For up-to-date information and comments, search the EE Community or start a new topic. |
08-05-2021 10:12 AM - edited 08-05-2021 10:14 AM
From a recent Which report on old ISP routers.
https://www.bbc.co.uk/news/technology-56996717
This continues to be highlighted in the national media, EE continues the old line "These updates happen automatically so customers have nothing to worry about."
Why can't BT/ EE recall all there old dodgy kit and ensure that all of their customers have up to date secure equipment rather than "the vast majority" as in their response below.
BT, which owns EE, also said "the vast majority of its customers" used its latest modem.
As a BT shareholder what I see is a management failure to act, there are plenty of examples on this forum of customers feedback with respect to vulnerabilities in Bright Box 2.
Here is one from 2018
08-05-2021 08:54 AM - edited 08-05-2021 08:55 AM
On multiple threads you reply to the question about firmware updates "There is no repository for firmware updates, EE will fire them to your router when necessary" there has been over the years a few stories about vulnerabilities of EE's Brightbox 2 router.
The most recent of these has been discussed in a Which report and then re-reported in the media by various technology websites but also the BBC.
Tech Radar report...
"The watchdog investigated 13 old router devices sent out by most of the UK's most popular ISPs, including EE, Sky, TalkTalk, Virgin Media and Vodafone. Nine of the routers were found to have significant security flaws, including using weak of default passwords, a lack of firmware updates, and in one case (the EE Brightbox 2), a local network vulnerability that could give a hacker full control of the device.E
One question I have is, In the light of the Which report, should EE be recalling all Brightbox 2 routers and sending out replacement secure routers.
At the very least they should be writing to all of there customers and explaining the situation with respect to the network vulnerabilities reported in the national media.
08-05-2021 10:28 AM
Hi @pi-hole,
We take the security of our products and services very seriously. As detailed in the report, this is very low risk vulnerability for the small number of our customers who still use the EE Brightbox 2. As is the case for all home broadband customers, regardless of their provider, it is recommend they only give network access to people they trust, and they should be suspicious of any unsolicited emails and web pages. We would like to reassure EE Brightbox 2 customers that we are working on a service patch which we will be pushing out to affected devices in an upcoming background update.
James
08-05-2021 12:33 PM
James,
Thank you for your speedy reply and the update that BT/ EE propose a security service patch. What the customer needs next is an further update to it's customers after the patch has been released and the issue resolved as way of keeping them informed of the situation.
The broadband customers of EE should not have to rely on stumbling upon media stories or the services of 'Which' to ensure the security of the services they are paying for.
At what point does the internet service provider take responsibility for making 'old equipment' redundant and initiate an equipment renewal cycle on security grounds, should this be at the point of contract renewal ?