Router hack risk 'not limited to Virgin Media'

| Author: Tony Imossi (Secretariat) | Filed under: General News
Router hack risk 'not limited to Virgin Media'

A weakness that left thousands of Virgin Media routers vulnerable to attack also affects devices by other providers, security experts suggest.

Virgin Media's Super Hub 2 was criticised for using short default passwords that could easily be cracked by attackers.

But experts raised concerns that older routers provided by BT, Sky, TalkTalk and others were also at risk.

They recommend users change their router password from the default.

"It's a bit unfair that Virgin Media has been singled out here. They made a mistake - but so have many other internet service providers," said Ken Munro from security firm Pen Test Partners.

"This problem has been known about for years, yet still ISPs [internet service providers] issue routers with weak passwords and consumers don't know that they should change them."

The weakness in Virgin Media's Super Hub 2 was highlighted in an investigation by consumer group Which?

The company has since advised customers using default network and router passwords to update them immediately.

However, a BT spokeswoman told the BBC: "We are not impacted by the hub issues affecting Virgin Media."
Other providers have yet to comment.

Source:  BBC

Virgin Media urges password change over hacking risk

Virgin Media has told 800,000 customers to change their passwords to protect against being hacked.

An investigation by Which? found that hackers could access the provider's Super Hub 2 router, allowing access to users' smart appliances.

A child's toy and domestic CCTV cameras were among the vulnerable devices.

Virgin Media said the risk was small but advised customers using default network and router passwords to update them immediately.

Extra security

A spokesman said: "The security of our network and of our customers is of paramount importance to us.

"We continually upgrade our systems and equipment to ensure that we meet all current industry standards.

"We regularly support our customers through advice and updates and offer them the chance to upgrade to a Hub 3.0 which contains additional security provisions."

The company said the issue existed with other routers of the same age and was not exclusive to their model.

The study, carried out in conjunction with ethical security researchers SureCloud, tested 15 devices -of which eight had security flaws.

In one case a home CCTV system was hacked using an administrator account that was not password protected.

Hackers were able to watch live pictures and in some cases were able to move cameras inside the house.

'More sophisticated'

Which? called for the industry to improve basic security provisions, including requiring customers to create a unique password before use, two-factor authentication, and issuing regular software security updates.

Alex Neill, Which? managing director of home products and services, said: "There is no denying the huge benefits that smart-home gadgets and devices bring to our daily lives.

"However, as our investigation clearly shows, consumers should be aware that some of these appliances are vulnerable and offer little or no security.

"There are a number of steps people can take to better protect their home, but hackers are growing increasingly more sophisticated.

"Manufacturers need to ensure that any smart product sold is secure by design."
Which? said it had contacted the manufacturers of the eight affected products to alert them to the security flaws.

Endorsed by the Law Society

The ABI is the only association in this industry to be endorsed by the Law Society of England and Wales, and included in the Law Society of Scotland's approved Supplier Scheme.

The highest independent professional bodies for solicitors put their trust in us. We’re confident you can do the same.

Law Society logo
Scotland Law Society logo
Thank you, your message has been sent.
A member of our team will be in touch shortly.
Loading...
Working...