Home
 » ISP News » 
Sponsored Links

Survey Claims UK Internet Users Leave Broadband Routers Open to Hackers

Monday, Sep 30th, 2024 (12:02 am) - Score 1,480
security of broadband isp routers

A new survey of 3,045 UK internet users, which was conducted by Broadband Genie between 1st January and 26th April 2024, has revealed that 89% of respondents have never updated the firmware of their home router and 86% have never changed the device’s administrator password (falling to 72% for those who have never changed their WiFi password).

The survey also found that 75% have never checked to see what or who is linked to their router and 52% have never changed or updated any of their router’s settings (this is up from 48% in 2022). The study goes on to claim that leaving the router set to its default password “allows hackers to easily identify which make and model of router the target is using,” although a lot of ISPs these days supply long randomised passwords that have no specific structure for identification.

In addition, routers that have been supplied (bundled) by your ISP are often setup to auto-update their firmware, which means that the customer doesn’t need to perform any specific actions in order to ensure that their device is kept up-to-date. But it’s still wise to check with your broadband provider and confirm what their policy is.

Advertisement

The main exception tends to be third-party devices, such as those purchased separately, which often do require a manual action to check for recent firmware. But one issue here is that not all device manufacturers make such firmware updates accessible or easy to find, while others may only offer very limited support and could thus risk leaving security vulnerabilities unpatched – sometimes even on relatively modern kit.

As part of this study the comparison site also asked respondents, specifically those who had never changed their router’s factory settings, why they had never done so. The majority (75%) said they didn’t understand why they would need to.

The fact that your router is often the single most important device in your home network for security should be incentive enough to ensure that you’ve set a strong password and not simply used the one supplied by your ISP, which may or may not be effective or properly randomised. The rule is to never assume it’s going to be secure out of the box. Clearly more effort needs to be put into raising awareness about such issues.

At this point it’s worth noting that the Government’s Product Security and Telecommunications Infrastructure Act (PSTI), which came into effect on 29th April 2024 (here), included their new Secure by Design policy. This introduced tougher security standards for device makers and the ability to hit those that fail to comply (both retailers and manufacturers) with financial penalties.

Advertisement

Some examples of the changes include banning easily guessable default passwords (“admin“, “123456” etc.), as well as prompting users to change the default password, not to mention improved support for security issues and a requirement for related network products to state how long they will be supported by vital security patches (firmware updates) etc.

Some of the Improved Security Protections

➤ Common or easily guessable passwords like ‘admin’ or ‘12345’ will be banned to prevent vulnerabilities and hacking.

➤ Manufacturers will have to publish contact details so bugs and issues can be reported and dealt with.

➤ Manufacturers and retailers will have to be open with consumers on the minimum time they can expect to receive important security updates.

The changes touched everything from consumer broadband routers to Smartphones, TVs, game consoles, internet-connected fridges and smart doorbells etc.

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
Mark-Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook and .
Search ISP News
Search ISP Listings
Search ISP Reviews
Comments
10 Responses

Advertisement

  1. Avatar photo Ad47uk says:

    The majority of people would not have a clue how to do those things, trying to talk a person though it a few months ago was like walking thought treacle. A lot of people only just about know how to input their Wifi password into their devices.

    1. Avatar photo Dave says:

      Seems a bit of a non-story, the vast majority of people will be using the ISP supplied router which will generally not need any user intervention to update.

    2. Avatar photo Ad47uk says:

      @Dave, as JimB posted, ISP routers do seem to come with a random password these days, to log in and for Wi-Fi. But there are still some people who buy routers for various reasons and know little about them.

  2. Avatar photo Big Dave says:

    I’ve seem to remember hearing that some ISP supplied routers are now restricting users ability to change settings – does anyone have any info on this or have I got the wrong end of the stick? I always use my own customised setup (SSID, password, IP address and DHCP setup) then if I Change routers or ISP then match the settings to the previous router.

    1. Avatar photo Teddy says:

      Few years ago I’ve heard about BT supplied routers to be very restricted (including separating 2.4GHz and 5GHz), although never confirmed this myself.

    2. Avatar photo Ad47uk says:

      @Teddy, I don;lt know about the latest BT routers, but the one before it was possible to separate the 2.4GHz and 5GHz as I did it for a mate and also disabled the Smart Setup as it caused problems.
      This is the problem with some ISP routers, they are bloated, I liked Plusnet routers, while the hardware was the same as BT routers, the firmware was better, it had no bloat and yet was still customisable.

      I don’t understand the need for all the rubbish that ISPs put into routers. Smart this, smart that.

  3. Avatar photo Alastair Stevens says:

    I don’t think I’ve met a single “normal” person (i.e. non network geek) who even knows that they can change the name of their Wi-Fi, let alone touch any other router settings. As for router updates – what’s firmware?

