This article is from the source 'bbc' and was first published or seen on . It last changed over 40 days ago and won't be checked again for changes.

You can find the current article at its original source at http://www.bbc.co.uk/news/technology-25809208

The article has changed 2 times. There is an RSS feed of changes available.

Version 0 Version 1
EE rushes to fix broadband box security risk EE rushes to fix broadband box security risk
(35 minutes later)
Network provider EE will push out an emergency upgrade to its broadband customers after a security flaw was discovered by a UK researcher.Network provider EE will push out an emergency upgrade to its broadband customers after a security flaw was discovered by a UK researcher.
Scott Helme said the vulnerability made "remote access" to EE's routers possible.Scott Helme said the vulnerability made "remote access" to EE's routers possible.
The problem affects customers who have either the Brightbox 1 or 2 router in their homes.The problem affects customers who have either the Brightbox 1 or 2 router in their homes.
EE described the threat as "moderate", but plans to send out an automatic upgrade before the end of this month.EE described the threat as "moderate", but plans to send out an automatic upgrade before the end of this month.
Any broadband customer who has signed up to EE since early 2012 is affected, as are earlier customers who upgraded their routers, the company told the BBC.Any broadband customer who has signed up to EE since early 2012 is affected, as are earlier customers who upgraded their routers, the company told the BBC.
It has not specified how many of its customers will need the upgrade, but the BBC understands it to be in the region of 350,000.It has not specified how many of its customers will need the upgrade, but the BBC understands it to be in the region of 350,000.
In a statement, EE said: "We treat all security matters seriously, and while no personal data will be compromised by the device itself, we would like to reassure customers that we are working on a service update which we plan to issue shortly, and which will remotely and automatically update customers' Brightboxes with enhanced security protection."In a statement, EE said: "We treat all security matters seriously, and while no personal data will be compromised by the device itself, we would like to reassure customers that we are working on a service update which we plan to issue shortly, and which will remotely and automatically update customers' Brightboxes with enhanced security protection."
Phishing riskPhishing risk
In his blog post, Mr Helme detailed how gaining the wi-fi password would provide sufficient access for a hacker to gain administrator-level control - potentially exposing personal details about the customer.In his blog post, Mr Helme detailed how gaining the wi-fi password would provide sufficient access for a hacker to gain administrator-level control - potentially exposing personal details about the customer.
He wrote that the vulnerability exposed enough personal data to enable a hacker "to go as far as cancelling someone else's broadband package altogether".He wrote that the vulnerability exposed enough personal data to enable a hacker "to go as far as cancelling someone else's broadband package altogether".
EE has told the BBC that on Friday it changed its measures so such actions were no longer possible, and it had briefed its call centre staff on the change of procedure. EE told the BBC that on Friday it changed its measures so that such actions were no longer possible, and it had briefed its call centre staff on the change of procedure.
The network said it had not received any complaints about the flaw.The network said it had not received any complaints about the flaw.
It stressed that customers were protected as long as they did not disclose their wi-fi passwords - although security professionals pointed out that such details could be gleaned through phishing attacks designed to trick a user into handing over details.It stressed that customers were protected as long as they did not disclose their wi-fi passwords - although security professionals pointed out that such details could be gleaned through phishing attacks designed to trick a user into handing over details.
"We are aware of Mr Helme's article," an EE spokesman said."We are aware of Mr Helme's article," an EE spokesman said.
"As is the case for all home broadband customers, regardless of their provider, it is recommended they only give network access to people they trust."As is the case for all home broadband customers, regardless of their provider, it is recommended they only give network access to people they trust.
"Customers should also be suspicious of any unsolicited emails and web pages, and keep their security software up to date.""Customers should also be suspicious of any unsolicited emails and web pages, and keep their security software up to date."