Change password warning: Sky, BT routers now at risk from hackers

Monday, 24 July, 2017

Customers of the UK’s major ISPs have been warned they may be vulnerable to attack as a result of flaws in household routers.

Although it was originally believed only Virgin Media customers were affected, security experts are now saying other companies’ devices may also be at risk.

White-hat hackers – who probe the vulnerabilities in technology so companies can make their security better – found that Virgin Media’s Netgear Super Hub 2 and Super Hub 2AC were at risk from takeover hacks by criminals.

But now the same security flaws have been discovered in older routers.

Devices provided by Sky, BT and TalkTalk have now been flagged as potentially at risk.

Customers are being advised to change their passwords to maintain their online safety.

The flaws, which are well-known in tech circles, allow hackers access to a user’s Wi-Fi authentication ‘handshake’ and use it to reveal the password. Once they’ve broken in, the attacker can see all connected devices on a home network, and exploit any vulnerabilities to remotely take control of them.

Most routers come with a default password straight out of the box. However, not all passwords are equally secure, and many use a formula that can be easily identified and exploited by hackers.

This was the issue with Super Hub 2, which used a lower case password consisting of only eight characters.

Virgin has already advised its customers to update their passwords, following an investigation from consumer group Which?

The company has a dedicated page for customers looking for help or advice on changing their password.

A BT spokesperson said the company was unaffected by the issues facing the Super Hub 2.

Simple solutions to prevent vulnerabilities include using a mix of upper and lower case letters or symbols in a password. Another rule to follow is ‘the longer, the better’ as a greater number of characters increases the time it would take a hacker to break through.

According to security researchers, PTP, who tested a range of routers from leading ISPs, “even a simple increase from 10 to 12 characters would push the cracking time from five days up to many many years.”

Large scale cyber attacks are becoming increasingly common. Last weekend saw hackers attempting to access the emails of MPs in the UK Parliament. This comes after the NHS computer services were held to ransom as part of the ‘WannaCrypt’ attack.

The Mirai botnet attack on a server in December 2016 exploited vulnerabilities in Wi-Fi-enabled household devices, causing major disruption.

Aran Burton author picture


Aran is a technology journalist with an interest in consumer issues.