/ Technology

Are you aware of the hazards of older routers?

Given how much personal information passes through them each day, it’s always important to ask: just how secure is your home broadband router?

Your router is the gateway to your home network – supplying your smartphone, laptop and other gadgets with a secure internet connection.

But along with your router perhaps not performing as well as you’d like, there’s always a chance that someone unwanted might try to gain access to it and all that personal information that flows through it.

Generally speaking, they’d need to be in close proximity and have serious technical knowledge to hack your router – but the risks still exist, especially with older routers that may no longer be receiving software and security updates.

Age concern

To work out exactly what the situation with old routers is, we enlisted the help of information security firm Context IS.

We looked at two routers that were seven and five years old from two major ISPs – and based on our survey, it’s highly likely both are still being used in thousands of homes.

On both, the analysts found long-established security holes in small pieces of software that allow routers to talk to devices the devices connected to it, including USB drives and printers.

Flawedband

These flaws could allow an attacker to upload and run malicious code, but only if they had physical access to the router.

It’s worth reiterating that the risk is low, but we’d still always recommend you make an effort to have the most up-to-date router possible to minimise as yet undiscovered vulnerabilities.

Do you even know how old your broadband router is? Do you make an effort to upgrade it regularly? Should broadband companies do more to protect their customers?

How old is your internet router?

Getting on a bit – 2 to 5 years old (34%, 931 Votes)

Newish – 1 or 2 years old (22%, 604 Votes)

Old – Over 5 years old (19%, 519 Votes)

Brand new – less than 6 months old (12%, 335 Votes)

Fairly new – 6 months to a year (11%, 294 Votes)

I have no idea how old it is (3%, 90 Votes)

Total Voters: 2,773

Loading ... Loading ...
Comments
Member

For those wondering how criminals obtain their banking details have a read of the new malware -Ghost DNS attacks your router https://www.hackread.com/ghostdns-iot-malware-botnet-hits-banks/ quite comprehensively put without being massively technical.

Member

This topic really should be pointing people to visit and read Thinkbroadband.com
Especially their webpage on router security and the discussion forum about it

Member
DerekP says:
4 October 2018

Thanks wev – I found some interesting stuff there, e.g.

forums.thinkbroadband.com/security/4592333-bot-net-affecting-routers.html

Member

If the regulars here can answer the questions put by posters then I don’t why they have to, Which ? isn’t confined to dishwashers and dryers Wev. You do notice the heading –Technology – at the Topics scroll down ? the more posters here the more popularity and I am sure Which ? is not adverse to that.

Member

Pointing towards specialist forums (fora?) is very useful for those who want more detailed information.

Member

It’s ‘forums’, Malcolm; the original word has become Anglicised.

Member
DerekP says:
4 October 2018

I agree with Ian: forums and stadiums are correct modern English plurals, but then so also are criteria and bacteria.

Member

forum (Latin forum “public place outdoors”, plural fora; English plural either fora or forums)”

“Stadia is indeed the correct Latin plural of stadium. It is, however, far more common for English speakers to use stadiums. Latin plurals such as appendices, crises and fungi are still widely used in science and academia.

Somehow, stadia sounds nicer than stadiums. Haven’t come across “academium”.

Member

Could that be because academia is a state of mind rather than a real place?

Pedants call it academe.

Member

From the OED:

forum /ˈfɔ:rəm/ ♫
▶ noun (plural forums)

Member
DerekP says:
4 October 2018

And the plural of mum is mums not ma 😉

Member

Oh bums (sorry, ba!).

Member
marius says:
15 November 2018

I don’t know why but for me this article sounds more like an advert !!! ok guys it’s time to increase our sales for new fu*%*$ expensive routers ! any idea ? – o yea we can order an article on Which about *old VERY BAD ROUTERS*!!!!!!

Member

You might think so Marius but Michael has a good reason for posting this convo .
Its well known in security circles about the lack of security updates in old routers.
But in case you are still dubious -US Consumer Reports well respected website in the USA – has this-

https://www.consumerreports.org/wireless-routers/outdated-router-firmware-poses-security-risk/

Member
DerekP says:
15 November 2018

Which?, our consumers’ champion, does sometimes seem to celebrate consumption a bit too much. But there is a serious point here, so some may choose to improve their security by buying new routers.

Member

When my ISP provided router packed up I acquired another independently. As the router was the property of the ISP I wrote and asked if they wanted it back and they sent me another router which I never bothered to install.

Some months later I received a communication from the ISP asking why I wasn’t using their supplied router and suggesting I dust it off and install it.

Obviously I didn’t but it suggests ISP supplied routers are sending information about our browsing habits or whatever to the ISP and they were aggrieved they weren’t getting anything from me.

