UK ISPs ‘At Risk Of Attack’ Due To Security Failings

The companies responsible for providing the UK’s internet could be in danger of putting millions of customers at risk due to widespread shortcomings in their online security, a new report has warned.

Security researcher Paul Moore examined the publicly available information of the six largest ISPs in the UK and found plenty of bugs that could be used by hackers.

The companies involved included Virgin Media, TalkTalk. EE, BT, PlusNet and Sky, and followed the major data breach that hit TalkTalk last month.

Under attack

And Moore says that his research showed that the attack on TalkTalk could have affected any of the other providers.

“There have been a couple of incidents where I had to contact ISPs to report things that were serious,” he told the BBC, noting that many of the companies had since contacted him in order to improve their security protection.

“Ordinarily they would not be so open and honest with me but, after what happened at TalkTalk, they have been stepping in quickly,” he said.

“On one occasion I notified BT and PlusNet about a bug at 14:00 and they kept people back until 22:00 to fix it.”

Moore’s research uncovered a range of security failings, including passwords being stored in plain text, exposed code that would allow hackers to inject their own code on to ISPs’ websites and potentially load malware on to them.

There were also issues with website encryption certificates which would have allowed anyone to apply for administrative control over them from the certificate authority and then pose as the webmaster for websites owned by an ISP.

Following the attack on their network, TalkTalk confirmed that 156,959 customers had had their personal details accessed.

Of that, no more than 15,656 bank account numbers and sort codes were accessed. The ISP also admitted that 28,000 obscured credit and debit card numbers were also accessed.

Are you a data breach expert? Take our quiz to find out!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago