EE promises to plug security hole found in Brightbox routers

EE logo
Brightbox found not so bright

EE needs to save its bacon, and we're not talking about a certain Footloose star.

The telco has embarked on a damage limitation exercise after a security researcher uncovered a vulnerability in its Brightbox home broadband routers that could let hackers make off with your private data.

Detailed in a blogpost by Scott Helme the flaw, which affects version 1 and 2 of the Brightbox, apparently makes it "incredibly easy" for hackers to gain administrator-level control using a Wi-Fi password.

Once inside, the attacker can easily access other personal information, such as account names and passwords.

EE, which has been shipping the routers since the beginning of 2012, has around 714,000 fixed line customers. Of those, it's been suggested that around 300,000 could be compromised.

Hook, line and sinker

Helme suggests that a hacker could even gather together enough information to cancel the victim's broadband subscription in order to run up hefty fees.

EE has come back at him to dispute this claim, however, telling the BBC that it would be impossible and that it has briefed its call centre workers to be extra vigilant to combat potential imposters.

The operator is working on a security fix for the flaw and promises that it will be delivered as soon as possible.