Change password warning: Sky, BT routers now at risk from hackers

Change password warning: Sky, BT routers now at risk from hackers

Monday, 24 July, 2017

Customers of the UK’s major ISPs have been warned they may be vulnerable to attack as a result of flaws in household routers.

Although it was originally believed only Virgin Media customers were affected, security experts are now saying other companies’ devices may also be at risk.

White-hat hackers – who probe the vulnerabilities in technology so companies can make their security better – found that Virgin Media’s Netgear Super Hub 2 and Super Hub 2AC were at risk from takeover hacks by criminals.

But now the same security flaws have been discovered in older routers.

Devices provided by Sky, BT and TalkTalk have now been flagged as potentially at risk.

Customers are being advised to change their passwords to maintain their online safety.

The flaws, which are well-known in tech circles, allow hackers access to a user’s Wi-Fi authentication ‘handshake’ and use it to reveal the password. Once they’ve broken in, the attacker can see all connected devices on a home network, and exploit any vulnerabilities to remotely take control of them.

Most routers come with a default password straight out of the box. However, not all passwords are equally secure, and many use a formula that can be easily identified and exploited by hackers.

This was the issue with Super Hub 2, which used a lower case password consisting of only eight characters.

Virgin has already advised its customers to update their passwords, following an investigation from consumer group Which?

The company has a dedicated page for customers looking for help or advice on changing their password.

A BT spokesperson said the company was unaffected by the issues facing the Super Hub 2.

Simple solutions to prevent vulnerabilities include using a mix of upper and lower case letters or symbols in a password. Another rule to follow is ‘the longer, the better’ as a greater number of characters increases the time it would take a hacker to break through.

According to security researchers, PTP, who tested a range of routers from leading ISPs, “even a simple increase from 10 to 12 characters would push the cracking time from five days up to many many years.”

Large scale cyber attacks are becoming increasingly common. Last weekend saw hackers attempting to access the emails of MPs in the UK Parliament. This comes after the NHS computer services were held to ransom as part of the ‘WannaCrypt’ attack.

The Mirai botnet attack on a server in December 2016 exploited vulnerabilities in Wi-Fi-enabled household devices, causing major disruption.

Aran Burton author picture


Aran is a technology journalist with an interest in consumer issues.

News What's the story?

Keep up with the latest developments in UK broadband.

United Nations warns of ‘digital welfare dystopia’

The UN has warned internet users of handing over their data to ‘big tech’ and accused companies of exploiting the poorest users.

United Nations warns of ‘digital welfare dystopia’United Nations warns of ‘digital welfare dystopia’ Read more

BT and O2 launch 5G in the same week!

BT and O2 are the latest networks to enter the bitter high street 5G battle.

Read more

UK Porn block for children has been scrapped.

The government’s controversial ‘porn blocker’ plan, mired in delays and problems, has been officially scrapped.

Read more

Gigaclear undertake costly fibre install UNDER River Severn to reach rural customers

The upstart ISP embarks on ambitious plan to ensure rural customers have access to full fibre broadband!

Read more

Help Learn with us

Make the most of the internet with our broadband library.

Minimum connection speeds for common online activities

Read more

How many companies provide full fibre broadband?

Read more