Virgin Media urges password change over hacking risk
23-06-2017, 10:24
|
#16
|
Virgin Media Staff
Join Date: Nov 2006
Location: Manchester
Services: 360 x2, Maxit TV, Sky Sports and Sky Cinema. Gig1
Posts: 17,929
|
Re: Virgin Media urges password change over hacking risk
If you're prepared to pay for it, true. But there is no need to change unless there is another reason to do so.
The SuperHub 2 has the same WPA2 security in it as the Hub 3.0 does.
The difference is the default password on the Hub 3.0 is longer and has more character variation than the SuperHub 2 does by default.
So if you update your wireless password to twelve characters with mix of upper case, lower case and numbers, then it'll be just as secure.
__________________
I work for Virgin Media but all views are my own.
Last edited by BenMcr; 23-06-2017 at 10:28.
|
|
|
23-06-2017, 10:27
|
#17
|
cf.addict
Join Date: Nov 2005
Location: N E Lincs
Posts: 426
|
Re: Virgin Media urges password change over hacking risk
Quote "We regularly support our customers through advice and updates and offer them the chance to upgrade to a Hub 3.0 which contains additional security provisions."
So...how much from a SH2 to SH3?
|
|
|
23-06-2017, 10:32
|
#18
|
Virgin Media Staff
Join Date: Nov 2006
Location: Manchester
Services: 360 x2, Maxit TV, Sky Sports and Sky Cinema. Gig1
Posts: 17,929
|
Re: Virgin Media urges password change over hacking risk
The offer to upgrade to the Hub 3.0 is part of speed and bundle changes e.g. when you go to VIVID 300 you'll get a Hub 3.0.
There is zero need to swap from a SuperHub 2 to a Hub 3.0 if your services don't need it.
__________________
I work for Virgin Media but all views are my own.
|
|
|
23-06-2017, 10:43
|
#19
|
cf.addict
Join Date: Nov 2005
Location: N E Lincs
Posts: 426
|
Re: Virgin Media urges password change over hacking risk
Perhaps you should tell VM PR that instead of everyone with a SH2 calling for a free SH3.
I'll risk it with a SH2 then.
|
|
|
23-06-2017, 11:17
|
#20
|
Inactive
Join Date: Oct 2006
Location: Right here!
Posts: 22,316
|
Re: Virgin Media urges password change over hacking risk
Quote:
Originally Posted by BenMcr
|
TVM Ben.
I'm not panicking but the story reminded me about these passwords and I'm pretty sure we didn't change the default password.
Can I just ask what relevance, if any, the network name (i.e. what shows up our device in the available networks list) has in this. We didn't change that either, it's just the VM generated one (beginning VM...) which appeared during set up. Do we need to change that also or doesn't that matter?
|
|
|
23-06-2017, 11:29
|
#21
|
Virgin Media Staff
Join Date: Nov 2006
Location: Manchester
Services: 360 x2, Maxit TV, Sky Sports and Sky Cinema. Gig1
Posts: 17,929
|
Re: Virgin Media urges password change over hacking risk
The wireless name doesn't really matter.
You can change if you wish, but it's amazing how many people put personal info into the name e.g. 'BenMcr family' or something that's actually more identifiable that leaving it as is
__________________
I work for Virgin Media but all views are my own.
|
|
|
23-06-2017, 12:41
|
#22
|
Inactive
Join Date: Oct 2006
Location: Right here!
Posts: 22,316
|
Re: Virgin Media urges password change over hacking risk
Quote:
Originally Posted by BenMcr
The wireless name doesn't really matter.
You can change if you wish, but it's amazing how many people put personal info into the name e.g. 'BenMcr family' or something that's actually more identifiable that leaving it as is
|
Yes I'd noticed that looking at the other home networks which show up on the list here. Some a really very obvious, one I saw a while back actually included the street address.
|
|
|
23-06-2017, 13:24
|
#23
|
cf.mega poster
Join Date: Jul 2004
Location: Winnersh UK
Services: LL Phone, TiVo, M+ VM mobile, BBand 150M tier Superhub, TIVO 500 M+
Posts: 2,114
|
Re: Virgin Media urges password change over hacking risk
Quote:
Originally Posted by BenMcr
The wireless name doesn't really matter.
You can change if you wish, but it's amazing how many people put personal info into the name e.g. 'BenMcr family' or something that's actually more identifiable that leaving it as is
|
A person in my road has their house number and road name, how crazy is that?
|
|
|
23-06-2017, 14:15
|
#24
|
cf.addict
Join Date: Feb 2005
Location: Oxfordshire
Age: 76
Services: VM XL, Tivo, BB, Prime, Now TV, Tennis TV
Posts: 152
|
Re: Virgin Media urges password change over hacking risk
Not sure I understand how/why this should be an issue.
