Virgin Super Hub routers got hacked: Are you still at risk?

Virgin Super Hub routers got hacked: Are you still at risk?

Tuesday, 4 July, 2017

Virgin Media says it has resolved a security flaw in its Super Hub routers, which made millions of households a ‘prime target’ for hackers.

Back in May 2017 Virgin came under fire for turning every single one of its Super Hub routers into public Wi-Fi hotspots.

100,000 customers were opted in automatically – a process which drew critics from both home users and businesses.

Virgin has turned your router into a public WiFi hotspot - but is it safe?

So it was no surprise when white-hat hackers found vulnerabilities on the Netgear Super Hub 2 and Super Hub 2AC, which would have given hackers unauthorised control of dynamic DNS settings, and the ability to monitor data traffic moving through the router.

Jan Mitchell and Andy Monaghan, security researchers from Context Information Security, exposed the flaw, and worked with Virgin Media to counter the threat.

“After verifying our findings, Virgin Media worked with us to develop mitigations which were released as part of their existing firmware patching cycle,” they said.

Virgin Media said they often work with third parties to deal with security issues and co-operated with both Context and Super Hub manufacturer, Netgear, to address the issue.

The telecoms giant has now released a firmware patch to resolve the flaw.

Virgin has turned your router into a public WiFi hotspot - but is it safe? 2

Is your password ‘password’?

This update took place automatically to ensure that no other customers could be at further risk.

“We take the security of our customers very seriously,” a spokesperson for Virgin Media said.

The security encryption key was the same across all hubs in the UK, and although users are prompted to change the default password, it is not a requirement for using the router.

Furthermore, it may not be immediately clear how to change the password for customers who lack the requisite knowledge or insight.

Potential attackers would therefore only need to know this default password to gain access to Super Hubs around the country.

Millions of routers ‘dreadful’ for security

A blog by Context’s Research team described the security of many ‘off-the-shelf’ home routers as “almost universally dreadful”, but said it was uncommon for vulnerabilities in flagship routers from larger ISPs such as BT, Sky and Virgin Media to make the news.

The Super Hub is one of the most common routers in the UK, and can be found in millions of households across the country. It is supplied to customers of Virgin Media’s broadband services.

Large scale cyber attacks are becoming increasingly common. An attack exploiting a similar flaw in Wi-Fi connected devices occurred in December 2016, and in May 2017, NHS computer services were held to ransom following the Wannacry attack which caused huge disruption to hospital services.

Aran Burton author picture

By:

Aran is a technology journalist with an interest in consumer issues.

News What's the story?

Keep up with the latest developments in UK broadband.

TalkTalk offers exclusive £80 reward to new fibre customers

The huge bonus is available to anyone signing up for a 'Faster Fibre' bundle through BroadbandDeals.co.uk

TalkTalk offers exclusive £80 reward to new fibre customers Read more

TikTok ‘gifts’ empty kids piggy banks

Children are most vulnerable to 'influencer' donation pleas

Read more

Netflix ruins 90’s cartoon, enrages internet

The streaming giant came in for criticism for 'straightwashing' Japanese cult classic anime.

Read more

Porn-block pushed back by clerical errors

Further delays to the child-protection measure, with the process mocked as an 'utter shambles'.

Read more

How to watch Wimbledon online for free

How to make sure you don't miss out on the action from your favourite sports stars.

Read more

Fast fines for ISPs could end the “Loyalty Penalty”

But could the proposed measures mean worse deals for those who shop around?

Fast fines for ISPs could end the “Loyalty Penalty” Read more

Boris Johnson mocks full-fibre roll-out plans

The likely next PM boasts plans to beat current targets by 8 years, but is it all just hot air?

Read more

Broadband and phone companies to put Fairness first

Telecoms providers commit to raising standards.

Read more

UK to get legal right to decent and affordable broadband

New legislation will ensure minimum speeds for every UK household.

Read more

GDPR – One year on

The landmark legislation gave people the ‘right to know’ when their data had been hacked.

Read more

Slow broadband is costing us £2.2bn extra a year

Read more

Help Learn with us

Make the most of the internet with our broadband library.

Protecting your small business against cyber attacks

Protecting your small business against cyber attacks Read more

Could 5G end fixed-line home broadband?

Read more

How broadband availability varies across the UK

Read more

Which social media platforms should I be on?

Read more

Will you get online on holiday?

Stay connected during your get-away.

Read more

Make the most of your broadband overnight

Read more

The main causes of slow internet connections

Slow broadband can be more than just an irritant - but what causes it, and what can we do to fight back?

The main causes of slow internet connections Read more

Do you need to ramp up your broadband controls?

Read more

The different types of home computer

Read more

Will we all need gigabit broadband one day?

Read more

Explaining broadband industry jargon

Read more
Back To Top