Security firm says more routers at risk of hacking

BT, Sky and TalkTalk hubs could also pose a security risk, Pen Test Partners says

Routers made by BT, TalkTalk and Sky could be open to the same hack as Virgin Super Hub 2 devices security, experts from Pen Test Partners have warned. Although those affected are older, it's thought a fair number are still being used by people and can easily be targeted by criminals because they use weak default passwords.

"It's a bit unfair that Virgin Media has been singled out here. They made a mistake - but so have many other internet service providers," said Pen Test Partners' Ken Munro, speaking to the BBC.

"This problem has been known about for years, yet still ISPs [internet service providers] issue routers with weak passwords and consumers don't know that they should change them."

Although BT denied its routers could be targeted in the same way, Munro said the facts showed otherwise. Hackers can guess passwords because they use a format that's pretty uniform across devices. It's also not the first time such revelations have been put forward into the public domain.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"It has popped up again because attention has been drawn to the fact that very few people change their wi-fi password from the one written on the router," Munro said.

Once hackers have access to your network, they can quite easily find other vulnerabilities, which could have a much bigger impact than just allowing them to break in.

As a precaution, Munro said people should change the default password on their router to make it harder for criminals to break through the security features.

23/06/2017: Virgin warns 800,000 customers of Super Hub 2 security flaw

Virgin Media has warned more than 800,000 customers using a particular router to change their default passwords immediately, following the discovery of a flaw that allows hackers to gain access remotely.

An investigation by market watchdog Which? found that Virgin's Super Hub 2 router could be hacked in as little as four days, allowing attackers to gain control of home networks and any connected devices.

Advertisement - Article continues below

Although the company says the risk remains "small", it is advising customers to manually change the default password supplied with the router, typically found on an attached sticker.

The investigation looked at a number of popular connected products, including cameras and Bluetooth toys, and found that eight out of 15 gadgets were susceptible to at least one security exploit.

Which? also tested the Virgin Media Super Hub 2, which only uses a default lowercase password of eight characters long, and found that the router could be hacked in a few days using tools available online. The same password is also used on the router's configuration page, allowing hackers to gain complete control of a network and spy on traffic.

Virgin says there are approximately 864,000 Super Hub 2 routers currently in customer homes, although this number is falling due to Virgin's new Hub 3.0, which uses a more robust password and is impervious to the same style of attack.

Advertisement
Advertisement - Article continues below

"The security of our network and of our customers is of paramount importance to us," said a spokesperson for Virgin Media. "We continually upgrade our systems and equipment to ensure that we meet all current industry standards. To the extent that technology allows this to be done, we regularly support our customers through advice, firmware and software updates, and offer them the chance to upgrade to Hub 3.0 which contains additional security provisions."

The hacking of home routers is not a new threat, and in theory, most devices that come with standard default passwords are vulnerable to hacking. Attackers will typically bombard a device with login requests, using a list of sourced default usernames and passwords known to be used by a particular company. If the password is weak, this can take a matter of days.

Advertisement - Article continues below

Thankfully, for those customers using a Super Hub 2, changing a weak password is a fairly straightforward process, a guide to which has been created on our sister site expertreviews.

This once again raises the issue of security in IoT devices, as many companies have been criticised for promoting the increased use of connected devices while failing to adequately protect their users.

Featured Resources

Digitally perfecting the supply chain

How new technologies are being leveraged to transform the manufacturing supply chain

Download now

Three keys to maximise application migration and modernisation success

Harness the benefits that modernised applications can offer

Download now

Your enterprise cloud solutions guide

Infrastructure designed to meet your company's IT needs for next-generation cloud applications

Download now

The 3 approaches of Breach and Attack Simulation technologies

A guide to the nuances of BAS, helping you stay one step ahead of cyber criminals

Download now
Advertisement

Recommended

Visit/security/internet-security/354417/avast-and-avg-extensions-pulled-from-chrome
internet security

Avast and AVG extensions pulled from Chrome

19 Dec 2019
Visit/security/354156/google-confirms-android-cameras-can-be-hijacked-to-spy-on-you
Security

Google confirms Android cameras can be hijacked to spy on you

20 Nov 2019

Most Popular

Visit/operating-systems/25802/17-windows-10-problems-and-how-to-fix-them
operating systems

17 Windows 10 problems - and how to fix them

13 Jan 2020
Visit/business-strategy/mergers-and-acquisitions/354602/xerox-to-nominate-directors-to-hps-board-reports
mergers and acquisitions

Xerox to nominate directors to HP's board – reports

22 Jan 2020
Visit/microsoft-windows/32066/what-to-do-if-youre-still-running-windows-7
Microsoft Windows

What to do if you're still running Windows 7

14 Jan 2020
Visit/web-browser/30394/what-is-http-error-503-and-how-do-you-fix-it
web browser

What is HTTP error 503 and how do you fix it?

7 Jan 2020