Hackers could have exploited the flaw to gain administrative access to affected home hubs
A security flaw has been discovered in a brace of Virgin Media wireless routers that allowed unauthorised administrative-level access the home hubs.
Discovered by Context Information Security through reverse engineering the software on the Virgin Media Super Hub 2 and Super Hub 2AC wireless routers, a flaw in the backup feature of the devices allowed hackers to download the router configurations, such as dynamic DNS and port forwarding settings.
Though such backups are encrypted, the encryption key is the same for all of the routers, meaning hackers with administrative access to the vulnerable routers could get access to the backups information, add their own instructions to it then restore the backup to the hub, thereby compromising it.
Hackers with this access could gain remote access to the targeted hub and monitor all network traffic to and from the device.
“The Super Hub represents the default home router offering from one of the UK’s largest ISPs and is therefore present in millions of UK households, making it a prime target for attackers. While ISP-provided routers like this are generally subject to more security testing than a typical off-the-shelf home router, our research shows that a determined attacker can find flaws such as this using inexpensive equipment,” said Andy Monaghan, a principal security researcher at Context.
The cyber security firm notified Virgin Media of the flaw, and the telecoms company rapidly pushed out a patch to plug the security hole.
“Virgin Media has deployed a firmware patch to our SuperHub 2 and 2AC routers that addresses this issue,” a Virgin Media spokesperson told Silicon.
“We take the security of our customers very seriously and experts within our organisation often work with trusted third-parties to help keep our customers as secure as possible. We thank Context for their professionalism and cooperation.”
Router of all evil
Netgear is the provider of routers to Virgin Media, so it would appear that the flaw originated from it rather than a a problem introduced by Virgin Media.
“[Internet Service Providers] will always be at the mercy of their hardware suppliers to some extent,” said Jan Mitchell, a senior researcher at Context. “Recent press coverage of attacks such as the Mirai worm highlights the importance to vendors of carrying out independent security testing of their products to reduce the likelihood of exploitation in production devices. Thankfully, Virgin Media was quick to respond to Context’s findings and start the remediation process.”
So far there have been no reports of the routers being hijacked by hackers out in the wild, so it would appear Virgin Media’s rapid response helped it dodge a nasty cyber security bullet.
TalkTalk has not been so lucky with its routers, as most of the Mirai botnet in the UK consist of routers from TalkTalk.
Are you a security pro? Try our quiz!