A Which? investigation has found that Virgin Media's Super Hub 2 router can be hacked in a matter of daysif it's left with thedefault password that's printed on the router. In response to our research, Virgin is advising all Super Hub 2 users to change their password to improve their network security.
In our hacking investigation, we targeted areal home that used theVirgin Media Super Hub 2 router for itscable broadband.The user had remainedon the relatively weak default password -only eight characters long, using just lowercase letters from an A-Z alphabet, with two letters removed.
Using publicly available hacking tools that can be foundon the web, we were able to crack the router password in just a few days. We were also able tolog in to the router's configuration page, sincethe default password for doing so is shared across all Super Hub 2 devices.
As with all home routers, the Virgin Super Hub 2 is agateway to yourhome network. Hack this, and you can potentially have access to other devices inside the home.
Following our successful hack of the Virgin router, we were effectively inside the home network and could target other connected devices. In the age of smart devices and the 'internet of things', this sort of security vulnerability is particularly concerning.
The good news is that since we made Virgin Media aware of the vulnerability, the company has been quick to respond. Its newer Super Hub 3.0 isfar more secure (see more below), and Virgin Media is upgrading customers to this device.But in the meantime, it's also advising Super Hub 2 owners to change their passwords.
Virgin Media told us that there are approximately 864,000 Super Hub 2 routers in customer homes, although those numbers are falling as more customers are upgraded to the Hub 3.0.
The Super Hub 3.0 uses much stronger passwords than its predecessor. These are, by default, 12 characters long, with a mix of cases and numbers. This has significantlyimproved security, as confirmed by our own tests. While it took mere days for us to crackthe Super Hub 2 password, using the same approach it wouldtake 262m years to breach the Hub 3.
AVirginMediaspokesperson said: 'The security of our network and of our customers is of paramount importance to us. We continually upgrade our systems and equipment to ensure that we meet all current industry standards.
'To the extent that technology allows this to be done, we regularly support our customers through advice, firmware and software updates, and offer them the chance to upgrade to a Hub 3.0 which contains additional security provisions.'
If you have a Super Hub 2 in your home, don't panic. The chances of you being hacked arestill, thankfully, very low. However, in response to our findings, Virgin Media has said it will urgecustomers with a Super Hub 2 to change their default network and router passwords.
Make sure your new password hasat least 12 characters, and includes a mix of upper and lower case letters, plus numbers. Find out how to set a new passwordbelow.
1. Connect your computer to the Super Hub with an ethernet cable.
2. Enter the web address on the Super Hub sticker to access the settings page. Click on 'Wireless Network Settings'.
3. Enter your new password into the box marked 'passphrase'.
4. Restart all devices connected to the Super Hub and enter the new wi-fi password to get back online. You can also now disconnect your computer from the Hub.
The settings page also offersadditional security features, such as seeing what devices are currently connected to your wi-fi, and the ability to block your wi-fi name from being displayed to anyone snooping in.