EE rushes to fix broadband box security risk

EE brightbox router The flaw affects the Brightbox broadband router, as well as the newer Brightbox 2 model

Related Stories

Network provider EE will push out an emergency upgrade to its broadband customers after a security flaw was discovered by a UK researcher.

Scott Helme said the vulnerability made "remote access" to EE's routers possible.

The problem affects customers who have either the Brightbox 1 or 2 router in their homes.

EE described the threat as "moderate", but plans to send out an automatic upgrade before the end of this month.

Any broadband customer who has signed up to EE since early 2012 is affected, as are earlier customers who upgraded their routers, the company told the BBC.

It has not specified how many of its customers will need the upgrade, but the BBC understands it to be in the region of 350,000.

In a statement, EE said: "We treat all security matters seriously, and while no personal data will be compromised by the device itself, we would like to reassure customers that we are working on a service update which we plan to issue shortly, and which will remotely and automatically update customers' Brightboxes with enhanced security protection."

Phishing risk

In his blog post, Mr Helme detailed how gaining the wi-fi password would provide sufficient access for a hacker to gain administrator-level control - potentially exposing personal details about the customer.

He wrote that the vulnerability exposed enough personal data to enable a hacker "to go as far as cancelling someone else's broadband package altogether".

EE told the BBC that on Friday it changed its measures so that such actions were no longer possible, and it had briefed its call centre staff on the change of procedure.

The network said it had not received any complaints about the flaw.

It stressed that customers were protected as long as they did not disclose their wi-fi passwords - although security professionals pointed out that such details could be gleaned through phishing attacks designed to trick a user into handing over details.

"We are aware of Mr Helme's article," an EE spokesman said.

"As is the case for all home broadband customers, regardless of their provider, it is recommended they only give network access to people they trust.

"Customers should also be suspicious of any unsolicited emails and web pages, and keep their security software up to date."

More on This Story

Related Stories

More Technology stories

RSS

Features & Analysis

BBC Future

(Thinkstock)

Five craziest space missions?

Landing on a comet is easy by comparison Read more...

Programmes

  • HoverboardClick Watch

    Testing the hoverboard that uses magnetic levitation - but will it ever replace the bicycle?

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.