1. Home
  2. UK Do-It-Yourself Forum
  3. Slightly OT: Vitgin Media hub and other routers at risk of being hacked

Slightly OT: Vitgin Media hub and other routers at risk of being hacked

I read that the Virgin Media Super Hub 2 is at risk of being hacked, that other old hubs/routers may be at risk, and that passwords should be changed.

I have a BT Home Hub 4. It has two passwords associated with it: what they call a wireless password/key which has 10 alpha-numeric characters, and the admin password of 8 characters.

Two questions:

Is the BT Home Hub 4 old enough to be susceptible to being hacked in the way that the Virgin Media Super Hub 2 is?

If it is capable of being hacked, which of the two passwords, the wireless or the admin, needs to be changed? Or is it both?

Reply to
Chris Hogg
Loading thread data ...

Certainly change them from the passwords supplied as new. Implementing MAC address filtering so only your known devices can connect ought to help too. My VM hub does not seem very sophisticated in terms of features so I've turned the hub off and just use the modem part to connect to my own hubs/switches/wifi

Reply to
Bob Minchin

I think they mean the admin password, although they normally disable remote admin. My SuperHub1 has ChangeMe as the admin password. With the newer ones they are complaining that 8 characters is vulnerable to a brute force attack, to short. It beats me why they don't have software to prevent a brute force attack.

I thought these routers had ISP admin back doors anyway. So I wouldn't advise using one without another router guarding your home network.

They can often be set into modem mode (bridge mode) to pass stuff direct to your own router, well at least Super hubs can. I'm not sure about the BT Home Hubs.

Reply to
Nick

+1

Cheers, T i m

Reply to
T i m

My ISP hub lives outside my firewall.

Reply to
Huge

It's both.

I don't know about this particular attack, but in the past what was done was do use the MAC address of the router to seed a generator for the password. Get the MAC address - and that's available to anyone connecting to the router - feed it to a stolen copy of the code, and you have the default password.

Andy

Reply to
Vir Campestris

According to

formatting link
it's the wireless passphrase that needs to be changed to something more secure.

There's a link on that page that takes you to the instructions on how to change it .

But if your admin password is still the factory default it really should be changed too.

Reply to
Mike Clarke

Always change default passwords to something else.

Reply to
Mark

In message , at 15:55:29 on Sat, 24 Jun 2017, Mark remarked:

There's a slight difference between default passwords (where every router of that model has the same one) and a unique factory-set password.

This attack appears to be doing a brute-force attack on the latter, perhaps assisted slightly by knowing the length and restricted character set.

Reply to
Roland Perry

In the average home, does it matter?

Reply to
Capitol

En el artículo , Chris Hogg escribió:

Both, especially if you're using the as-supplied defaults.

Reply to
Mike Tomlinson

Many thanks for all the replies. Both passwords now changed for much longer and more-complicated ones.

Reply to
Chris Hogg

Good practice anyway, as the "super" hub is a bit shit really.

Reply to
Chris Bartram

Best place for it.

Reply to
Chris Bartram

My ISP hub lives in the shed. I only got it when we changed ISP so that I could confirm things were up and running okay before I reconfigured our own, so it was only connected for about half an hour.

SteveW

Reply to
Steve Walker

HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.