General : Virgin Media urges password change over hacking risk

[admars]

Virgin Media urges password change over hacking risk

http://www.bbc.co.uk/news/uk-40371373

Quote:

Virgin Media has told 800,000 customers to change their passwords to protect against being hacked.
An investigation by Which? found that hackers could access the provider's Super Hub 2 router, allowing access to users' smart appliances.
A child's toy and domestic CCTV cameras were among the vulnerable devices.
Virgin Media said the risk was small but advised customers using default network and router passwords to update them immediately.

[iadom]

Is this the wifi password or the router login password?

[Mr K]

Them seem to think they fixed the flaws last week ??
https://www.uswitch.com/broadband/ne...security_flaw/

Quote:

Virgin Media has assured customers with a Super Hub router that a security flaw has been resolved.

Researchers from Context Information Security found vulnerabilities in the Super Hub 2 and Super Hub 2AC that meant hackers could monitor traffic going in and out of the device.

This was possible because, although configuration back-ups had been encrypted, the private encryption key was identical across all UK hubs.

Virgin Media has now deployed a firmware patch that addresses this shortcoming and assured customers they are no longer at risk.

Need to make their minds up, is it secure or not?

[admars]

it would be sensible to change both from the default

[Stuart]

It's a good idea to change your password anyway, as if the hackers have the config of the router, they will have your old password.

[iadom]

Did change my router login password from the default as soon as I got this hub a while back.

[denphone]

Quote:

Originally Posted by Stuart

It's a good idea to change your password anyway, as if the hackers have the config of the router, they will have your old password.

l gather this flaw does not affect the SH3?.

[Mr K]

Done, another password to forget though (!)

The BBC report is rubbish - 'Virgin Media has told 800,000 customers' - they haven't told me - found out via BBC News....

[iadom]

May need to check my daughters hub for router login, was the router login password default 'password' or 'changeme' ?

[General Maximus]

Quote:

Originally Posted by Mr K

The BBC report is rubbish - 'Virgin Media has told 800,000 customers' - they haven't told me

Me neither, no letters or emails or anything. This is the first I have heard about it. I am not stupid enough though to lave the default passwords in place, the very first thing I did when I got my shub was change the password and put it in modem mode

[Mr K]

Quote:

Originally Posted by General Maximus

Me neither, no letters or emails or anything. This is the first I have heard about it. I am not stupid enough though to lave the default passwords in place, the very first thing I did when I got my shub was change the password and put it in modem mode

yes i'm in modem mode, begs the question, is this an issue if you are in Modem mode ? best to change it anyway i guess.

[General Maximus]

I don't so because in order to get to the device on your network they still need to go through your proper router.

[Osem]

We have one of these but I don't remember any of the set up so how do I check? Could someone post some clear simple information as to what users need to do and how to do it please? I have just checked an we are still using a code which is stamped on the bottom of the SH when we need to access wi-fi. Is this what needs to be changed, something else or both? Cheers as always.

[BenMcr]

This is talking about the default passwords printed on the bottom - mainly the wireless one, but it's also sense to update the admin one at the same time.

Details about how to change the Wireless password on all Virgin Media's Hubs are here:
https://help.virginmedia.com/system/...eless-password

And on the forum here http://community.virginmedia.com/t5/...e/ba-p/3456004

And here is how to change the admin page password:
https://help.virginmedia.com/system/...-page-password

What's missing from the BBC report is that it still took Which days to discover the default password:
http://www.which.co.uk/news/2017/06/...ssword-change/

Quote:

Using publicly available hacking tools that can be found on the web, we were able to crack the router password in just a few days.

[JPAC]

This seems to suggest you can have an SH3 just for asking, true/false?