Something Which? could perhaps look into?

Member

Hello Phil -you found out did you ?

Yes of course your ISP knows every move you make on the web just as MS Win 10 users every move is “phoned home ” to Redmond.
They also know when you are using a VPN/Tor .
While this is an American info website exactly the same rules apply in this country ,even more so as the UK,s “Snoopers Charter ” is now known worldwide in security circles as the most intensive gatherer of information in the world and the CIA/NSA actually get info from GCHQ on US citizens that they are not allowed to gather because of US privacy online protection laws. -read-
https://privacypolicies.com/blog/isp-tracking-you/

Why do you think I have apps that block many websites that use tracking servers to gather your data ?
Even Yandex Russian browser (closed source browser ) has handed it to me on a plate when it”targets me ”
thats why I use Waterfox a fork of FF which doesn’t “phone home ” and I have removed all the tracking by Google etc in about:config that WF left in.

Now I know many here might not accept the low tech of that URL so exclusively for them – Warning -this is “Technical “- beware ! -achtung ! -an American computer software engineers website I inhabit gives a more deeper aspect of it
and guess what even the Americans mention BT,s “control ” over its own routers ,
But realise BT has protection on them including server level so using another non BT router you lose that online protection.-read-
https://superuser.com/questions/840412/what-information-can-my-isp-see-from-my-router
if even this is not enough I have IBM level data but its all highly technical using university grade algebra/maths.

Member

Phil, the role of your ISP is to provide your internet IP address and your gateway to the web.

So they’ll need to process all of your requests to browse the internet.

That makes it easy for them to monitor your activity and, if appropriate, warn you about, or block you from getting to, undesirable destinations.

Many corporate networks will also monitor and filter outgoing traffic in similar ways. As a defence industry consultant, I used to find it both amusing and annoying when my employer’s net nanny blocked me from getting to “weapons related” websites.

Member

This all happened some years ago, I’ve managed OK without their care and guidance since then and I don’t ever recall ever being blocked from a site by the ISP because they considered it undesirable.

Are you sure it’s not to do with them collecting information about me they can sell on to advertisers?

Member

Of course they collect information and use it Phil , you probably have never been blocked because you don’t inhabit political websites the government/USA don’t like .
Funnily enough its okay to visit porn websites but not political as I have been “asked ” to visit by email and webpages but haven’t as it would mean my morals would be compromised and leave myself open to blackmail in the future.

ISP,s are not allowed to sell your data directly BUT they have a way of doing it indirectly so as not to break the law – read this-

Every ISP has a set of its own privacy rules that seek to protect your sensitive data. For example, there is a good chance a marketing company could not walk into the head office of your ISP and ask for a spreadsheet with your information on it in exchange for money. But there are still some things they do that could be considered a breach of trust and confidentiality.

The most common way this happens is through marketing.

A particular company approaches an established company like Facebook, for example, and asks them to market their product towards a certain demographic. Once the deal is struck, Facebook uses the data they already have on their users to send the adverts to the specified demographic.

Therefore, this is typically how your browsing history data is sold – indirectly.

Doing so wouldn’t be possible if your ISP didn’t know which pages you visit or what you like watching on YouTube. Even though you can place firewall-like protection against cookies and other forms of tracking, your ISP still knows what you are doing when you log in.
So what can your ISP really see?

Well, this depends on a couple of factors – the IP address that is automatically assigned to you by the ISP when you take up the service and the kind of information you readily share online.

Let’s say, for example, you are one of those extremely careful people who does not put any of their confidential information online (granted, this is very difficult to do nowadays). In this case, the most common data that your ISP will gather, based solely on your active IP address, includes:
The URLs you visit online
The pages you visit most frequently
Your online/offline habits (when you typically log in and off)
How much time you spend on certain web pages

Nevertheless, the situation gets worse when you willingly share your information online. If you are guilty of this (sadly, most of us are thanks to social media), then your ISP and even the websites you visit can have a lot more on you, including:

Your specific current location (if location services are turned on)
Your personal relationships
Your phone numbers
Your email
Your social media data

Rather, the kind of tracking an ISP does occurs when you make an online request over their network. Every time you enter a query into the search box of your favorite search engine and click on a given URL, your computer needs to find the right IP address so that it can send you to that website.

Your browser will then send a domain name system (DNS) query to get that IP address to connect you to the website.
The DNS is a public directory and your ISP sees every single request made to it. Because these DNS queries are almost never encrypted and are public anyway, your ISP will see every query sent from your computer, even if you are using an encrypted connection.

If you are using your ISP’s service to read your emails, do online research, watch videos, make purchases, use apps, and almost anything else online, then your ISP has a record of where you go and what you do.
It is this information they can use to make a profit.