Connect with us


Millions with old routers at risk of being hacked in their homes, Which? warns



photo of person typing on computer keyboard

Millions of internet users could be at risk of hacking attacks due to using outdated routers from their broadband providers that have security flaws, a Which? investigation has found. 

Households across the country are using their home broadband more than ever, to work, educate their children or keep in touch with loved ones.

But many are unaware that old equipment provided by internet service providers (ISPs), including EE, Sky, TalkTalk, Virgin Media and Vodafone, could be putting them at risk of hackers spying on what they are browsing online or even directing them to malicious websites used by scammers.

Which? investigated 13 old router models and found more than two-thirds, nine of them, had flaws that would likely see them fail to meet requirements proposed in upcoming government laws to tackle the security of connected devices. The legislation is not yet in force and so the ISPs aren’t currently breaking any laws or regulations.

The consumer champion’s lab testing identified a range of issues with the routers. These security risks could potentially affect around 7.5 million people, based on the number of respondents who said they were using these router models in Which?’s nationally representative survey.

Around six million people within this group of users could be using a router that has not been updated since 2018 or earlier. This means the devices have not been receiving security updates which are crucial for defending them against cyber criminals.

The Which? report found issues with the EE Brightbox 2 router that could allow a hacker to take control of the device

The problems uncovered by Which?’s lab tests on the old router models that failed were:

  • Weak default passwords, which in certain circumstances could allow a cyber criminal to hack the router and access it from anywhere;
  • a lack of firmware updates, which are vital for both security and performance;
  • a local network vulnerability issue with the EE Brightbox 2. This could give a hacker full control of the device, and for example allow them to add malware or spyware, although they would have to be on the network already to attack.

The survey also suggested that 2.4 million users haven’t had a router upgrade in the last five years.

Which? is concerned that many customers are being left using old kit, often with no guarantee of an upgrade, and is encouraging consumers in this position to talk to their broadband provider about getting an upgrade.


In contrast to the other ISPs, the old BT and Plusnet routers that Which? tested all passed the security tests – researchers didn’t find password issues, a lack of firmware updates or a local network vulnerability with these devices.


When Which? contacted the ISPs with its findings, most of them said that they monitor for security threats and provide updates if needed. BT Group told Which? that older routers still receive security patches if problems are found – although Which? did find an unfixed vulnerability on the EE (part of the BT Group) Brightbox 2 router.

Aside from Virgin Media, none of the ISPs Which? contacted gave a clear indication of the number of customers using their old routers. Virgin said that it did not recognise or accept the findings of the Which? research and that nine in 10 of its customers are using the latest Hub 3 or Hub 4 routers. However Which? notes that Virgin was counting just paying account holders, whereas Which?’s survey was of anyone using routers within a household.

Which? believes that ISPs should be more upfront about how long routers will receive firmware and security updates – one of the requirements of proposed government laws to tackle unsecure devices – and encourage people to upgrade devices that are at risk.


As part of its proposed legislation to tackle unsecure devices, Which? is also calling for the government to ban default passwords and also prevent manufacturers from allowing consumers to set weak passwords that may be easily guessable and hackable.

The consumer champion also believes broadband providers should be ready to respond when security researchers warn them about possible issues – and should make it easy for researchers to contact them. Only Sky, Virgin Media and Vodafone appeared to have dedicated web pages for this.

Consumers with routers that are five years old or more should ask their provider if the device is still supported with security updates and if it is not they should ask for an upgrade.


Kate Bevan, Which? Computing editor, said: “Given our increased reliance on our internet connections during the pandemic, it is worrying that so many people are still using out-of-date routers that could be exploited by criminals.


“Internet service providers should be much clearer about how many customers are using outdated routers and encourage people to upgrade devices that pose security risks.

“Proposed new government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement.”


Weak passwords – devices affected:

  •  TalkTalk HG533
  •  TalkTalk HG523a
  •  TalkTalk HG635
  •  Virgin Media Super Hub 2
  •  Vodafone HHG2500
  •  Sky SR101
  •  Sky SR102

Lack of updates – devices affected:

  • Sky SR101
  • Sky SR102
  • Virgin Media Super Hub
  • Virgin Media Super Hub 2
  • TalkTalk HG523a
  • TalkTalk HG635
  • TalkTalk HG533

Network vulnerabilities – devices affected:

  • EE Brightbox 2

The three routers that passed the security tests:

  • BT Home Hub 3B
  • BT Home Hub 4A
  • BT Home Hub 5B
  • Plusnet Hub Zero 2704N

A spokesperson for BT Group (BT and EE) said: “The vast majority of our customers are using our award winning BT Smart Hub 2 or EE Smart Hub.


“We want to reassure customers that all our routers are constantly monitored for possible security threats and updated when needed. These updates happen automatically so customers have nothing to worry about. If a customer has any issues, they should contact us directly and we will be happy to help.”

