Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 65k members.


    Advertisement

    Results 1 to 4 of 4

    800,000 Virgin Media Customers Suffer Another SuperHub 2 Security Scare

    This is a discussion on 800,000 Virgin Media Customers Suffer Another SuperHub 2 Security Scare within the General Computing and Internet forums, part of the Community channel category; 800,000 Virgin Media Customers Suffer Another SuperHub 2 Security Scare - ISPreview UK A new study conducted by consumer magazine ...

    1. #1
      Scubbie's Avatar
      Scubbie is offline Sky User Moderator
      Exchange: 02392
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Q Hub ER110
      Sky TV: Sky+HD box
      Join Date
      Mar 2010
      Location
      Near Portsmouth
      Posts
      28,042
      Thanks
      827
      Thanked 2,202 Times in 2,072 Posts

      800,000 Virgin Media Customers Suffer Another SuperHub 2 Security Scare

      800,000 Virgin Media Customers Suffer Another SuperHub 2 Security Scare - ISPreview UK
      A new study conducted by consumer magazine Which?, which examined the security of connected devices in the home, has chastised Virgin Media for setting up their SuperHub v2 (VMDG485) cable broadband routers with a default password that is the same for many of their customers.

      Some years ago it was not uncommon for ISPs to send out their bundled broadband routers with the same simple default login and password for the web-based admin interface or WiFi network (e.g. login: “admin” / password: “password” or the password may even be blank), although these days providers should know better and most will distribute their devices using randomised passwords.

      Having any easily predictable password is bad because it opens an easy avenue for hackers to access and exploit your home network. Sadly many consumers don’t bother to change the login details when they receive their hardware, which is a basic thing that everybody should do, even if the password has been randomised (randomised passwords are often short and thus easy to brute force hack).

      In this case Which? set-up a “smarthome” at the address of a Which? employee, which included a host of popular smart gadgets that can be found in houses across the UK. After that it hired ethical security researchers, SureCloud, to hack it. Alongside targeting the gadgets, SureCloud also ran surveillance on the home owner to gather information that could be used to breach their security and used phishing tactics (i.e. spoof emails and messages designed to trick someone into revealing personal details).

      Unsurprisingly the SureCloud team was able to gain access to Virgin Media’s router “in just a few days“, although admittedly you’d expect that sort of result when setting an entire security team against a single home.

      A Virgin Media Spokesperson said:

      “The security of our network and of our customers is of paramount importance to us. We continually upgrade our systems and equipment to ensure that we meet all current industry standards. To the extent that technology allows this to be done, we regularly support our customers through advice, firmware and software updates and offer them the chance to upgrade to a Hub 3.0 which contains additional security provisions.”

      Apparently Virgin Media has now contacted 800,000 of their SuperHub v2 using subscribers and advised them to change their passwords, while others may simply be upgraded to the new Hub 3.0 (SuperHub v3, for those who hate the silly naming convention changes).

      Sadly the development follows only a couple of weeks after another security researcher found that hackers could abuse a file backup routine for the SuperHub v2 and v2A configuration, which could then be used to gain admin level access (here).

      Not a good month for VM, although they’re by no means the only ISP to have made this mistake and indeed we believe that some smaller providers continue to use the same default password when distributing routers. Similarly some third-party routers purchased at retail will also use a default that remains the same for batches of the same unit. Simple rule.. ALWAYS CHANGE THE PASSWORD.


    2. Advertisement
    3. #2
      lettice's Avatar
      lettice is offline Sky User Member
      Exchange: 0.4 mile away and cabinet 350 yards
      Broadband ISP: Sky Fibre Max
      Router: ER110UK Sky Q hub
      Sky TV: SkyQ2tb + minis
      Join Date
      Jun 2011
      Location
      England
      Posts
      2,027
      Thanks
      12
      Thanked 190 Times in 181 Posts

      Re: 800,000 Virgin Media Customers Suffer Another SuperHub 2 Security Scare

      Why were Virgin were picked out like that?
      Sky still use the same admin userid and password and BT do and the new hubs have it written on the side of the router a few times and on the card that sits in the rear of the router.
      I've helped a few others on talk talk/plusnet etc in the last year and have just gone on the web to find the default admin userids and passwords.

    4. #3
      Scubbie's Avatar
      Scubbie is offline Sky User Moderator
      Exchange: 02392
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Q Hub ER110
      Sky TV: Sky+HD box
      Join Date
      Mar 2010
      Location
      Near Portsmouth
      Posts
      28,042
      Thanks
      827
      Thanked 2,202 Times in 2,072 Posts

      Re: 800,000 Virgin Media Customers Suffer Another SuperHub 2 Security Scare

      My guess would be that they've been able to access the GUI from the public side of the Internet. Normally this is prevented.

      Sky Fibre Unlimited Pro: Connected at 80,000 kbps / 20,000 kbps
      Previous ADSL2+ Speed 19999 kbps 1153 kbps, Line Attenuation 17.5 db 6.9 db, Noise Margin 7.5 dB 8.7 dB
      Speedtest: 17.15MB/s 0.97Mb/s Ping 31 ms

    5. #4
      Isitme's Avatar
      Isitme is offline Sky User Moderator
      Exchange: Bannockburn
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR102
      Sky TV: Sky+ HD
      Join Date
      Dec 2006
      Location
      Central Scotland
      Posts
      34,256
      Thanks
      65
      Thanked 1,655 Times in 1,616 Posts

      Re: 800,000 Virgin Media Customers Suffer Another SuperHub 2 Security Scare

      BT do and the new hubs have it written on the side of the router a few times and on the card that sits in the rear of the router.
      On all the BT Hubs I have worked on the first thing you are asked to do when you log in, is change the admin password. They are very reluctant to accept a weak password. Like all routers this can be changed by resetting the router, but that requires physical access.

      I do think it is a bit unfair for a security company to 'attack' a home router. Given time with their aptitude they could probably do the same to any home router.

      TomD


      Please note the views and recommendations in my posts are my own and in no way reflect the views of SkyUser.


      Useful Utilites

      http://www.nirsoft.net/utils/wifi_information_view.html/ TCPOptimiser /Test Socket

      Note - When downloading always select the Custom install or you will end up with stuff you don't want.





     

     

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2017. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION