Your forum username:
Do you already have an account?
Forgot your password?
  • Log in or Sign up


    Welcome to Sky User - The Unofficial Support Forum for everything Sky! - Proudly helping over 65k members.


    Advertisement

    Results 1 to 2 of 2

    Virgin Media UK SuperHub Leaks User Passwords via WiFi During Reboot

    This is a discussion on Virgin Media UK SuperHub Leaks User Passwords via WiFi During Reboot within the General Computing and Internet forums, part of the Community channel category; Virgin Media UK SuperHub Leaks User Passwords via WiFi During Reboot - ISPreview UK The NetGear-based SuperHub (VMDG485) broadband routers, ...

    1. #1
      Scubbie's Avatar
      Scubbie is offline Sky User Moderator
      Exchange: 02392
      Broadband ISP: Other ISP
      Router: Non-Sky Router
      Sky TV: Sky+HD box
      Join Date
      Mar 2010
      Location
      Near Portsmouth
      Posts
      28,249
      Thanks
      848
      Thanked 2,242 Times in 2,105 Posts

      Virgin Media UK SuperHub Leaks User Passwords via WiFi During Reboot

      Virgin Media UK SuperHub Leaks User Passwords via WiFi During Reboot - ISPreview UK
      The NetGear-based SuperHub (VMDG485) broadband routers, which are supplied by cable provider Virgin Media, appear to be suffering from a new security flaw that means your administrative settings web page and WiFi passphrase is left exposed for around 7 seconds when the device reboots.

      The flaw, which was spotted by IT consultant Paul Moore, apparently occurs because some bright spark of security genius decided that it would be a clever idea if the router initially launched its wireless networking component (during a reboot) without first engaging encryption (the encryption is only enabled after a few seconds).

      In other words, for a very brief period, a savvy hacker could potentially record your wifi password while it is being sent over the network during the initial restart. However the hacker would naturally need to be within range of the wireless network to do this and, unless they’re very patient, they’d also need to artificially force the router to reboot (Mr Moore has also demonstrated how to do this).
      A VM Forum Support Team Member said (here):

      As mentioned earlier on in this thread, the security of our services is of the highest importance and we are working with Netgear to develop and test a software update which will initialise encryption immediately from reboot and this is close to being issued.

      We encourage all our customers to change their default passwords when they are installed, if anyone is unsure whether they have made this change, instructions on our website provide an easy guide on how this can be done at any time on our help pages at How do I change the password for my Super Hub 2’s settings page?


      If customers are concerned, then we would recommend that after changing the default password, they should also change the WiFi passphrase for additional security.


      To confirm, the issue only relates to the Netgear VMDG485 device (SuperHub2) and, although we agree with the person who identified it that this is highly unlikely to happen; we have thanked them for bringing this to our attention
      .”
      So the good news is changing the default password, which is something that Virgin and other ISPs recommend you do anyway, is a good temporary fix for the problem. Credits to The Register for spotting this issue, which can be added to the growing list of router related security blunders that seem to be cropping up in 2014.


    2. Advertisement
    3. #2
      Isitme's Avatar
      Isitme is offline Sky User Moderator
      Exchange: Bannockburn
      Broadband ISP: Sky Fibre Unlimited
      Router: Sky Hub SR102
      Sky TV: Sky+ HD
      Join Date
      Dec 2006
      Location
      Central Scotland
      Posts
      34,254
      Thanks
      65
      Thanked 1,655 Times in 1,616 Posts

      Re: Virgin Media UK SuperHub Leaks User Passwords via WiFi During Reboot

      So the good news is changing the default password, which is something that Virgin and other ISPs recommend you do anyway, is a good temporary fix for the problem.
      Surely changing the pass phrase is not going to help if it is shown in plain text after a reboot. I don't see how it would be showing the default password if it has been changed, surely it will shown the changed one as the default one will no longer be in the settings..

      This brings to mind the security issue exposed by James concerning the original DG834GT supplied by Sky. Another Netgear mess.

      TomD


      Please note the views and recommendations in my posts are my own and in no way reflect the views of SkyUser.


      Useful Utilites

      https://www.nirsoft.net/utils/wifi_information_view.html/ TCPOptimiser /Test Socket

      Note - When downloading always select the Custom install or you will end up with stuff you don't want.





     

     

    Tags for this Thread

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •  
    SkyUser - Copyright © 2006-2020. SatDish and NewsreadeR | SkyUser is in no way affiliated with Sky Broadband / BSkyB
    RIPA NOTICE: NO CONSENT IS GIVEN FOR INTERCEPTION OF PAGE TRANSMISSION