A Virgin Media spokesperson said: “We do not recognise or accept the findings of the Which? research – nine in ten of our customers are using the latest Hub 3 or Hub 4 routers. The safety and security of our customers is always a top priority and we have robust processes in place to protect them by rolling out security patches and firmware updates as well as issuing customer communications where necessary.”

TalkTalk said: “These routers make up a very small proportion of those in use by our customers. Customers using all of these routers can change their passwords easily at any time.”

Plusnet said: “We want to reassure customers that all our routers are constantly monitored for possible security threats and updates with firmware. These updates happen automatically so customers have nothing to worry about. If a customer has any issues, they should contact us directly and we will be happy to help.”

Sky did engage with Which? on its findings but did not provide a comment.


A Vodafone spokesperson said: “All new Vodafone routers have device specific passwords. Vodafone stopped supplying the HHG2500 router to customers in August 2019. Customers who still have the HHG2500 router will continue to receive firmware and security updates as long as the device remains on an active customer subscription. Customers who haven’t already changed their password should do so, following these instructions.”

Click to comment

Leave a Reply


Welsh fibre broadband provider ramps up South Wales roll-out




Homegrown broadband provider, Ogi has ramped up its ultrafast Gigabit-capable broadband rollout to communities across Wales – with 28 additional South Wales towns and villages to be connected to its network.

The expansion brings the total numbers of communities the Welsh broadband provider covers to 38, as the company invests £200m in its network.


Extending its roll out to Bridgend, Caerphilly and Rhondda Cynon Taf – Ogi will begin work in some of these areas immediately.

Today’s announcement brings Ogi’s ultrafast services to a total of seven Local Authority areas, marking a gear-shift in the company’s potential reach.

New towns and villages being added to Ogi’s network

Bridgend: Porthcawl
Caerphilly: Cefn Hengoed, Gelligaer, Hengoed, Ystrad Mynach, Maesycymmer. Monmouthshire: Abergavenny, Caerwent, Caldicot, Chepstow, Crick, Magor, Monmouth, Portskewett, Pwllmeyric, Rogiet, Sudbrook, Undy.
Newport: Llanvaches.
Pembrokeshire: Haverfordwest, Johnston, Milford Haven, Monkton, Neyland, Pembroke, Pembroke Dock
Rhondda Cynon Taf: Cymmer, Dinas, Llwyncelyn, Mount Pleasant, Porth, Trebanog, Trehafod, Ynyshir.
Vale of Glamorgan: Dinas Powys, Llantwit Major, Rhoose, St Athan.

Ogi launched onto the scene just over a year ago, kick-starting work on its £200 million plan to bring full fibre connectivity to traditionally underserved communities. This latest milestone in Ogi’s growth sees the company accelerate its ambitious programme – taking coverage to 80,000 premises.

Showing no signs of slowing, staff numbers have gone from 20 to almost 140 in 18 months, with the business opening four new regional offices in Newport, Tongwynlais, Cardiff and St Clears, supporting more staff to live and work locally. 


Ogi’s efforts to improve broadband access come as the Senedd’s Climate Change, Environment, and Infrastructure Committee calls on the Welsh Government to do more to help rural communities access better connectivity. In fact, today’s announcement puts Ogi on course to bring fibre to a third of all premises in Pembrokeshire. 

Beyond rural settings, the latest roll out sees Ogi extend its footprint to bigger, post-industrial urban areas like Bridgend, Caerphilly and Rhondda Cynon Taf. And, with the company’s work injecting around £6m into places like Haverfordwest, plus an estimated economic impact worth up to five times the initial investment, today’s news will bring a welcome boost to local economies across the region. 

Ogi at Porthcawl’s big slide (Image: Ogi / Matthew Horwood)

Just 1 in 3 premises in Wales currently has access to full fibre-optic connectivity, with Britain in general lagging behind many European countries, where coverage can be as high as 90%. Ogi’s latest plan will help to close the UK’s digital divide in areas that are often labelled as ‘left behind’. 

Announcing the ramp up, Ogi’s Chief Executive Officer, Ben Allwright, said: “Ogi is leading Wales’s digital revolution by bringing full fibre infrastructure to areas that really need it. 

“These iconic communities are bursting with innovation and creativity – and they deserve the best connectivity to help them realise their potential. As we’re seeing in places like Pembrokeshire, only Ogi can make that access a reality. Our networks are enabling businesses to thrive, wherever they are based; helping people to work closer to where they live; and families to experience the best possible home entertainment.”

Supporting the latest announcement, Minister for Climate Change, Julie James MS, said: “The impact of fast, affordable broadband for homes and businesses across Wales cannot be underestimated.


“Ogi is helping to deliver that standard across south Wales, supporting Wales in its drive to become a digital nation.” 

