Virgin Media warn customers over router hacking risk

26 June 2017   By Samantha Smith

VIRGIN MEDIA have warned 800,000 broadband customers using the Super Hub 2 router to change their passwords, after it emerged that they were vulnerable to being hacked.

virgin superhub 2
© Virgin Media

As with a previous security scare from 2016 involving smart devices connected to the "Internet of Things", the router's vulnerability resides with its default password, which can be guessed quite easily using basic hacking equipment.

More alarmingly, once hackers have gained access to the Super Hub 2, they could potentially use this access to infiltrate and control any smart devices that might be using the router's wi-fi network.

And given that this isn't the first time that the router has been found to have a security weakness, this latest revelation will come as something of a blow to Virgin Media's cybersecurity credentials.

virgin media superhub 2

Virgin Media Superhub 2

Cracked it

The big problem with the Super Hub 2's default passwords is that they're dangerously simple, consisting in only eight lower case letters taken from a reduced, 24-letter alphabet.

This is why an investigation conducted by Which? found that they could be "cracked" in a couple of days using hacking programs freely available on the web.

Once they'd guessed the router's password, the investigators were able to gain control of its configuration web page, which enabled them to change its password and other settings.

It was also insinuated that, having gained access to their guinea pig's home network, they were able to "target other connected devices", such as smart thermostats and smart coffeemakers (or whatever other smart device might be in the home).

However, compromising other devices would in fact require separate hacking of its own, and it's useful to note in this regard that no confirmation was given by the investigators that they had penetrated any other device via the Super Hub 2.

All they could say was, "Hack [the Hub], and you can potentially have access to other devices inside the home."

Related news
Cybersecurity fatigue harming safety
BT confront 'connected car' security risk
Cybercrime now costs £11 billion
Yahoo warn of 1 billion hacked accounts

Still, even if the hacking of additional devices isn't a foregone conclusion, customers would be well advised to ensure that all their smart gadgets have had their default passwords changed to something more robust.

Of paramount importance

Indeed, this is the advice that Virgin Media have given to the 864,000 broadband customers who are still using the Super Hub 2, which has been superseded by the more secure Super Hub 3.

How to change the Super Hub 2 password

1. Use an ethernet cable to connect the router to your computer.

2. Go to the web address that's printed on the Super Hub sticker, and then find the settings page.

3. Go to "Wireless Network Settings".

4. Enter a new, strong password in the "passphrase" box.

5. Restart all router-connected devices and enter the router's new password to get back online.

In addition, a spokesperson for the ISP offered the following reassurance: "The security of our network and of our customers is of paramount importance to us. We continually upgrade our systems and equipment to ensure that we meet all current industry standards".

That said, it's not the first time that Virgin have been caught out by cybersecurity issues, suggesting that they're not upgrading their systems quite that fast enough to keep up with the ever-changing nature of the digital world.

In March 2014, it was discovered that the Super Hub 2 would "leak" security data (such as passwords) every time it started up, since it would launch its network without encryption.

And going even further back, the device had also been beset by various bugs and niggles, such as the tendency to suddenly restart.

Not just Virgin Media

Luckily, however, the Super Hub 3 is considerably more dependable, although Virgin Media have told us that changing the password of the Hub 2 will make it just as secure:

Virgin-Choose Twitter exchange

Source: Virgin Media/Twitter

And for those who aren't Virgin customers but are concerned that the ISP isn't that reliable, it's worth pointing out that other providers and routers have suffered similar (or worse) problems in recent years.

There was, of course, the infamous TalkTalk hack from October 2015, in which the personal details of almost 160,000 customers were stolen.

There was also a smaller scare from last December, in which wi-fi passwords were stolen (once again by investigators) from routers of several ISPs, including the Post Office and TalkTalk.

And perhaps more worryingly, yet less tangibly, there's also the fact that in a Cyber Security Member Survey carried out last September by the Internet Service Providers Association, it was discovered that 92% of ISPs experience cyberattacks regularly.

Of course, this doesn't mean that 92% of the UK's ISPs actually have data stolen regularly, but it does mean that almost all of them are constantly vulnerable to attack.

And just as importantly, it also means that customers should remain vigilant, or at least be aware of, the dangers of hacking. And as Virgin Media's issues remind all of them, if they do nothing else to keep themselves protected, they should do just this one thing: change the default passwords of their devices.

Which broadband deals are available in your area?

independent comparison

We are independent of all of the products and services we compare.

fair comparison

We order our comparison tables by price or feature and never by referral revenue.

charity donations

We donate at least 5% of our profits to charity, and we aim to be climate positive.

Get insider tips and the latest offers in our newsletter