According to a recent Which? investigation, millions of people around the UK could be at risk of using routers with security flaws, or that are no longer being supported with firmware updates.

old UK routers heimdal security

Image Source: BBC

After surveying over 6,000 adults in December 2020, Which? identified 13 older routers that are still being used by households across the country, and sent them to Red Maple Technologies security specialists. It was found that nine of the devices did not meet modern security standards.

Some of these models haven’t seen an update since 2018 at the latest, and some haven’t been updated since as far back as 2016, which could affect six million of these users. Without firmware and security updates, there’s no guarantee that security issues will be fixed.


The main issues that were discovered during the investigation include:

Weak default passwords

These passwords can be easily guessed by hackers and could easily grant them access. This can be done from outside of the home network, so a hacker could access a router from anywhere in the world. Devices affected by this issue include Sky SR101, Sky SR102, TalkTalk HG523a, TalkTalk HG533, TalkTalk HG635, Virgin Media Super Hub 2, Vodafone HHG2500.

Local network vulnerabilities

This could allow a cybercriminal to completely control your device, see what you’re browsing or direct you to malicious websites. Devices affected by this issue include Sky SR101, Sky SR102, TalkTalk HG523a, TalkTalk HG635, TalkTalk HG533, Virgin Media Super Hub, Virgin Media Super Hub 2.

Lack of updates

Besides performance, firmware updates are needed to fix security issues when they arise. Most of the analyzed routers hadn’t had a security update since 2018. Devices affected by this issue include EE Brightbox 2.

If you’re using a device that’s no longer being updated, or if you’ve had your router for five years or more and know there are newer models available, you could try to arrange an upgrade.


As part of an effort to make devices “secure by design”, the UK Government has announced a new law that will stop manufacturers from using default passwords such as “password” or “admin”, which are often preset in a device’s factory settings and are easily guessable, to better protect consumers from cyberattacks. You can check out our password security guide here. In addition, “manufacturers will be required to provide a public point of contact to make it simpler for anyone to report a vulnerability”.

Which? requested more transparency from Internet service providers, saying that they should be more straightforward about the amount of time routers will be receiving firmware and security updates and that ISPs should actively upgrade customers who are at risk.

UK Ministry of Defence Academy Hit by Major Cyberattack

UK Government Releases an Integrated Review, Setting Its Strategic Goals for 2025

Leave a Reply

Your email address will not be published. Required fields are marked *