Menu
Reply
  • 1
  • 0
  • 0
jimjutton
Joining in
570 Views
Message 1 of 13
Flag for a moderator

Hacking Risk reported for Super Hub 2

Hi All, I read yesterday in the Oxford Mail that there is a hacking risk issue with the Super Hub 2, which I have.  VM are said to be contacting customers - has anyone out there had contact?  What do we need to do to reduce the risk?  Cheers, Jim.

0 Kudos
Reply

Helpful Answers
  • 9.01K
  • 760
  • 1.88K
Superuser
Superuser
1,004 Views
Message 5 of 13
Flag for a moderator
Helpful Answer

Re: Hacking Risk reported for Super Hub 2

The vunerabilty is not with the hub itself, but that it's default wireless  password is a 8 character lowercase string, giving a mere 208 thousand million permutations. The "hack" took a professional security team using cutting edge technology to brute force the wireless password 4 days to crack.. This "vunerability" would apply to every device that uses a 8  character lowercase wireless password.

As long as you are using a stronger wireless password using a random mixture of upper and lower case characters and numbers you should be safe as possible. Obviously thr longer the password the better.

 

0 Kudos
Reply

All Replies
  • 21.65K
  • 780
  • 3.1K
Superuser
Superuser
567 Views
Message 2 of 13
Flag for a moderator

Re: Hacking Risk reported for Super Hub 2

vm have not said they are contacting users. Witch said VM said they are telling users. Witch Lied. Shocking
Highlighted
  • 4.94K
  • 146
  • 1.68K
Community Lead
Community Lead
551 Views
Message 3 of 13
Flag for a moderator

Re: Hacking Risk reported for Super Hub 2

Hi @jimjutton

Check out this article for all the steps you need to take:
Https://virg.in/extrasafe

New around here? To find out more about the Community check out our Getting Started guide


0 Kudos
Reply
  • 40
  • 0
  • 1
jeallen01
Tuning in
541 Views
Message 4 of 13
Flag for a moderator

Re: Hacking Risk reported for Super Hub 2

A question: if, like me, you only use the SuperHub 2 as a cable modem feeding a separate (and better!) wired/wireless router with it's own strong access p/w's , am I correct in assuming that (since it is several years since I got the SuperHub and set it up as a modem only because that works better for my LAN, but I can't remember what I did to "get there"!) the password hack vulnerability is not an issue in those circumstances?

Thanks in advance for any comments and advice.

0 Kudos
Reply
  • 9.01K
  • 760
  • 1.88K
Superuser
Superuser
1,005 Views
Message 5 of 13
Flag for a moderator
Helpful Answer

Re: Hacking Risk reported for Super Hub 2

The vunerabilty is not with the hub itself, but that it's default wireless  password is a 8 character lowercase string, giving a mere 208 thousand million permutations. The "hack" took a professional security team using cutting edge technology to brute force the wireless password 4 days to crack.. This "vunerability" would apply to every device that uses a 8  character lowercase wireless password.

As long as you are using a stronger wireless password using a random mixture of upper and lower case characters and numbers you should be safe as possible. Obviously thr longer the password the better.

 

0 Kudos
Reply
  • 40
  • 0
  • 1
jeallen01
Tuning in
524 Views
Message 6 of 13
Flag for a moderator

Re: Hacking Risk reported for Super Hub 2

Griffin

Many thanks, and I think I'll take a look at the p/w for the separate router - not that that's weak but I think it could be improved.

OTOH, that, unfortunately, did not address my specific question about the vulnerability of the SuperHub 2 when/after it has been set into modem-mode.

0 Kudos
Reply
  • 114
  • 3
  • 3
katejo
Dialled in
523 Views
Message 7 of 13
Flag for a moderator

Re: Hacking Risk reported for Super Hub 2

But you also need to change the settings password from changeme? If I change my wifi password to a longer chain with letters/numbers/upper/lower case, does that make any difference if I haven't also changed the settings password? Please forgive me if this is a stupid question!
0 Kudos
Reply
  • 4
  • 0
  • 1
Darren_J
Tuning in
511 Views
Message 8 of 13
Flag for a moderator

Re: Hacking Risk reported for Super Hub 2

I don't have any passwords and don't use my superhub as wi-fi but wired, am I still affected?

0 Kudos
Reply
  • 9.01K
  • 760
  • 1.88K
Superuser
Superuser
511 Views
Message 9 of 13
Flag for a moderator

Re: Hacking Risk reported for Super Hub 2


jeallen01 wrote:

Griffin

Many thanks, and I think I'll take a look at the p/w for the separate router - not that that's weak but I think it could be improved.

OTOH, that, unfortunately, did not address my specific question about the vulnerability of the SuperHub 2 when/after it has been set into modem-mode.


As I said above it is not a "vulerability" with the hub, but the length of the default wireless password it uses. The hub in modem mode disables all wireless functions so the "vulnerability" is a moot point as there is no wireless signal to hack. If you set the wireless password to a 8 character lowercase string on your third party router, then your router will have more or less exactly the same "vulnerability" if the hacker is targetting a 8 lowercase password.

0 Kudos
Reply
  • 9.01K
  • 760
  • 1.88K
Superuser
Superuser
494 Views
Message 10 of 13
Flag for a moderator

Re: Hacking Risk reported for Super Hub 2


katejo wrote:
But you also need to change the settings password from changeme? If I change my wifi password to a longer chain with letters/numbers/upper/lower case, does that make any difference if I haven't also changed the settings password? Please forgive me if this is a stupid question!

It is always strongly advisable to change default passwords, however anyone that has physical access to the hub can always reset the hub back to it's default values. to access the router wirelessly. you will need the wireless password first.

Not a stupid question. It makes a huge difference as the only way to crack a WPA2 wireless password is to brute force it, i.e. try every possible permutation until you finally stumble on the correct password.

Using only lowercase letters for a wireless password gives you 26 permutations per password character, using upper and lower case with number gives you 62 permutations per character.

So using a password string of 8 characters gives 208 thousand million  possibilities, 208 billion (26^8)  permutations whilst a 8 character password using a mixture of upper,  lowercase and digits gives you around 218 trillion permutations. Obviously, the permutations rise exponentially with longer passwords.

It took the professional security team 4 days to crack the lowercase password, so by the same token it would take over 4000 days to crack the same length password using a mixture of character.

It is also worth noting not to use common words. preferably using a random mixture of characters to prevent dictonary attacks.

 

 

0 Kudos
Reply