Compare broadband deals
Use Which? to search for faster, more reliable broadband services
Switch and saveEE's Smart Hub router has been patched to fix a potentially dangerous vulnerability, following Which? security testing that uncovered the issue.
One of the country's biggest broadband providers, EE, has provided its Smart Hub router to new and upgrading customers of its fibre broadband plans.
After testing revealed a problem that could leave owners vulnerable to attacks on their local network, we informed EE and it worked on a patch for every Smart Hub router in people's homes.
This problem was fixed and verified, but if you're an EE customer, read on to find out how to check your router is updated.
Tech tips you can trust – get our free Tech newsletter for advice, news, deals and stuff the manuals don’t tell you.
We perform an exhaustive search of known bugs and vulnerabilities on every router that we review. Upon testing this router, we found an old exploit that could let somebody who has access to your local network run malicious code on your router.
The technical problem we found was that the remote SMB service was vulnerable to a heap overflow attack, which allowed for an attacker to execute code on the router to infect it with malware, take control of it or else prevent it from working.
Our own risk assessment found that this vulnerability was difficult to exploit and it required an attacker to already have access to your local WiFi network. But the damage that could be caused by this was potentially extensive.
We also knew that motivated criminals would be able to discover this vulnerability using commercial scanning software.
We notified EE and it accepted our findings and began to work on a patch. This patch was delivered to EE Smart Hub routers before the start of February, meaning owners are now protected from this issue.
We validated this by retesting the router and we found that the patch worked.
Check our reviews of wi-fi routers, mesh networks and extenders for the best ways to boost wi-fi in the home.
While this patch was deployed to customers automatically, if you have an EE Smart Hub, you can know for certain that you have up-to-date firmware by opening the configuration:
While this vulnerability shouldn't have existed in the first place and was found independently by Which? security research, it is positive to see that it was fixed quickly.
See where EE ranks in our table of the best and worst broadband providers, based on reports from real customers.
It said 'We take the security of our products and services very seriously. As is the case for all broadband customers, regardless of their provider, it is recommended they only give network access to people they trust, and they should be suspicious of any unsolicited emails and web pages.'
This issue underlines the importance of functioning security support, so manufacturers can keep their products safe and fix problems when they appear.
Products that network with each other (routers, computer, phones, and all 'smart' products) will develop vulnerabilities in their lifespan, so the bigger problem is when manufacturers stop supporting their products, leaving them totally exposed.
We asked EE for its security support policy for its routers and it told us 'All our routers are monitored for security threats and updated when needed.' It also said that if customers are out of contract, they should speak to EE about the options available, including taking out a new plan to upgrade their connection and receive the latest hub.
Use Which? to search for faster, more reliable broadband services
Switch and saveWe've been campaigning for nearly ten years to improve security standards for networked products. When manufacturers don't update the firmware on their products, your security is compromised. Yet it's still common to find products that have little or no security support for sale.
We know through our product testing that vulnerabilities can be found in consumer goods, so it's a constant battle. Before you buy anything, you should be able to see how long the manufacturer will support it or else you're at risk of a product that's either unsafe to use after a short term or at risk of early obsolescence.
Although it's bad when products have vulnerabilities, consumers will be much safer when these are dealt with proactively such as with the EE Smart Hub.
Our guide to smart device security details support policies for 20 categories of connected tech - from TVs and wireless cameras to washing machines and fitness trackers.
Fortunately, a new law – the Product Security and Telecommunications Infrastructure (PSTI) Act – is set to improve security standards for consumers. It will mandate:
Following an implementation period, manufacturers and retailers of almost all types of smart and internet-connected products need to comply with this law.
Find out more about the new security laws for smart devices and what it means for you.