EE releasing update to routers after security flaw is exposed


Some 350,000 customers affected by the issue, with hackers able to gain access to a customer’s Wi-Fi password

EE is releasing a security update to its broadband routers before the end of the month after a flaw was discovered that could possibly expose personal details about customers.

The problem affects around the 350,000 customers that own either the BrightBox 1 or 2 routers. The BrightBox 1 was released when the EE brand launched in October 2012, while the BrightBox 2 was launched last September.

The security flaw was exposed by UK technology researcher Scott Helme, who said in a blog post how gaining someone’s Wi-Fi password would provide a hacker with sufficient access to gain administrator-level control, potentially revealing personal details about that customer.

He added that armed with these personal details, the hacker coould call EE directly and pose as the customer to cancel their broadband package.

An EE spokesperson said: “As is the case for all home broadband customers, regardless of their provider, it is recommend they only give network access to people they trust. Customers should also be suspicious of any unsolicited emails and web pages, and keep their security software up to date.

“We treat all security matters seriously, and while no personal data will be compromised by the device itself, we would like to reassure customers that we are working on a service update which we plan to issue shortly, and which will remotely and automatically update customers’ BrightBoxes with enhanced security protection.”