Virgin Media advises customers over hacking risk

Technology > Security

Virgin Media has advised more than 800,000 customers with a specific router to change their password immediately after ethical security researchers SureCloud gained access to the Super Hub 2.

 

The “hack” was just one of the tests done by consumer group Which? The study tested popular smart gadgets and appliances, including wireless cameras, a smart padlock and a children's Bluetooth toy. Some of the devices proved harder than others to infiltrate, such as the Amazon Echo, but eight out of 15 appliances were found to have at least one security flaw.

Based on their investigation, Which? found that hackers could access home networks and connected appliances in as little as four days.  They said the industry needs to secure these products  by addressing the basics such as ensuring devices required a unique password before use, using two-factor authentication, and issuing regular security updates for software.

For its part, Virgin Media said the issue existed with other routers of the same age, not just their model.  The company downplayed the risk to customers with a Super Hub 2 router as "small" but advised them to change both their network and router passwords if they were still set as the default shown on the attached sticker.  

A Virgin Media spokesman said customers are also offered “the chance to upgrade to a Hub 3.0 which contains additional security provisions."

Alex Neill, Which? managing director of home products and services, said, some of smart-home gadgets and devices tested are vulnerable and offer little or no security.  "Manufacturers need to ensure that any smart product sold is secure by design."

The test found that the Fredi Megapix home CCTV camera system operated over the internet using a default administrator account without a password, and Which? found thousands of similar cameras available for anyone to watch the live feed over the internet. The watchdog said that "worse still" a hacker could even pan and tilt the cameras to monitor activity in the house.

 

SureCloud hacked the CloudPets stuffed toy, which allows family and friends to send messages to a child via Bluetooth and made it play its own voice messages.

 

Which? said it contacted the manufacturers of eight affected products to alert them to flaws as part of the investigation, with the majority updating their software and security.  

Image by: LaBeta / Flickr