Presumably the default WiFi password printed on the bottom of the modem/router must be unique to each device - otherwise we would all be connecting to our neighbours' networks all the time. So how does that come to have been compromised?
The settings password is another thing, as the default is obviously common to all devices and the user is invited to change it - as I did at the time.
|
|
|
23-06-2017, 14:34
|
#25
|
cf.mega poster
Join Date: Jul 2004
Location: Winnersh UK
Services: LL Phone, TiVo, M+ VM mobile, BBand 150M tier Superhub, TIVO 500 M+
Posts: 2,114
|
Re: Virgin Media urges password change over hacking risk
Quote:
Originally Posted by Gunslinger
Not sure I understand how/why this should be an issue.
Presumably the default WiFi password printed on the bottom of the modem/router must be unique to each device - otherwise we would all be connecting to our neighbours' networks all the time. So how does that come to have been compromised?
The settings password is another thing, as the default is obviously common to all devices and the user is invited to change it - as I did at the time.
|
The default is changeme or admin and many don't change it.
|
|
|
23-06-2017, 14:50
|
#26
|
Oh Lanky Lanky.
Join Date: Jun 2003
Location: Shaw, Oldham, Lancashire.
Services: 2 V6 running 360. 500mb BB, Phone line, mobile simm.
Posts: 7,957
|
Re: Virgin Media urges password change over hacking risk
Gunslinger is referring to the wifi password, not the router password Ken.
Even though that is unique, at a basic eight letters from 24, all lower case it is not very secure.
Last edited by iadom; 23-06-2017 at 14:53.
|
|
|
23-06-2017, 15:10
|
#27
|
cf.mega poster
Join Date: Jul 2004
Location: Winnersh UK
Services: LL Phone, TiVo, M+ VM mobile, BBand 150M tier Superhub, TIVO 500 M+
Posts: 2,114
|
Re: Virgin Media urges password change over hacking risk
Quote:
Originally Posted by iadom
Gunslinger is referring to the wifi password, not the router password Ken.
Even though that is unique, at a basic eight letters from 24, all lower case it is not very secure.
|
Opps, but if some one got into your router they could then make changes to your wifi password or any other settings.
|
|
|
23-06-2017, 15:16
|
#28
|
cf.mega poster
Join Date: Oct 2009
Posts: 2,065
|
Re: Virgin Media urges password change over hacking risk
Quote:
Originally Posted by Ken W
Opps, but if some one got into your router they could then make changes to your wifi password or any other settings.
|
... So they have to get past your wifi password first to access the Superhub settings or break into your property with a laptop to connect via Ethernet?
|
|
|
23-06-2017, 16:39
|
#29
|
cf.addict
Join Date: Nov 2005
Location: N E Lincs
Posts: 426
|
Re: Virgin Media urges password change over hacking risk
Quote:
Originally Posted by Ken W
A person in my road has their house number and road name, how crazy is that?
|
That's nothing, VM told my neighbour that their password had to be at least 8 characters long and include at least one capital.
She chose, "MickeyMinniePlutoHueyLouieDeweyDonaldGoofyLon don" jk
|
|
|
23-06-2017, 22:12
|
#30
|
cf.member
Join Date: Oct 2008
Posts: 32
|
Re: Virgin Media urges password change over hacking risk
The thing we need to see are the details on what the hack is.
The fact that it takes a few days (i think i read 4 days somewhere) to crack the password seems like a brute force attack, which does make it better as it isn't a flaw like a remote code execution.
So I just looked at my default wifi password on my superhub 2 it is "anyasdwe" (which is a lie as the 5 last characters is different just incase it can be used against me).
It looks like virgin is using an 8 character only lower alpha password. This gives 8^26 combination and according to a http://calc.opensecurityresearch.com cracking a WPA Key will take over 2 years to crack. This is different to a "few days"
Now look at the password I put above, it begins with "any". If Virgin has on all superhub 2 employed a password that has fixed characters somewhere in the password or a predefined set of defaults, this will reduce the complexity of the wifi password. So instead of guessing 8 characters, you might only need to guess 5 characters with the first 3 characters already known from a predefined list that virgin always use. This greatly reduces the time to crack. For example, 5 character password all lower case take just over an hour to break in.
I would like to know from other superhub 2 users if the first three characters of their default password is "any". That will be interesting...
Alternatively, the password could be derived based on the SSID . So maybe there is something in the SSID that could be seeding the password, which again means that a secret is known which greatly reduces the amount of tries it take to crack the password.
But yeah, if you haven't done so already, make sure your wifi password is not the default!
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 03:59.
|