The investigation focused on the security of various popular smart home gadgets. Which? created its own smart home and asked ethical security company SureCloud to go to town. As well as targeting the gadgets, researchers used freely available tools to probe the router and obtained its original password within a couple of days. As the Super Hub 2’s administrator pages also ship with a common username and password, SureCloud was able to obtain complete access to the target network.
Virgin Media says that the issue isn’t unique to the company’s routers and affects other hubs that are around the same age. A Virgin Media spokesperson said: “The security of our network and of our customers is of paramount importance to us. We continually upgrade our systems and equipment to ensure that we meet all current industry standards.
“To the extent that technology allows this to be done, we regularly support our customers through advice, firmware and software updates, and offer them the chance to upgrade to a Hub 3.0 which contains additional security provisions.”
Currently, there are around 864,000 Super Hub 2 routers in UK homes, although that number is falling as Virgin Media upgrades customers to the Super Hub 3. The newer router utilises 12 character passwords, which are a mix of cases and numbers.
The default Hub 2 offers 8 characters from a standard lowercase A-Z alphabet. Where it took a couple of days to crack the Super Hub 2 password, Which? says doing the same on the current model would take over 250 million years.