Virgin Media router security flap follows weak password expose Virgin Media has urged 800,000 customers to change their passwords to guard against possible hacking attack. The move follows an investigation by consumer mag Which? that discovered hackers could access the UK cableco's Super Hub 2 router, allowing access to IoT devices connected through the same home network. The issue stems …
One of the companies I worked at, the remote users were supplied with internet access via virgin media so that they could work remotely. After a software update on the routers, the vpn stopped working.
After I got remote access, via teamviewer, I logged on to the router with the default password and ticked the box to allow vpn connections. All the sales droids asked how I knew their router password, my reply was it was the default one that was listed on the virgin website and perhaps they had better change it.
... on the folks who use the ISP-supplied router. It's good that El Reg readership includes people who are not necessarily techies, but who still have curiosity enough to be here.
And if you think the Virgin Routers are crummy, Sky is even worse. We have both connections to this house (can't afford to be offline) and I use a Draytek router for load balance and redundancy, and while the Virgin hub did at least allow me to set it to Modem-Only mode, the POS that Sky provided won't even let you do that. Bypassing Sky's rubbish was tedious, to say the least.
(But yes, for those who are wondering: the router supplied by your ISP will work, but it will be cheap, nasty, crippled and probably horribly vulnerable.)
I may be wrong (probably am!) but is the other issue resolved?
i.e the one whereby when the router powers up, for 7 seconds or so, there is no encryption set on the WiFi? o_O
Thus, if you are quick enough, you can get onto the WLAN - and then (again, if quick enough) - either use the default web admin password to find a WLAN password (even if it's been changed), so you can then reconnect shortly after, or do a quick network probe? Granted that's a tight window of opportunity, but still!
[EDIT] Ah yes - a powershell to reboot a SuperHub - if you know the password. Assume it's default, and a bit of cross site jiggery-pokery with a form post/social engineering - and away you go, router reboots, WLAN available briefly...[/EDIT]
Personally, opt for "SACM" (standalone cable modem) mode and use my own WiFi. I'd still be using 802.1x EAP too if the firmware I use was updated to not break RADIUS :( (choice of stick with RADIUS but keep other vulns active, or upgrade and lose RADIUS)
If you don't have your own router, change the WiFi AND admin passwords - which should be standard OpSec anyway. It wouldn't be that hard for device manufacturers to trap all web traffic when the thing is in "default" mode and force passwords to change, before letting it go fully operational....
"If you don't have your own router, change the WiFi AND admin passwords - which should be standard OpSec anyway. It wouldn't be that hard for device manufacturers to trap all web traffic when the thing is in "default" mode and force passwords to change, before letting it go fully operational...."
Unless people are so used to "plug and play" that they plug it in and keep complaining that instead of the Web they get these weird gibberish screens. MUST BE BROKEN! SEND IT BACK!
It's hard to deal with BOTH security AND stupidity, and recall that consumer-level tech has to deal with LOTS of stupid.
There seems to be a lot of complaining, lets break it down:
Weak (short) default password - bad - potentially 'easy' to crack
Solution exists? - yes (change it)
Weak admin password (changeme) - bad - if you are on the network and it hasn't been changed, you can get admin access
Solution exists? - yes (change it - it even tells you too!)
So... standard procedure is to change both.
What other problems have people complained about?
Poor wifi? not in my experience, 2 floors away and still getting near max throughput over Wifi - Steam home streaming at 1080p at that range works even better than I expected, odd dropped packet, but nothing really noticable, maybe one 'glitch' every 5 minutes. and running Cat 6 all the way up the stairs did nothing to improve the latency. Network benchmarks show that wireless transfer operates at near max data rates too over the same connection. No problems there for me.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
