"Millions of people could be using outdated routers that put them at risk of being hacked, [consumer group/magazine] Which? has warned. The consumer watchdog examined 13 models provided to customers by internet-service companies such as EE, Sky and Virgin Media and found more than two-thirds had flaws. It estimated about six million people could have a device not updated since 2018 or earlier. So, in some cases, they would not have received crucial security updates. Problems found by its lab tests included: weak default passwords cyber-criminals could hack were found on most of the routers a lack of firmware updates, important for security and performance a network vulnerability with EE's Brightbox 2, which could give a hacker full control of the device..." https://www.bbc.com/news/technology-56996717
Yeah the problem is, vendor releases router, keeps updates and then after like 2 or 3 years stops supporting em. So naturally people don't buy a router every 2 years. My mum is still using some old linksys router from 10-15 years. I remember we used it when I was like 9 or smth. But ISPs not updating their routers that they provide to clients? That should be punishable by law. But since this is a USA article, we all know nothing's gonna happen. Vendors should be required by law to provide updates for products released for at least the next 5 years. And I mean about all hardware products. Motherboards, cpus, integrated gpus etc. Really disappointing how little updates you get nowadays. Manufacturers have no incentive to update something past the 1st or 2nd year, so most don't. So we need the law to force em. When it comes to routers specifically, non-tech people think they are like fridges and washing machines, that you can reuse em. But you can't, not if you want to be secure. But it would help if they made routers cheap so you could replace em easily every few years. Not that we ever got hacked or anything. Like what are the chances you happen to live next to some hacker kiddie who will use vulnerabilities to hack into your router, right? Chances are, he has his own internet. Actually, my mum is still using that router, and it doesn't really matter since the maximum supported speed by the router is more than our ISP provides... They should make it so that the default password of a router given to a client by an ISP is their client ID or something like that. Because most people won't access the admin menu anyway, the technicians set up the internet and all is good. And those that do access the admin menu, will call the ISP, the ISP will tell em their password and all is good. Still wouldn't help with This would require ISPs and vendors to actively update their routers and provide long-time support, and for people to be informed if their router is too old and needs changing. But alas. And i'm not that well-versed with network stuff, but as far as I read, even the protocol itself WPA2 has security issues. So how can you really patch this...
