UK BROADBAND OUTFIT EE has revealed that there is a security flaw in its routers.
The internet service provider has announced that it will release an emergency update for its Bright Box routers before the end of the month.
EE has sold its Bright Box and Bright Box 2 routers to customers since the beginning of 2012. It declined to say how many of them are installed, but one estimate put the figure at 350,000.
The flaw came to light when hacker Scott Helme published details on his blog about how he was able to get remote access to sensitive information stored in the router, including the md5 hash of the device's admin password.
In addition, hackers could also get users' login details, which could allow them to take control of user accounts.
In response, EE released a statement saying, "We are aware of Mr Helme's article. As is the case for all home broadband customers, regardless of their provider, it is recommended they only give network access to people they trust. Customers should also be suspicious of any unsolicited emails and web pages, and keep their security software up to date."
Although EE was not very forthcoming, it did say of the security update, "We treat all security matters seriously, and while no personal data will be compromised by the device itself, we would like to reassure customers that we are working on a service update which we plan to issue shortly, and which will remotely and automatically update customers' Brightboxes with enhanced security protection."
Apparently experienced users have little to worry about in the meantime. µ