Discus Systems PLC - IT Support Company in Birmingham West midlands
0800 880 3360
Virgin Media fixes Super Hub security flaw uncovered by researchers
Posted by Damien Biddulph on Tue 13th Jun 2017


  Business IT Support (4 hour response)
Server Support £166.00 + VAT per month
Workstation Support £20.00 + VAT per month
Cloud Service Support £66.00 + VAT per month
On-site Technican £680.00 + VAT per day

Please call 0800 880 3360 (01675430080) for more information or email u2us@discus.co.uk

Arrange A Callback
Your Name:
E-Mail Address:
Tel Number:
Mobile Number:

Click 'Call Me' to request a callback.

Unpatched Virgin Media Super Hub uses single encryption key, warn researchers

Virgin Media fixes Super Hub security flaw uncovered by researchers

Virgin Media fixes Super Hub security flaw uncovered by researchers

Virgin Media has rushed out patches to secure its Super Hub routers after researchers found a glaring security flaw that would enable attackers to gain full administrative rights to every Virgin Media Super Hub in the UK. 

Researchers at Context Information Security found that, following an investigation in which the box firmware was reversed engineered, they were able to gain access by restoring backups of user configurations, such as port forwarding and dynamic DNS.

The issue was caused because the encryption key is identical for all Super Hubs, meaning that if an attacker could takeover one, they could take over every single Virgin Media router. 

At its worst, the access available could allow an intruder to access the entire network and change settings on anything that was attached.

Andy Monaghan, a principal security researcher at Context said: "The Super Hub represents the default home router offering from one of the UK's largest ISPs and is therefore present in millions of UK households, making it a prime target for attackers.

"While ISP-provided routers like this are generally subject to more security testing than a typical off-the-shelf home router, our research shows that a determined attacker can find flaws such as this using inexpensive equipment."

"ISPs will always be at the mercy of their hardware suppliers to some extent," said Jan Mitchell, a senior researcher at Context.

"Recent press coverage of attacks such as the Mirai worm highlights the importance to vendors of carrying out independent security testing of their products to reduce the likelihood of exploitation in production devices. Thankfully, Virgin Media was quick to respond to Context's findings and start the remediation process."

A spokeperson for Virgin Media said, in a statement: "As made clear in Context's blog post, Virgin Media has deployed a firmware patch to our SuperHub 2 and 2AC routers that addresses this issue.

We take the security of our customers very seriously and experts within our organisation often work with trusted third-parties to help keep our customers as secure as possible. We thank Context for their professionalism and cooperation."

So just to confirm, although there was an issue, thanks to Context, Virgin Media has now been able to fix it and as long as you're not stopping your router from updating to the latest software version, you've nothing to worry about. 

Virgin Media recently announced it was to make customer's routers into public hotspots, in the same way as BT does with FON. 

Source: v3.co.uk



corner spacer corner

Veeam Specialist Microsoft Small Business Specialists Birmingham Microsoft Gold Certified Partner Birmingham Siemens Solution 1 Reseller Birmingham Sonicwall Specialists Birmingham Business Link Approved Birmingham Fujitsu Primergy Certified Partner Birmingham Facebook Follow us on Twitter ESET NOD32 VMWare
IT Support
IT Services
IT Solutions
Get Support Now
© 2018 Discus Systems plc. All rights reserved. Content Management by Verve Digital