EE is working on an emergency security patch for its Brightbox routers
EE is working on an emergency security patch for its Brightbox routers

EE is working on an emergency update to the routers of over 350,000 broadband customers after a researcher exposed a security flaw that enables remote access to customers' Wi-Fi networks.

UK security researcher Scott Helme revealed last week that he had discovered a way to compromise the security of the BrightBox router provided by mobile operator EE, which also provides broadband.

In a statement to the BBC, EE said: "We treat all security matters seriously, and while no personal data will be compromised by the device itself, we would like to reassure customers that we are working on a service update which we plan to issue shortly, and which will remotely and automatically update customers' Brightboxes with enhanced security protection."

Helme found that the BrightBox router leaks sensitive information onto the network, such as the user credentials and passwords related to the EE account holder.

Broadband account

Someone looking to breach your security could use a browser client sitting on the network and anonymously intercept the leaked information and be able to call the network provider up and pass account security.

The attacker could then pose as the customer and cancel the user's broadband account.

It means the attacker could also gain administrator-level control and complete access to any Wi-Fi network set up by the router. This would enable the attacker to steal a copy of the Wi-Fi passwords and remotely access the wireless Local Area Network (LAN) from outside the premises.

This represents a total compromise of the device's security and an attacker could wreak havoc with your account.
- Scott Helme

"Being able to grab details like the WPA keys or the hash of my admin passwords was bad enough, but exposing my ISP user credentials represents a huge risk. This is made even worse by the fact it's possible to access all of the data remotely," Helme wrote in his blog post.

Total compromise

"Even if the device is only used in the home or small office, this represents a total compromise of the device's security and an attacker could wreak havoc with your account causing huge inconvenience and even financial losses."

Helme claims he contacted EE via customer services and Twitter but received no response. After emailing the CEO and CTO directly, he was contacted by EE's Head of Security Operations and told that he had indeed spotted an issue.

Feeling frustrated that EE was taking a long time to complete a firmware update to patch the issue, having informed him that the issue would only be patched in mid-January, Helme decided to publish the blog to inform the public and spur the network operator into action.

The patch is still being worked on by EE.

EE has told the BBC that from 17 January onwards, it has changed its security measures and briefed its call centre staff so that it would now be impossible to use information gained from the router to access a customer's account.

"We are aware of Mr Helme's article," an EE spokesman said.

"As is the case for all home broadband customers, regardless of their provider, it is recommended they only give network access to people they trust. Customers should also be suspicious of any unsolicited emails and web pages, and keep their security software up to date."