Vodafone and the owner of Three UK have announced their intention to form the largest mobile phone operator in the UK. The companies intend to merge their operations based in the UK, resulting in a combined customer base of approximately 27 million.

However, the deal is still pending approval from regulators, and the Competition and Markets Authority will assess the advantages and disadvantages for consumers.

There is widespread expectation that the two companies would pool their available resources, with Three and Vodafone customers benefitting from wider coverage, particularly 5G availability.

With approval pending, both Vodafone and Three are promoting the idea that the merger helps, rather than reduces, competition – creating a third provider with big enough scale to complete with the UK’s two biggest providers, EE and O2.

The two providers have launched a joint micro-site supporting their bid.

Margherita Della Valle, Vodafone Group Chief Executive, said: “The merger is great for customers, great for the country and great for competition. It’s transformative as it will create a best-in-class – indeed best in Europe – 5G network, offering customers a superior experience.

Canning Fok, Group Co-Managing Director of CK Hutchison said: “Together, we will have the scale needed to deliver a best-in-class 5G network for the UK, transforming mobile services for our customers and opening up new opportunities for businesses across the length and breadth of the UK.

Upon completion of the Vodafone and Three merger, their combined market share will surpass that of EE and Virgin Media O2. While Virgin Media O2 currently serves around 24 million mobile customers, EE, which is owned by BT Group, has 20 million users. Vodafone and Three UK currently occupy the positions of the third and fourth largest mobile companies in the UK.

Under the terms of the merger, Vodafone will hold a 51% stake in the new company, with CK Hutchison, the owner of Three UK, retaining the remaining share. Vodafone and Three have assured customers that they can expect an enhanced network experience with improved coverage and reliability, without incurring any additional costs from the outset. Furthermore, the companies have committed to investing £11 billion in the development of 5G technology in the UK over the next decade.

Vodafone and CK Hutchison initially confirmed their merger discussions in the UK in October of last year. In May, Vodafone acknowledged the company’s underperformance and announced plans to reduce its workforce by 11,000 employees.

Consumer watchdog Which? have investigated 13 legacy router models supplied by leading UK internet service providers (ISPs) including EE, Sky, TalkTalk, Virgin Media and Vodafone – a report discovered that around 7.5 million internet users are at risk from out-of-date hardware.

Out of the 13 router models investigated, 9 presented pressing security flaws that are unlikely to be in compliance with upcoming UK government legislation around tackling the security of connected devices.

The new legislation is in response to government figures showing that 49% of UK residents have purchased at least one smart device since the start of the COVID-19 Pandemic. Due to this huge increased national scope of vulnerability to potential cyber-attacks, the proposed legislation will ban easy to guess default passwords across all, enforces policies to make it easier to report software bugs that can be exploited by hackers on legacy or modern hardware.

Kate Bevan, Which?’s Computing Editor, commented that “proposed new government laws to tackle devices with poor security can’t come soon enough – and must be backed by strong enforcement.” Which? are simultaneously pushing for increased transparency from ISPs about how customers automatically or manually update their routers and how they should actively upgrade existing customers who are identified as being in the ‘at risk’ category.

Of those 7.5 million affected, 6 million users currently possess ISP hardware that has not been updated since 2018 and a few instances even as far back as 2016 – meaning that these vulnerable devices have not received security updates for defence against the latest threats posed by cybercrime.

A cluster of three main problems with ISP legacy hardware were identified by Which? ranging from weak default passwords that allow cybercriminals unlimited access to a router from anywhere, a lack of firmware updates and a local network vulnerability issue with EE Brightbox 2 giving potential hackers full control of the router to install malware or malicious spyware.

In response, Virgin Media have openly rejected Which?’s report conclusions; saying that 9 out of 10 customers are using their latest router models and are benefiting from regular router security updates. This sentiment was mirrored by BT Group (owners of EE), TalkTalk and Vodafone who announced that the HHG2500 device included in the Which? report has not been supplied since August 2019.

Devices with weak default passwords: TalkTalk HG635, TalkTalk HG523a, TalkTalk HG533, Virgin Media Super Hub 2, Vodafone HHG2500, Sky SR101 and Sky SR102.

Routers affected by lack of updates: Virgin Media Super Hub, Virgin Media Super Hub 2, Sky SR101, Sky SR102, TalkTalk HG523a, TalkTalk HG533 and TalkTalk HG635.

Routers that passed the Which? security tests: BT Home Hub 3B, BT Home Hub 4A, BT Home Hub 5B and Plusnet Hub Zero 2704N