According to the organization, about two-thirds of older models of routers used by Internet service providers contain security vulnerabilities that could allow hackers to gain access to the network.
Hacking a router can give attackers the ability to spy on people while they are browsing online and even direct them to malicious websites.
Which? research suggested that a number of devices had weak default passwords that were easily guessed, while others did not receive regular security updates designed to protect them from new viruses or had poor passwords. ‘other vulnerabilities of the local network.
The organization said routers from EE, Sky, TalkTalk, Virgin Media and Vodafone were among those affected.
Kate Bevan, which one? IT publisher said: “Given our increased dependence on our Internet connections during the pandemic, it is worrying that so many people are still using outdated routers that could be exploited by criminals.
“Internet service providers should be much clearer about the number of customers using outdated routers and encourage people to upgrade devices that pose security risks.
“The proposed new government laws to tackle poorly-security devices cannot come soon enough – and must be backed by strict enforcement.”
As part of its investigation, Which? said it tested 13 models of older routers for flaws and found that nine of them would not meet the requirements proposed as part of the government’s plans to improve legislation on connected devices.
The consumer group said 7.5 million people could potentially be affected by the apparent defects.
In response to the research, Virgin Media said it does not “recognize or accept the results” of Which? research and that 90% of its customers were using its latest router models.
“The safety and security of our customers is always a top priority and we have robust processes in place to protect them by deploying security patches and firmware updates, as well as initiating communications with customers. if necessary, ”said a spokesperson for Virgin Media.
The BT group, which also owns EE, said it wanted to “reassure its customers that all our routers are constantly monitored for possible security threats and updated when necessary”.
“These updates happen automatically so customers don’t have to worry. If a customer has any issues, they should contact us directly and we’ll be happy to help, ”the company said.
In response to Which? According to which older routers had weak default passwords, TalkTalk said that a “very small proportion” of affected devices is used by customers and that users can “easily change their passwords at any time.”
Vodafone said it stopped supplying one of the devices named in the research in August 2019 and that the other “will continue to receive firmware and security updates as long as the device remains on a customer subscription. active”.