for clients, and we’re delighted to collectively build on the existing relationships we have established as trusted partners to our clients in bringing cutting edge smart city and environmental monitoring solutions to market.

“The equity funding and support from the Development Bank made a difference to our business, enabling us to be at the forefront of the fight against climate change with the development of solutions that help reduce carbon emissions. It’s also what has given us the platform to build a business that is attractive to bigger players like Marston meaning that we can continue to grow with the benefit of the Welsh ecosystem all around us.”

Advertisement

Alexander Leigh, Senior Investment Executive with the Development Bank of Wales said: “As early investors in Vortex with pre-seed capital and follow-on funding, we are delighted to have supported the growth of this exciting business over the last three years.

“It’s hugely rewarding to exit a start-up after such a short period of time, particularly having seen the team benefit from the support available here in Wales. They could have set-up anywhere in the world but chose Wales because of our can-do attitude, the help available for entrepreneurs in the tech sector and the lower cost base.   

“Marston’s acquisition of Vortex now further accelerates the opportunity for the team to deliver their innovative air quality solutions that are very much needed for a zero-carbon economy whilst also continuing to invest in highly skilled jobs from their base in Neath. It’s a brilliant success story that we are really proud to have played a part in.  

The acquisition of Vortex follows the 2019 acquisitions of Videalert, a supplier of intelligent traffic management solutions; ParkTrade, a Swedish-based European tolling payments and collections business; and LogicValley, an Indian-based AI focused developer.  Vortex’s products further bolster Marston’s transportation technology division, ensuring Marston is best placed to meet the evolving needs of its client base. 

Mark Hoskin, Chief Commercial Officer at Marston Holdings added: “We have a long track record of successfully working in partnership with the public sector, and this acquisition reflects client feedback seeking innovative, technology-enabled solutions. COP26 demonstrated public support for driving the transition to a zero-carbon economy, and we’re pleased to further enhance our ability to support our clients and their residents through cleaner, healthier and more people-friendly communities.”

Advertisement
Continue Reading

Money

Broadband bills set to rise by staggering 10%

Published

on

By

person using laptop computer during daytime

New research from Choose finds 87% of broadband and mobile customers are unaware prices may increase by as much as 10% by April 2022.

With annual price rises linked to inflation set to come into force over the coming months, almost half of respondents (46%) did not know prices would be increasing at all.

Advertisement

Although knowledge of mid-contract price rises has improved since Tesco Mobile commissioned research in early 2021 and found 50% were unaware broadband and mobile bills could increase during a contract, 33% of respondents in Choose’s survey said they were unaware of this.

The survey also found a significant number of customers are unprepared for the annual round of price rises:

  • 1 in 4 (25%) said they would it financially difficult if their broadband and mobile bill went up by 10%
  • 11% said they wouldn’t be able to afford a 10% rise in their bills at all

Many broadband and mobile companies use the rate of inflation published in January to set their price increases with big names including BT, O2 and Vodafone adding a percentage to a CPI or RPI rate. However, inflation data published in December 2021 found RPI had reached its highest level since the 1990s to 7.1% and CPI was continuing to soar above the 2% inflation target, reaching 5.1%.

If inflation hits 6% in the upcoming figures, some households could be in line for 10% increases on their broadband and mobile bills at the same time as their finances are squeezed by expected energy bill hikes. This could see consumers paying an extra £111 million each month based on average household spend on broadband bills.

With 65% of broadband customers and 89% of mobile customers still in-contract according to Ofcom, there is no way for millions of customers to avoid paying the higher bills or incurring a prohibitive early termination fee.

While the regulator guards against inflation-beating price rises that would cause ‘material detriment’ to customers, these safeguards do not apply when a customer has signed a contract with inflation-beating annual price rises already included. With all but a handful of providers including hefty increases as standard, consumer choice is severely restricted.

Advertisement

Highlighting the seriousness of the situation, Hull incumbent KCOM have recently announced they’ll be waiving their contracted CPI + 3.9% increase due to the high living costs people are facing.

Lyndsey Burton, MD of Choose said, “It is time for Ofcom to act again on mid-contract price increases. They have previously brought in regulations specifically to prevent financial hardship, yet their safeguards are failing to protect customers from exactly that.

