Security flaw found in Virgin Media Super Hub 2
A SERIOUS security vulnerability has been found in Virgin Media's newest Netgear router.
Paul Moore, an IT consultant, discovered that the Super Hub 2 router can leak user's security information every time the device is rebooted.
The security issue arises due to the device bringing up the wireless network without using any form of encryption, allowing anyone located nearby to view the user's password.
This problem presents a range of security worries for those using the device and, Moore warns on his blog, means hackers can force the devices to reboot, allowing them to steal the passwords.
Which customers are affected?
Somewhat thankfully, the security problem is only found in the Netgear VMDG485 router and modem, promoted and sold by Virgin Media as the Super Hub 2.
It's easy for customers to find out whether they're using that device.
The most effective way is to simply look on the bottom of the router where the model number is listed.
If customers are unsure about whether they are affected or not, they can ring the Virgin Media customer service line to establish the product they're using.
Virgin Media responded to the security threat to their customers by promising an update soon.
"The security of our services is of the highest importance and we are working with Netgear to develop and test a software update which will initialise encryption immediately from reboot and this is close to being issued," the broadband provider said in a statement.
Fixing the problem
Those that want to fix the issue before Virgin Media issue an update, which could be a few months, can do so fairly easily, however.
They just need to change their password through the modem setting page, often available by browsing to: http://192.168.0.1/.
The account requires a login and, if the default details are still in place, these can be found on the modem itself.
The password can then be changed in the Super Hub settings section (click on the large red icon). We've got some tips on creating a strong password here.
Virgin Media say that they encourage all customers to change their default passwords when their routers are first installed.
In practice, however, many continue to use their default settings.
Not so super Super Hub?
Virgin Media's Super Hub is generally regarded positively - see, for example, our quick comparison here - and even beats other popular routers in some tests.
For example, in September last year, researchers at the University of Bristol carried out a range of tests on household routers to determine the best performing device available to consumers and found that the Virgin Media Super Hub offered the best home wi-fi.
The router provided speeds that were 30% faster than its closest rival the BT Home Hub 4 and also beat similar products offered by Sky Broadband and TalkTalk, the researchers found, as shown in the table below.
using 2.4GHz default mode
However, the device has also been beset by a range of problems over the past few years.
Virgin Media have already issued a number of firmware patches to solve a number of very serious faults.
In 2012, for example, the provider released the R37 update, which included key fixes for a number of issues with the device including:
- Corrupt downloads, an error which was fixed by Virgin switching on NAT acceleration.
- Interoperability issues with certain VoIP SIP phones.
- A wireless connectivity issue which required users to restart their Super Hub when connection problems occurred.
- The device randomly restarting, causing users a loss of connection.
Virgin Media say they're working to develop new fixes for this latest error as their "highest priority".
Please read our full disclaimer for important information that relates to the service we provide and your use of this site.
We aim to provide free reviews and comparisons of consumer products and to keep our editorial content as objective as possible. To keep the site free, we are paid by some providers when new customers take products after they've clicked on our links. We don't allow our editorial content to be affected by those links, however we may not include all of the products available in the market. Finally, we do not submit or process any applications for any products or services and we cannot guarantee that any product or service listed on this website will be available to you. Credit providers make the final decision on whether an application for credit will be accepted.
If you would like to get in touch with us you can contact us here.