VIRGIN MEDIA ROUTERS have been found to be vulnerable to a significant flaw which could allow unwelcome administrative access to the 'SuperHub' machines.
Researchers from Context Information Security revealed that, following an investigation in which the box firmware was reversed engineered, they were able to gain access by restoring backups of user configurations such as port forwarding and dynamic DNS.
The issue was caused because the encryption key was identical for all Super Hubs, meaning if you'd pwned one, you'd pwned every single Virgin Media router.
At its worst, the access available could allow an intruder to access the entire network and change settings on anything that was attached.
Andy Monaghan, a principal security researcher at Context said: "The Super Hub represents the default home router offering from one of the UK's largest ISPs and is therefore present in millions of UK households, making it a prime target for attackers.
"While ISP-provided routers like this are generally subject to more security testing than a typical off-the-shelf home router, our research shows that a determined attacker can find flaws such as this using inexpensive equipment."
"ISPs will always be at the mercy of their hardware suppliers to some extent," said Jan Mitchell, a senior researcher at Context.
"Recent press coverage of attacks such as the Mirai worm highlights the importance to vendors of carrying out independent security testing of their products to reduce the likelihood of exploitation in production devices. Thankfully, Virgin Media was quick to respond to Context's findings and start the remediation process."
A spokeperson for Virgin Media said in a statement given to INQ: "As made clear in Context's blog post, Virgin Media has deployed a firmware patch to our SuperHub 2 and 2AC routers that addresses this issue. We take the security of our customers very seriously and experts within our organisation often work with trusted third-parties to help keep our customers as secure as possible. We thank Context for their professionalism and cooperation."
So just to confirm, although there was an issue, thanks to Context, Virgin Media has now been able to fix it and as long as you're not stopping your router from updating to the latest software version, you've nothing to worry about. µ
Virgin Media recently announced it was to make customer's routers into public hotspots, in the same way as BT does with FON. µ
The IoT has gone unsecured for too long, says DCMS and NCSC
Mobile-friendly app will offer a 'desktop-class' experience
Alexa, show me half-arsed implementation
Samsung reportedly orders in 6.66in OLED panels