Virgin Media warns to change your router password

In case you are wondering what Virgin Media is and why it issued such advice, let us briefly explain that it is a popular company offering broadband, TV and smartphone services. It serves for more than 800 000 customers in the UK. Thus, if you happen to be one of them, their recent remarks suggesting to change router passwords should be applicable to you as well.

Change password? Did someone hack Virgin Media?

It all started when an independent customer group called Which? in cooperation with ethical hackers SureCloud presented their findings of the conducted experiment.[1] They found system vulnerabilities in Super Hub 2 router which might have granted hackers access to the devices.

Thus, if, for instance, a computer worm infects the device, all other devices using the same network may end up hacked. Besides Virgin Media routers, Fredi Megapix home CCTV cameras also contained flaws. A smart toy, CloudPets, which speaks out voice messages received via Bluetooth was under hack risk as well after the ethical perpetrators gained access to it.[2]

Fortunately, after getting acquainted with the results, the company has not denied the flaws and ensured to fix them and keep the devices up-to-date.

They also stressed that though the hacking risk was small, users should change their router passwords. Virgin Media spokesman also noted that customers should be able to upgrade to Hub 3.0.

Virgin Media states that vulnerabilities have been eliminated but users should still change their rooter passwords

There were more flaws

Such security warnings are not the first ones. Several days ago, Virgin Media received a warning from Context Information Security researchers Jan Mitchell and Andy Monaghan.[3] They focused on the backup feature. The customers of this company have the ability to customize configuration settings when performing backups.

Ironically, though the configuration differed, the private encryption key happened to be the same in all hubs throughout the entire country. Thus, by acquiring this configuration file and slightly modifying it, a perpetrator could access the hub remotely. In short, this feature would have allowed more experienced perpetrators access millions of devices.

It is commendable that the company is open to critique and immediately responds to warnings and advice. It reported that they had eliminated previously mentioned issues. Meanwhile, while users, IT professionals and software developers join forces to deliver safer and services of high quality, bear in mind these safety tips:

  • Check your smart devices’ manufacturer web page regularly
  • Install the updates once they are released
About the author
Julie Splinters
Julie Splinters - Anti-malware specialist

Julie Splinters is the News Editor of 2-spyware. Her bachelor was English Philology.

Contact Julie Splinters
About the company Esolutions