EE is to push out a security update to its home broadband users after a researcher managed to find a security problem with EE routers that allowed him to remote access people’s routers and gather more important and sensitive information.
The problem affects EE customers who have the Brightbox 1 or 2 routers which is likely to be any EE customer who has signed up to them since early 2012 or for older customers who may have upgraded their router to one of the Brightbox routers.
Scott Helme was the person who discovered the security issue before writing up about the security flaw on his blog. What he discovered is that if he could get the WiFi password of one of the routers then he was able to access much more sensitive information such as the EE account holders account password which he believed would give him enough information to get as far as cancelling a customer’s broadband.
In his blog post, Mr Helme said:
“It became apparent that the device leaks access to all kinds of sensitive data to clients on the network and there’s also the possibility to exploit this remotely. It discloses the password of the EE account holder so I can call EE and pass account security, leaving me in a position to go as far as cancelling someone else’s broadband package altogether. In this blog I’m going to cover the various weaknesses present in the EE BrightBox and demonstrate how they can be exploited.”
According to the BBC who have also ran the story, they estimate that there will be around 350,000 EE customers who will be affected and be in need of the upgrade which EE say will be sent out automatically by the end of the month.
The best thing for EE customers who have a Brightbox 1 or 2 to do is to make sure that they don’t give out their WiFi password and to be very vigilant that they don’t get caught out by a phishing attack getting them to hand over any personal information or passwords.