“The pandemic has demonstrated how reliant we are on broadband and mobile services to keep us connected to each other. Ofcom concede these are ‘essential’ services and yet they are failing in their duty to support customers’ ability to budget for them. As the current economic climate shows, CPI and RPI linked prices are difficult to plan for and customers will only get a few months’ notice before inflation-beating price rises are implemented.

“Broadband contracts are usually between 12 and 24 months in length, with many customers signing up to 18-month deals. Surely it is fair and reasonable to expect providers to fix their prices completely during the contract period to ensure customers know where they stand financially until the contract runs out.

“Ofcom either needs to ban mid-contract price hikes completely or, at the very least, they must set a cap that more fairly distributes inflationary costs.

Advertisement

“With little time for regulatory changes however, I hope we see more providers following in the footsteps of KCOM and waiving their annual rises in the coming months.”

Continue Reading

Motoring

New research shows smart electric vehicle charging can cut carbon footprint by 20% and save drivers £110 a year

Published

on

By

Drivers of electric vehicles could save an average of £110 a year – and cut their carbon footprint by 20% – by using “smart charging” to power up their cars at the best possible times, a report by a research team involving Swansea University experts has shown.

Smart charging helps spread out demand for electricity to avoid overloading the National Grid. This is a major issue given the huge growth in the number of electric vehicles, with up to 11 million forecast to be on Britain’s roads by 2030.

Advertisement

Already people can get cheaper electricity by charging at certain times, usually in the early hours of the morning. But smart charging could go much further than this. For example, it could mean charging when windy weather means surplus wind power is being generated, or having your charging automatically coordinated with your neighbours.

The report is based on research by the FRED project (Flexibly Responsive Energy Delivery). Led by Evergreen Smart Power, it also involved Swansea University energy experts from the SPECIFIC Innovation and Knowledge Centre, in collaboration with myenergi, GenGame, and Energy Systems Catapult.

The team recruited 250 members of the public who already had electric vehicles and were using myenergi’s zappi charging points and software to help them charge more efficiently.

Throughout the project Evergreen managed the FRED participants’ EV charging using its smart charging software platform. The platform used artificial intelligence to shift charging times to maximise efficiency and minimise cost. Participants supported the project by providing feedback as to how smart charging affected their driving experience.

The researchers found that smart charging cuts the cost of various charges that make up the overall price of energy for consumers.

Advertisement

This means an overall saving of £110 a year for an average electric vehicle driver – with even bigger savings if you drive, and therefore recharge, more than average

These savings come from various factors – for example avoiding times when network charges or energy wholesale prices are high, and switching customers to payment per half-hour rather than per hour

In addition they found that further savings of up to 45% are possible with better incentive schemes. Smart charging reduces the carbon footprint of car charging by over 20%, providing a strong environmental incentive.

Peter Bullock from Evergreen said: “Our research showed that smart charging using the platform can make a big difference, even where people are already charging efficiently. It cuts the cost and the carbon for cheaper, cleaner driving.In our emerging green energy system, the energy we generate – for example through wind and solar – can be variable. Luckily, with electric cars, it is easy to be flexible with the times we consume energy. This is where smart charging is crucial, helping us create an energy system that is both low-carbon and efficient.”

Mark Spratt from the SPECIFIC Innovation and Knowledge Centre at Swansea University said: “SPECIFIC created the Active Buildings on the Bay Campus to demonstrate how buildings that generate and store electricity can have a positive impact on the grid by managing their energy intelligently.  These buildings, together with our fleet of electric vehicles, provided an ideal platform for testing the smart charging strategies of the FRED project.

“The financial and carbon savings demonstrated in the FRED project are a validation of the need for Active Buildings as we make the transition to net zero.”

The project was made possible by support from the Department for Business, Energy, & Industrial Strategy’s Energy Entrepreneurs Fund. SPECIFIC’s contribution was enabled by funding from Innovate UK and the European Regional Development Fund through the Welsh Government.

Advertisement
Continue Reading
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

Trending

Copyright © 2021 Swansea Bay News