Virgin Media routers contain vulnerability which allows admin access

News by Roi Perez

Security researchers have found that the encryption key used for custom configurations of Virgin Media broadband routers is the same for all hubs across the UK.

A security vulnerability has been discovered in home broadband routers used by Virgin Media customers, which facilitates hackers gaining access to the device's administrator panel.

The researcher who discovered the flaw from Context Information Security says that both the Super Hug 2 and Super Hub 2AC (both of which are made by Netgear) are affected.

Context's Jan Mitchell and Andy Monaghan have released extensive research on the vulnerability, but said in a press release that, “[the] discovered vulnerabilities in a feature allowing users to create backups of their custom configurations - such as port forwarding and dynamic DNS settings – which could be restored at a later date.”

Even though the configuration back-ups are encrypted, the researchers found that the “private encryption key was the same across all hubs in the UK. This meant that an attacker with access to the administrative interface of a user's hub could download a configuration file, add additional instructions to enable remote access and restore the file to the hub.”

Once completed, this process allows access to the router remotely and can be used to monitor internet traffic from any device attached to the router, which includes any computers, phones and other connected devices.

In response to its findings, Context says it was quick to notify Virgin Media of the issue, the telco/broadband/cable TV company released a patch in May 2017 to fix the issue.

Andy Monaghan, principal security researcher at Context said in a press release, “While ISP-provided routers like this are generally subject to more security testing than a typical off-the-shelf home router, our research shows that a determined attacker can find flaws such as this using inexpensive equipment.”

Jan Mitchell, a senior researcher at Context added: “Recent press coverage of attacks such as the Mirai worm highlights the importance to vendors of carrying out independent security testing of their products to reduce the likelihood of exploitation in production devices.”


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews