Beware - your old router could be putting you at risk of cyberattack

Switch broadband providers
(Image credit: Kittichai Boonpong / EyeEm)

Millions of homes across the UK could be at risk of being attacked due to the security flaws in old internet routers, new research has warned.

Consumer watchodg Which? has warned that around 7.5 million people are thought to be using devices that are falling short of upcoming government regulation on the security of connected devices.

Around six million of these could be using a router that has not been updated since 2018 or earlier, meaning they lack proper security updates and protection against the latest threats.

Router security risk

Which?'s report found that consumers will often use the router sent to them by their internet service provider (ISP) but not change any of the default security settings, including passwords. The report adds that around 2.4 million users are not thought to have had a router upgrade in the last five years. 

The watchdog investigated 13 old router devices sent out by most of the UK's most popular ISPs, including EE, Sky, TalkTalk, Virgin Media and Vodafone. Nine of the routers were found to have significant security flaws, including using weak of default passwords, a lack of firmware updates, and in one case (the EE Brightbox 2), a local network vulnerability that could give a hacker full control of the device.

The UK government is set to bring in new rules governing the security protection of connected devices such as routers, but as the legislation is not yet in force, none of the ISPs investigated by Which? are breaking the law.

Which? is now calling on ISPs to make it easier for customers to get a router upgrade, and be clearer about how long routers will receive firmware and security updates. This is a key part of the proposed new government rules, but Which? is also asking for the government to ban default passwords as well as demanding that manufacturers stop consumers from setting weak passwords.

“Given our increased reliance on our internet connections during the pandemic, it is worrying that so many people are still using out-of-date routers that could be exploited by criminals," said Kate Bevan, Which? Computing editor.

“Internet service providers should be much clearer about how many customers are using outdated routers and encourage people to upgrade devices that pose security risks. Proposed new government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement.”

Mike Moore
Deputy Editor, TechRadar Pro

Mike Moore is Deputy Editor at TechRadar Pro. He has worked as a B2B and B2C tech journalist for nearly a decade, including at one of the UK's leading national newspapers and fellow Future title ITProPortal, and when he's not keeping track of all the latest enterprise and workplace trends, can most likely be found watching, following or taking part in some kind of sport.