•   
  •   
  •   

Technology Millions of older broadband routers have these security flaws, warn researchers

18:25  06 may  2021
18:25  06 may  2021 Source:   zdnet.com

One year in, broadband access and telehealth are two big winners under COVID-19

  One year in, broadband access and telehealth are two big winners under COVID-19 Of all the everyday priorities that changed as a result of the COVID-19 pandemic, few became more crucial than the need to stay connected — to the internet, to teachers and to doctors. Efforts to expand broadband internet access, and especially systems that could connect individuals to their health care providers, have long benefited from bipartisan […] The post One year in, broadband access and telehealth are two big winners under COVID-19 appeared first on Roll Call.

Millions of households in the UK are using old broadband routers that could fall prey to hackers, according to a new investigation carried out by consumer watchdog Which? in collaboration with security researchers.

a person sitting on a table: Million of users in the UK could potentially be affected, estimated Which?, as vulnerable routers present an opportunity for hackers. Kittichai Boonpong / EyeEm / Getty Images © ZDNet Million of users in the UK could potentially be affected, estimated Which?, as vulnerable routers present an opportunity for hackers. Kittichai Boonpong / EyeEm / Getty Images

After surveying more than 6,000 adults, Which? identified 13 older routers that are still commonly used by consumers across the country, and sent them to security specialists from technology consultancy Red Maple Technologies. Nine of the devices, it was found, did not meet modern security standards.

Biden's $100 billion broadband plan is already getting pushback

  Biden's $100 billion broadband plan is already getting pushback The broadband industry, including the big cable and telecom companies, do not like what they see.Key aspects of the broadband plan that were announced last week as part of Biden's $2.3 trillion infrastructure package include prioritizing spending for government-run or nonprofit networks. Such providers have "less pressure to turn profits" and "a commitment to serving entire communities," according to a White House fact sheet.

Up to 7.5 million users in the UK could potentially be affected, estimated Which?, as vulnerable routers present an opportunity for malicious actors to spy on people as they browse, or to direct them to spam websites.

Security

  • Ransomware is now a national security risk. This group thinks it knows how to defeat it
  • Cyber security 101: Protect your privacy from hackers, spies, and the government
  • The best antivirus software and apps
  • The best VPNs for business and home use
  • The best security keys for two-factor authentication
  • Why online identity fraud is booming and how to protect yourself from it (ZDNet YouTube)

One major issue concerns the lack of upgrades that older routers receive. Some of the models that respondents reported using haven't been updated since 2018, and even in some cases since 2016.

Wi-Fi 6E routers are here, and we're not ready for them

  Wi-Fi 6E routers are here, and we're not ready for them Commentary: A new generation of routers boasts access to the ultrawide 6GHz band -- but right now, that band means very little for the average home network.Just when you think you've got your head wrapped around all that, something called Wi-Fi 6E comes along. It's not a new version of the Wi-Fi protocol like Wi-Fi 6, but rather, a special designation for Wi-Fi 6 devices that are equipped to broadcast in the newly opened 6GHz band, which is something routers couldn't do before.

The devices highlighted for their lack of updates included Sky's SR101 and SR102, the Virgin Media Super Hub and Super Hub 2, and TalkTalk's HG523a, HG635, and HG533.

Most of the providers, when they were contacted by Which?, said that they regularly monitor the devices for threats and update them if needed.

Virgin dismissed the research, saying that 90% of its customers are using later-generation routers. TalkTalk told ZDNet that it had nothing to add to the release.

The researchers also found a local network vulnerability with EE's Brightbox 2, which could let a hacker take full control of the device.

An EE spokesperson told ZDNet: "We take the security of our products and services very seriously. As detailed in the report, this is very low risk vulnerability for the small number of our customers who still use the EE Brightbox 2. (…) We would like to reassure EE Brightbox 2 customers that we are working on a service patch which we will be pushing out to affected devices in an upcoming background update."

President Biden taps Kamala Harris to lead effort to close digital divide

  President Biden taps Kamala Harris to lead effort to close digital divide The Vice President will lead Biden's effort to connect every American to broadband, signaling the issue as a major priority for the White House.President Biden made the announcement Wednesday evening during his first address to a joint session of Congress that the Vice President would lead his effort to expand the availability of broadband throughout the country. Biden's plan includes making broadband more affordable to millions of low-income Americans.

In addition, BT Group – which owns EE – told Which? that older routers still receive security patches if problems are found. Red Maple's researchers found that old devices from BT have been recently updated, and so did routers from Plusnet.

The consumer watchdog advised that consumers who are still using one of the router models that are no longer being updated ask their providers for a new device as soon as possible.

This, however, is by no means a given: while Virgin Media says that it gives free upgrades for customers with older routers, the policy is not always as clear with other providers.

"It doesn't hurt to ask," said Hollie Hennessy, senior researcher at Which?. "While an internet provider is not obliged to provide you with a new router for free, if you call and explain your concerns you might get lucky, especially if your router is quite old."

For consumers whose contracts are expiring soon, Hennessy suggested asking for a new router as a condition to stick with a given provider – and consider switching if the request is not met.

Weak passwords remain a top concern

Here's how you can apply to the FCC for the $50 discount on your broadband bill

  Here's how you can apply to the FCC for the $50 discount on your broadband bill The Federal Communications Commission will begin taking applications for the COVID-19 relief program to help pay for Americans' broadband bills.The Emergency Broadband Benefit Program was included as part of the roughly $900 billion COVID-19 relief package passed by Congress in December 2020 and signed by President Trump. It set aside $3.2 billion for the Federal Communications Commission to cover the program.

On top of being denied regular updates, many older routers were also found to come with weak default passwords, which can be easily guessed by hackers and grant an outsider access.

This was the case of the same TalkTalk and Sky routers, as well as the Virgin Media Super Hub 2 and the Vodafone HHG2500.

The first thing to do, for consumers who own one of these models, is to change the password to a stronger one, as opposed to the default password provided, said Which?.

The organization, in fact, is calling for the government to ban default passwords and prevent manufacturers from allowing consumers to set weak passwords as part of a new legislation that was proposed last month.

As part of an effort to make devices "secure by design", the UK's department for Digital, Culture, Media and Sport has announced a new law that will stop manufacturers from using default passwords such as "password" or "admin", to better protect consumers from cyberattacks.

The future law would also make it mandatory to tell customers how long their new product will receive security updates for. In addition, manufacturers would have to provide a public point of contact to make it easier to report security vulnerabilities in the products.

In a similar vein, Which? called for more transparency from internet service providers. The organization said that providers should be more upfront about how long routers will be receiving firmware and security updates, and should actively upgrade customers who are at risk.

Only Sky, Virgin Media and Vodafone appear to have a web page dedicated to letting researchers submit the vulnerabilities that they found in the companies' products, according to Which?.

Best internet provider in the UK 2021: Top ISP picks .
Picking the right broadband package for your business is a big deal, and it means looking at speed, price, reliability, and service. ZDNet breaks down the best internet service providers you could use for your business needs.With millions of people working from home over the past year, the importance of home broadband services has elevated from 'nice-to-have' for Netflix and Amazon Prime to absolutely essential for small and medium business and SOHO operators.

usr: 1
This is interesting!