UK ISPs ‘At Risk Of Attack’ Due To Security Failings

The companies responsible for providing the UK’s internet could be in danger of putting millions of customers at risk due to widespread shortcomings in their online security, a new report has warned.

Security researcher Paul Moore examined the publicly available information of the six largest ISPs in the UK and found plenty of bugs that could be used by hackers.

The companies involved included Virgin Media, TalkTalk. EE, BT, PlusNet and Sky, and followed the major data breach that hit TalkTalk last month.

Under attack

And Moore says that his research showed that the attack on TalkTalk could have affected any of the other providers.

“There have been a couple of incidents where I had to contact ISPs to report things that were serious,” he told the BBC, noting that many of the companies had since contacted him in order to improve their security protection.

“Ordinarily they would not be so open and honest with me but, after what happened at TalkTalk, they have been stepping in quickly,” he said.

“On one occasion I notified BT and PlusNet about a bug at 14:00 and they kept people back until 22:00 to fix it.”

Moore’s research uncovered a range of security failings, including passwords being stored in plain text, exposed code that would allow hackers to inject their own code on to ISPs’ websites and potentially load malware on to them.

There were also issues with website encryption certificates which would have allowed anyone to apply for administrative control over them from the certificate authority and then pose as the webmaster for websites owned by an ISP.

Following the attack on their network, TalkTalk confirmed that 156,959 customers had had their personal details accessed.

Of that, no more than 15,656 bank account numbers and sort codes were accessed. The ISP also admitted that 28,000 obscured credit and debit card numbers were also accessed.

Are you a data breach expert? Take our quiz to find out!

Mike Moore

Michael Moore joined TechWeek Europe in January 2014 as a trainee before graduating to Reporter later that year. He covers a wide range of topics, including but not limited to mobile devices, wearable tech, the Internet of Things, and financial technology.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

3 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

5 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

7 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

8 hours ago