    So when you visit people’s houses the Wi-Fi is always something like SKY13876438 with a hideous untypeable (but secure!) key. I wonder if there’s even a market for “advanced” home network setups, to take everything to the next level? If so, I could be set for life doing that for people!

  4. Avatar photo JimB says:

    Not too worried about this. Most ISP supplied router now come with a decent random password printed on a label on the underside. Also I read recently that ISPs have been publicizing the fact that customers shouldn’t switch their routers off at night as it stops OTA firmware updates from being supplied.

  5. Avatar photo SicOf says:

    A shame with ‘modern practices’ soft/firmware needs constant updates and is never excellent from the get go, some people used to hate me for insisting testing allways included ‘0’, 1 to infinity , and -ves, for all parameter handling testing binary, hex and ascci/ebdic, to prevent ’embarrasment’ prior to release / implementtion, rather than what now always seems be ‘modern’ (lazy/’quick’/cheap practices of the releas of alpha/beta versions and subsequtn monkey user appraoch to ‘continuous software development’ because we didnt (can’t be aresed to) really get it right first time, any more, let alone scenario/storey board use (and incorect usages) continually adding on ‘features’ rather than just parameterising options, releasing )polluting the internet) with numerous ‘updates’ negligently making previous version usge ‘obsolete’, particulalry ‘App’ releases. And since when hasn’t there been a risk of introducing yet another set of buggs, in ‘new’ versions.. Quick , cheap or quality anyone, never the Quality, fit for use (without patches adnauseum) for the a couple of years? Some brunelian engineering please, Quality not quantity. Ditto of national communications infrastructure with standards and consistency to minimise future fragnets of costly problems, ooer rework / maintenance faux pas?

  6. Avatar photo tonyp says:

    The Internet is a hideously complex entity and, in my opinion, it is no wonder that the man on the Clapham omnibus cannot understand, or wants to know the vulnerabilities in its implementation.I have not had too many changes of router over the 20 or so years (since ISDN days) but I have always had to configure my own. For quite a few years, ISP’s have generally reduced the burden on the end user and ‘net security, I’m sure, has improved – at least as far as the WiFi/RJ45. I have just received a new ISP configured router which would do most of the things I need but it is a ‘black box’ and does impact my (overcomplex) household networks.It ain’t flexible enough.

    Previously, I have made sure I have periodically updated router firmware, especially after a known vulnerability is found. But I’m always worried that the updated firmware has bugs – another crowdstrike perhaps – are the ISP supplied routers a problem in this manner? I don’t like remote administration either as who knows what is planted, officially or otherwise. At least with an ONT to WAN connection, it should be possible to monitor traffic – or become ‘man in the middle’!

    Passwords, ISP configured or administrator ‘owned’ are another weakish point which can never be fully overcome though two stage authorisation should drastically reduce cracking.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

NOTE: Your comment may not appear instantly (it may take several hours) due to static caching or random moderation checks by the anti-spam system.
Javascript must be enabled to post (most browsers do this automatically)

Privacy Notice: Please note that news comments are anonymous, which means that we do NOT require you to enter any real personal details to post a message. By clicking to submit a post you agree to storing your comment content, display name, IP, email and / or website details in our database, for as long as the post remains live.

Only the submitted name and comment will be displayed in public, while the rest will be kept private (we will never share this outside of ISPreview, regardless of whether the data is real or fake). This comment system uses submitted IP, email and website address data to spot abuse and spammers. All data is transferred via an encrypted (https secure) session.

NOTE 1: Sometimes your comment might not appear immediately due to site cache (this is cleared every few hours) or it may be caught by automated moderation / anti-spam.

NOTE 2: Comments that break our rules, spam, troll or post via known fake IP/proxy servers may be blocked or removed.
Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
NOW UK ISP Logo
NOW £25.00
100Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £25.00
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £26.50 - 27.00
150Mbps
Gift: None
Zen Internet UK ISP Logo
Zen Internet £28.00 - 35.00
100Mbps
Gift: None
Large Availability | View All
New Forum Topics
Cheapest ISPs for 100Mbps+
Brsk UK ISP Logo
Brsk £19.00
150Mbps
Gift: None
Gigaclear UK ISP Logo
Gigaclear £19.00
300Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
YouFibre UK ISP Logo
YouFibre £22.99
150Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Large Availability | View All
The Top 15 Category Tags
  1. FTTP (5904)
  2. BT (3616)
  3. Politics (2677)
  4. Business (2392)
  5. Openreach (2382)
  6. Building Digital UK (2311)
  7. Mobile Broadband (2099)
  8. FTTC (2073)
  9. Statistics (1870)
  10. 4G (1771)
  11. Virgin Media (1721)
  12. Ofcom Regulation (1552)
  13. Fibre Optic (1452)
  14. Wireless Internet (1444)
  15. FTTH (1384)
Promotion
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact
Mastodon