All Sections

Virgin Media Super Hub 2 bug: You’ll want to change your admin password ASAP

If you’ve got a Virgin Media Super Hub 2 and you’ve NOT changed the default admin password (if not, why not?) then you’ll want to change it right now. 

An IT consultant has unearthed an exploit which could allow hackers access to take control of your router and redirect web users from genuine websites to pages full of malware. 

Luckily, the window in which an attacker would need to successfully execute an attack is small. But the possibility of being compromised remains and pending the release of an official firmware patch, a determined hacker could easily take over your Super Hub 2 by forcing it to reboot. 

Virgin Media Super Hub 2 bug: You’ll want to change your admin password ASAP
Seven seconds is all it takes: Change your Super Hub 2’s passwords if you’ve not done so already

During the boot up process, the Super Hub 2 leaks its WiFi password credentials for seven seconds. Once armed, an attacker could then gain access to your network and cause all kinds of havoc, including accessing illegal content which could earn you, the officially registered subscriber, a visit from the law.  

Consultant Paul Moore spoke to IT industry news site The Register, detailing how easy it would be for somebody who wanted to take control of your wireless router. Moore said: 

“Although the damage potential is high, the chances of it actually happening are low. It can be exploited with just a browser and the right set of circumstances… but the attacker would need an ideal environment – strong signal, minimal load on the router, etc – for an exploit to be successful.”

Unless you’ve positioned your router in such a way that it’d be easy for somebody to stand outside your house and force a reboot, this is unlikely to happen. 

Moore says that preventing an attack succeeding simply requires you to change the default admin password of your Super Hub 2. 

If you followed Virgin Media’s instructions to the letter when set your Superhub 2 up in the first place, you should have already done this. If not then, Virgin Media has a set of instructions on its site showing you how to do this. 

A post on Moore’s blog Rambling Rant provides a more succinct explainer: 

Visit http://192.168.100.1 in your browser.
1.  Login as usual.  As you know, the default password is “changeme”.
2.  Click “Advanced Settings”
3.  Scroll down to “Device Management” -> “User Interface Management”
4.  Enter a new password and hit “Save”.
5.  Click “Home”
6.  Click “Wireless Network Settings”
7.  Enter a new “Passphrase or Security Key” for both the 2.4 & 5GHz networks.
8.  Click “Save Settings”.
9.  You’ll need to enter this new key into each wireless device to restore your connection.

Virgin Media and Super Hub 2 makers Netgear are currently working on a patch. 

Comments