Outdated routers putting internet users at risk, claims Which?

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


Millions of internet users could be at risk of hacking attacks because they are using outdated routers from their broadband providers that have security flaws, a Which? investigation has found. 

Households across the country are using their home broadband more than ever, to work, educate their children or keep in touch with loved ones.

But many are unaware that old equipment provided by internet service providers (ISPs), including EE, Sky, TalkTalk, Virgin Media and Vodafone, could be putting them at risk of hackers spying on what they are browsing online or even directing them to malicious websites used by scammers.

Which? investigated 13 old router models and found more than two-thirds, nine of them, had flaws that would likely see them fail to meet requirements proposed in upcoming government laws to tackle the security of connected devices. The legislation is not yet in force and so the ISPs aren’t currently breaking any laws or regulations.

The consumer watchdog’s lab testing identified a range of issues with the routers. These security risks could potentially affect around 7.5 million people, based on the number of respondents who said they were using these router models in Which?’s nationally representative survey.

Around six million people within this group of users could be using a router that has not been updated since 2018 or earlier. This means the devices have not been receiving security updates which are crucial for defending them against cyber criminals.

The problems uncovered by Which?’s lab tests on the old router models that failed were:

  • Weak default passwords, which in certain circumstances could allow a cybercriminal to hack the router and access it from anywhere;
  • a lack of firmware updates, which are vital for both security and performance;
  • a local network vulnerability issue with the EE Brightbox 2. This could give a hacker full control of the device, and for example allow them to add malware or spyware, although they would have to be on the network already to attack.

The survey also suggested that 2.4 million users haven’t had a router upgrade in the last five years.

Which? is concerned that many customers are being left using old kit,…