New
#1
The core of the Which article concerns the widespread use of unsupported routers, routers which are no longer receiving [firmware] security updates.- Whilst the Which investigation was focussed on routers supplied by ISPs, it seems to me that there is no particular reason to suppose that owners of privately-bought routers are any more likely to replace them when support ends or that owners are even likely to be aware that support has ended.- Which also mention that many people are still using the poor default passwords that their routers were supplied with.
- Which also identified a serious security vulnerability in the EE Brightbox 2 router
Perhaps the most important observation is that not all router makers [and ISPs who supply routers] have effective working relationships with security investigators [unlike OS publishers].- So, it seems to me, there is no justification for assuming that the absence of a security update indicates that no vulnerabilities exist.
Denis