cancel
Showing results for 
Search instead for 
Did you mean: 

Virgin Media !

rongtw
Seasoned Hero
Posts: 6,336
Thanks: 1,156
Fixes: 11
Registered: 01-12-2010

Virgin Media !

Virgin media , advise change password on router !

http://www.bbc.co.uk/news/uk-40371373

Asus ROG Hero Vii Z97 , Intel i5 4690k ,ROG Asus Strix 1070,
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .
7 REPLIES
Community Veteran
Posts: 38,251
Thanks: 937
Fixes: 56
Registered: 15-06-2007

Re: Virgin Media !

a bit more information from The Times

Virgin Media have told 800,000 customers to change their passwords after it was revealed that hackers could easily gain access to a specific router.

Customers who have the Super Hub 2 router were told that the risk was “small” but they should change the passwords to both their network and router if they were still set to the default password.

The advice comes after a Which? investigation found that the password printed on the sticker on the side of the router contained just eight characters, and consisted of lower case letters from an A to Z alphabet with only two letters removed. This formula makes them vulnerable to hackers.

Community Veteran
Posts: 38,251
Thanks: 937
Fixes: 56
Registered: 15-06-2007

Re: Virgin Media !

Community Veteran
Posts: 4,773
Thanks: 1,055
Fixes: 27
Registered: 16-10-2014

Re: Virgin Media !

According to an update this also affects other ISPs as well, including BT, Sky, TalkTalk and others.

http://www.bbc.co.uk/news/technology-40382877

 

Jonpe
Seasoned Pro
Posts: 1,277
Thanks: 339
Fixes: 2
Registered: 05-09-2016

Re: Virgin Media !

Should we be worried?  The password that my router came with doesn't exactly look like a default one, rather a jumble of random characters.

bjallenby
Aspiring Pro
Posts: 178
Thanks: 76
Registered: 13-05-2017

Re: Virgin Media !

@Jonpe I'm not sure how they generate the default passwords for those devices. But if they're using something like MD5 for random string generation, then it's possible that attackers have found a way to generate similar strings as MD5 is extremely weak.

But any device you connect to the internet should have it's default password and / or login details changed. Even the ones provided by your ISP.

All my own passwords for any account online I have are 16 characters of mixed chars, numbers and punctuation. I use a third party modem/router which the defaults for are admin/admin. The first thing I did was change the login name to a 16 character randomly generated string and the same for the password. A bit of a phaff to set up, but you only do it once in a blue moon.

Edit: From the article @Mook linked.

But others use short passwords with a limited selection of characters, and many follow a pattern than can be identified by attackers.

Seems that whatever hash function they're using to generate the passwords has been discovered. Possibly MD5. Who knows.

So I did a quick google search and see that there's a site that allows you to generate the SSID key based on a particular router brands default SSID name. So if the name is XYZ and they're hashing the SSID key based on the name XYZ with MD5, a particular password is the inevitable outcome. I'm not linking the site. But it's easily found if you know what you're looking for.

Edit 2: Seems I was in the right ball park, found another site were it goes into more detail. From the article they're using the default algorithm to generate both the SSID and the encryption key for the SSID from the device serial number.

In short we have: S/N -> hash -> default SSID and encryption key which can be read as: a hashed version of the router's serial number is generated which is then used to derive both, the default SSID and the default encryption key.

Which hash function they're using though it doesn't say. So I'm just going to keep assuming it's MD5 (but also possibly SHA-1) That's from a 2008 article. I'm assuming it was never fixed by ISPs and hardware manufacturers.

rongtw
Seasoned Hero
Posts: 6,336
Thanks: 1,156
Fixes: 11
Registered: 01-12-2010

Re: Virgin Media !

If you use password that is printed on the router , Time to change it Thumbs Up

Asus ROG Hero Vii Z97 , Intel i5 4690k ,ROG Asus Strix 1070,
samsung 850evo 250gig , WD black 2 TB . Asus Phoebus sound ,
16 gig Avexir ram 2400 , water cooling Corsair H100i gtx ,
Corsair 750HXI Psu , Phanteks Enthoo pro case .
Community Veteran
Posts: 2,924
Thanks: 169
Fixes: 3
Registered: 05-04-2007

Re: Virgin Media !

Thanks for the info, I have one at home - luckily I had already changed the password anyway.

I gave up changing router passwords, such as my parents HubOne as that pull out card thingy is really useful, especially when I can say to someone who wants the WiFi password, to pull out the card thingy over the phone.

I suppose that might not be such a good idea now.