Re: Virgin Media urges password change over hacking risk
 

If you're prepared to pay for it, true. But there is no need to change unless there is another reason to do so.

The SuperHub 2 has the same WPA2 security in it as the Hub 3.0 does.

The difference is the default password on the Hub 3.0 is longer and has more character variation than the SuperHub 2 does by default.

So if you update your wireless password to twelve characters with mix of upper case, lower case and numbers, then it'll be just as secure.

Re: Virgin Media urges password change over hacking risk
 

Quote "We regularly support our customers through advice and updates and offer them the chance to upgrade to a Hub 3.0 which contains additional security provisions."

So...how much from a SH2 to SH3?

Re: Virgin Media urges password change over hacking risk
 

The offer to upgrade to the Hub 3.0 is part of speed and bundle changes e.g. when you go to VIVID 300 you'll get a Hub 3.0.

There is zero need to swap from a SuperHub 2 to a Hub 3.0 if your services don't need it.

Re: Virgin Media urges password change over hacking risk
 

Perhaps you should tell VM PR that instead of everyone with a SH2 calling for a free SH3.

I'll risk it with a SH2 then. ;)

Re: Virgin Media urges password change over hacking risk
 

TVM Ben. :tu:

I'm not panicking but the story reminded me about these passwords and I'm pretty sure we didn't change the default password.

Can I just ask what relevance, if any, the network name (i.e. what shows up our device in the available networks list) has in this. We didn't change that either, it's just the VM generated one (beginning VM...) which appeared during set up. Do we need to change that also or doesn't that matter?

Re: Virgin Media urges password change over hacking risk
 

The wireless name doesn't really matter.

You can change if you wish, but it's amazing how many people put personal info into the name e.g. 'BenMcr family' or something that's actually more identifiable that leaving it as is

Re: Virgin Media urges password change over hacking risk
 

Yes I'd noticed that looking at the other home networks which show up on the list here. Some a really very obvious, one I saw a while back actually included the street address.

Re: Virgin Media urges password change over hacking risk
 

A person in my road has their house number and road name, how crazy is that?

Re: Virgin Media urges password change over hacking risk
 

Not sure I understand how/why this should be an issue.
Presumably the default WiFi password printed on the bottom of the modem/router must be unique to each device - otherwise we would all be connecting to our neighbours' networks all the time. So how does that come to have been compromised?
The settings password is another thing, as the default is obviously common to all devices and the user is invited to change it - as I did at the time.

Re: Virgin Media urges password change over hacking risk
 

The default is changeme or admin and many don't change it.

Re: Virgin Media urges password change over hacking risk
 

Gunslinger is referring to the wifi password, not the router password Ken.

Even though that is unique, at a basic eight letters from 24, all lower case it is not very secure.

Re: Virgin Media urges password change over hacking risk
 

Opps, but if some one got into your router they could then make changes to your wifi password or any other settings.

Re: Virgin Media urges password change over hacking risk
 

... So they have to get past your wifi password first to access the Superhub settings or break into your property with a laptop to connect via Ethernet?

Re: Virgin Media urges password change over hacking risk
 

That's nothing, VM told my neighbour that their password had to be at least 8 characters long and include at least one capital.

She chose, "MickeyMinniePlutoHueyLouieDeweyDonaldGoofyLon don" :) jk

Re: Virgin Media urges password change over hacking risk
 

The thing we need to see are the details on what the hack is.

The fact that it takes a few days (i think i read 4 days somewhere) to crack the password seems like a brute force attack, which does make it better as it isn't a flaw like a remote code execution.

So I just looked at my default wifi password on my superhub 2 it is "anyasdwe" (which is a lie as the 5 last characters is different just incase it can be used against me).

It looks like virgin is using an 8 character only lower alpha password. This gives 8^26 combination and according to a http://calc.opensecurityresearch.com cracking a WPA Key will take over 2 years to crack. This is different to a "few days"

Now look at the password I put above, it begins with "any". If Virgin has on all superhub 2 employed a password that has fixed characters somewhere in the password or a predefined set of defaults, this will reduce the complexity of the wifi password. So instead of guessing 8 characters, you might only need to guess 5 characters with the first 3 characters already known from a predefined list that virgin always use. This greatly reduces the time to crack. For example, 5 character password all lower case take just over an hour to break in.

I would like to know from other superhub 2 users if the first three characters of their default password is "any". That will be interesting...

Alternatively, the password could be derived based on the SSID . So maybe there is something in the SSID that could be seeding the password, which again means that a secret is known which greatly reduces the amount of tries it take to crack the password.

But yeah, if you haven't done so already, make sure your wifi password is not the default!