Menu
Reply
Joining in
  • 1
  • 0
  • 0
Registered: ‎24-06-2017
Message 1 of 13 (347 Views)

Hacking Risk reported for Super Hub 2

Hi All, I read yesterday in the Oxford Mail that there is a hacking risk issue with the Super Hub 2, which I have.  VM are said to be contacting customers - has anyone out there had contact?  What do we need to do to reduce the risk?  Cheers, Jim.

Reply
0 Kudos

Accepted Solutions
Superuser
  • 8.19K
  • 651
  • 1.7K
Registered: ‎17-10-2010
Message 5 of 13 (558 Views)
Helpful Answer
confirmed by James_W (Community Lead)
‎24-06-2017 23:07

Re: Hacking Risk reported for Super Hub 2

The vunerabilty is not with the hub itself, but that it's default wireless  password is a 8 character lowercase string, giving a mere 208 thousand million permutations. The "hack" took a professional security team using cutting edge technology to brute force the wireless password 4 days to crack.. This "vunerability" would apply to every device that uses a 8  character lowercase wireless password.

As long as you are using a stronger wireless password using a random mixture of upper and lower case characters and numbers you should be safe as possible. Obviously thr longer the password the better.

 

See where this Helpful Answer was posted

Reply
0 Kudos

All Replies
Superuser
  • 20.89K
  • 713
  • 2.94K
Registered: ‎03-05-2010
Message 2 of 13 (344 Views)

Re: Hacking Risk reported for Super Hub 2

vm have not said they are contacting users. Witch said VM said they are telling users. Witch Lied. Shocking
Highlighted
Community Lead
  • 4.86K
  • 143
  • 1.64K
Registered: ‎27-06-2012
Message 3 of 13 (328 Views)

Re: Hacking Risk reported for Super Hub 2

Hi @jimjutton

Check out this article for all the steps you need to take:
Https://virg.in/extrasafe

New around here? To find out more about the Community check out our Getting Started guide


Reply
0 Kudos
Tuning in
  • 34
  • 0
  • 1
Registered: ‎05-05-2011
Message 4 of 13 (318 Views)

Re: Hacking Risk reported for Super Hub 2

[ Edited ]

A question: if, like me, you only use the SuperHub 2 as a cable modem feeding a separate (and better!) wired/wireless router with it's own strong access p/w's , am I correct in assuming that (since it is several years since I got the SuperHub and set it up as a modem only because that works better for my LAN, but I can't remember what I did to "get there"!) the password hack vulnerability is not an issue in those circumstances?

Thanks in advance for any comments and advice.

Reply
0 Kudos
Superuser
  • 8.19K
  • 651
  • 1.7K
Registered: ‎17-10-2010
Message 5 of 13 (559 Views)
Helpful Answer
confirmed by James_W (Community Lead)
‎24-06-2017 23:07

Re: Hacking Risk reported for Super Hub 2

The vunerabilty is not with the hub itself, but that it's default wireless  password is a 8 character lowercase string, giving a mere 208 thousand million permutations. The "hack" took a professional security team using cutting edge technology to brute force the wireless password 4 days to crack.. This "vunerability" would apply to every device that uses a 8  character lowercase wireless password.

As long as you are using a stronger wireless password using a random mixture of upper and lower case characters and numbers you should be safe as possible. Obviously thr longer the password the better.

 

Reply
0 Kudos
Tuning in
  • 34
  • 0
  • 1
Registered: ‎05-05-2011
Message 6 of 13 (301 Views)

Re: Hacking Risk reported for Super Hub 2

[ Edited ]

Griffin

Many thanks, and I think I'll take a look at the p/w for the separate router - not that that's weak but I think it could be improved.

OTOH, that, unfortunately, did not address my specific question about the vulnerability of the SuperHub 2 when/after it has been set into modem-mode.

Reply
0 Kudos
Dialled in
  • 114
  • 3
  • 3
Registered: ‎02-01-2012
Message 7 of 13 (300 Views)

Re: Hacking Risk reported for Super Hub 2

But you also need to change the settings password from changeme? If I change my wifi password to a longer chain with letters/numbers/upper/lower case, does that make any difference if I haven't also changed the settings password? Please forgive me if this is a stupid question!
Reply
0 Kudos
Tuning in
  • 4
  • 0
  • 1
Registered: ‎21-11-2015
Message 8 of 13 (288 Views)

Re: Hacking Risk reported for Super Hub 2

I don't have any passwords and don't use my superhub as wi-fi but wired, am I still affected?

Reply
0 Kudos
Superuser
  • 8.19K
  • 651
  • 1.7K
Registered: ‎17-10-2010
Message 9 of 13 (288 Views)

Re: Hacking Risk reported for Super Hub 2

[ Edited ]

jeallen01 wrote:

Griffin

Many thanks, and I think I'll take a look at the p/w for the separate router - not that that's weak but I think it could be improved.

OTOH, that, unfortunately, did not address my specific question about the vulnerability of the SuperHub 2 when/after it has been set into modem-mode.


As I said above it is not a "vulerability" with the hub, but the length of the default wireless password it uses. The hub in modem mode disables all wireless functions so the "vulnerability" is a moot point as there is no wireless signal to hack. If you set the wireless password to a 8 character lowercase string on your third party router, then your router will have more or less exactly the same "vulnerability" if the hacker is targetting a 8 lowercase password.

Reply
0 Kudos
Superuser
  • 8.19K
  • 651
  • 1.7K
Registered: ‎17-10-2010
Message 10 of 13 (271 Views)

Re: Hacking Risk reported for Super Hub 2


katejo wrote:
But you also need to change the settings password from changeme? If I change my wifi password to a longer chain with letters/numbers/upper/lower case, does that make any difference if I haven't also changed the settings password? Please forgive me if this is a stupid question!

It is always strongly advisable to change default passwords, however anyone that has physical access to the hub can always reset the hub back to it's default values. to access the router wirelessly. you will need the wireless password first.

Not a stupid question. It makes a huge difference as the only way to crack a WPA2 wireless password is to brute force it, i.e. try every possible permutation until you finally stumble on the correct password.

Using only lowercase letters for a wireless password gives you 26 permutations per password character, using upper and lower case with number gives you 62 permutations per character.

So using a password string of 8 characters gives 208 thousand million  possibilities, 208 billion (26^8)  permutations whilst a 8 character password using a mixture of upper,  lowercase and digits gives you around 218 trillion permutations. Obviously, the permutations rise exponentially with longer passwords.

It took the professional security team 4 days to crack the lowercase password, so by the same token it would take over 4000 days to crack the same length password using a mixture of character.

It is also worth noting not to use common words. preferably using a random mixture of characters to prevent dictonary attacks.

 

 

Reply
0 Kudos