Surveying work is already underway in many of these areas with activity due to ramp up at street level over the coming weeks and months. Homes and businesses in many of these communities will be able to access Ogi’s ultrafast service from as early as this September (2022). 

(Lead image: Ogi / Matthew Horwood)

Continue Reading


Flotek acquires longstanding Swansea IT provider




Ambitious IT & Managed Service Provider Flotek has acquired Gower Business Systems, a Swansea-based IT Provider specialising in the legal and professional services sector.

The acquisition comes as part of Flotek’s plan for growth through acquisition, along with a vision of supporting SMEs in South Wales and beyond to be prepared for digital transformation. The acquisition adds £1.2m in revenue to Flotek’s turnover, as the business accelerates toward its ambitious growth target.


Founded by a trio of experienced entrepreneurs, Flotek’s core aim is of helping regional businesses access and embrace new technologies to enhance their operations and service offerings.

Jay Ball, CEO of Flotek, said: “We are delighted that Gower Business Systems is joining Flotek. The team there has developed an incredible reputation over the last 30 years, being a certified Microsoft partner and working proactively to provide tailored IT and tech solutions to clients.

“By integrating with Flotek, this enhances our delivery of dedicated care and support to SMEs,
helping them adopt next generation technologies and delivering cost savings, scalability and

One of Wales’ most established MSPs, Gower Business Systems was founded by Mark Wyatt, former Wales Rugby Union player, and Mark Bowling and specialises in trusted service for the legal and professional services sector.

The pair and their team will continue on with roles at Flotek, adding 10 more members of staff to the Flotek team as the MSP embarks on its impressive growth plan centred around a buy and build acquisition strategy.


Mark Wyatt, Director of Gower Business Systems, said: “Having developed the business’ success during the past three decades, joining with Flotek is an exciting next step for the Gower Business team.

“We very much share Flotek’s ethos of helping regional SMEs utilise complete IT support and
technologies to reach their full potential and are excited to be a part of the business’ growth.”

With a base at The Maltings, in Cardiff and now a second based in Swansea to extend coverage
further with engineers closer to customers, Flotek is helping clients across South Wales to embrace cloud technology, with a well-structured management team and robust strategy for organic and acquisition growth.

Jay continued: “Our ambitious growth is centred around our fundamental values, to make sure we deliver services with expertise and passion. With people at our core, we have a clear vision of an employee-led, customer-focused business with a trusted name in the sector.”

The deal was advised on by deal-making group GS Verde, who are actively working on acquisition opportunities for Flotek to support the ambitious growth plans set out by the founders.

Continue Reading


It’s in the game: First ever Welsh Esports team head to Commonwealth Esports Championships




The first ever Welsh e-sports team are heading to the 2022 Commonwealth Games’ Esports Championships in Birmingham to compete in the prestigious inaugural main event, thanks to support from the Welsh Government’s Creative Wales agency.

Esports is a form of competition using video games played competitively for spectators, typically by professionals.


Esports Wales Team (Image: Esports Wales)

Esports is a growing industry. It provides people of all-abilities the opportunity to participate a wide range of competitions, providing them with the opportunity to develop new and existing skills.

Esports Wales, the not-for-profit Welsh body for competitive and grassroots gaming, is heading towards an action-packed summer at the Commonwealth Esports Championships, amidst a growing awareness of the scale and potential of this new industry.

The contest at the Commonwealth Games, being held from the 6th-7th August, will feature topflight esports athletes from across the nations of the Commonwealth, with Esports Wales fielding teams in six categories:

  • Rocket League Open
  • Rocket League Womens
  • Dota 2 Open
  • Dota 2 Womens
  • Efootball
  • Efootball Womens.
Esports is a growing industry attracting huge crowds at tournaments worldwide

Creative Wales recently confirmed £25,000 in funding to Esports Wales to help with their next stage of growth. The funding will support the establishment of a Welsh league, which will then lead to representation at tournaments in the UK and beyond.

The funding will help secure coaching and training for staff and teams, enable the hosting of new in-person and awareness-raising events, and support membership growth and marketing.

Deputy Minister for Arts and Sport, Dawn Bowden said: “Esports is an exciting and inclusive new development for sport and for Wales. I’m delighted we have been able to support the establishment of Wales’ first ever Esports team, which will further support the growth of the games industry in Wales.


“I very much look forward to cheering on the Welsh team in Birmingham. Pob lwc i chi gyd!”

Chief Operating Officer of Esports Wales Jack “Anders” Lawrence said: “The practice the teams put in showed through the qualification process with the mixed Rocket League and mixed Dota 2 teams advancing through the qualifiers without dropping a series.

“I’m thoroughly looking forward to watching all of our six brilliant teams compete at the Commonwealth Esports Championships. It will be a fantastic step for Welsh Esports and its community to be part of an event of this magnitude.”

(Lead image: Esports Wales)

Continue Reading


Copyright © 2021 Swansea Bay News