Hi All, I read yesterday in the Oxford Mail that there is a hacking risk issue with the Super Hub 2, which I have. VM are said to be contacting customers - has anyone out there had contact? What do we need to do to reduce the risk? Cheers, Jim.
A question: if, like me, you only use the SuperHub 2 as a cable modem feeding a separate (and better!) wired/wireless router with it's own strong access p/w's , am I correct in assuming that (since it is several years since I got the SuperHub and set it up as a modem only because that works better for my LAN, but I can't remember what I did to "get there"!) the password hack vulnerability is not an issue in those circumstances?
The vunerabilty is not with the hub itself, but that it's default wireless password is a 8 character lowercase string, giving a mere 208 thousand million permutations. The "hack" took a professional security team using cutting edge technology to brute force the wireless password 4 days to crack.. This "vunerability" would apply to every device that uses a 8 character lowercase wireless password.
As long as you are using a stronger wireless password using a random mixture of upper and lower case characters and numbers you should be safe as possible. Obviously thr longer the password the better.
But you also need to change the settings password from changeme? If I change my wifi password to a longer chain with letters/numbers/upper/lower case, does that make any difference if I haven't also changed the settings password? Please forgive me if this is a stupid question!
Many thanks, and I think I'll take a look at the p/w for the separate router - not that that's weak but I think it could be improved.
OTOH, that, unfortunately, did not address my specific question about the vulnerability of the SuperHub 2 when/after it has been set into modem-mode.
As I said above it is not a "vulerability" with the hub, but the length of the default wireless password it uses. The hub in modem mode disables all wireless functions so the "vulnerability" is a moot point as there is no wireless signal to hack. If you set the wireless password to a 8 character lowercase string on your third party router, then your router will have more or less exactly the same "vulnerability" if the hacker is targetting a 8 lowercase password.
katejo wrote: But you also need to change the settings password from changeme? If I change my wifi password to a longer chain with letters/numbers/upper/lower case, does that make any difference if I haven't also changed the settings password? Please forgive me if this is a stupid question!
It is always strongly advisable to change default passwords, however anyone that has physical access to the hub can always reset the hub back to it's default values. to access the router wirelessly. you will need the wireless password first.
Not a stupid question. It makes a huge difference as the only way to crack a WPA2 wireless password is to brute force it, i.e. try every possible permutation until you finally stumble on the correct password.
Using only lowercase letters for a wireless password gives you 26 permutations per password character, using upper and lower case with number gives you 62 permutations per character.
So using a password string of 8 characters gives 208 thousand million possibilities, 208 billion (26^8) permutations whilst a 8 character password using a mixture of upper, lowercase and digits gives you around 218 trillion permutations. Obviously, the permutations rise exponentially with longer passwords.
It took the professional security team 4 days to crack the lowercase password, so by the same token it would take over 4000 days to crack the same length password using a mixture of character.
It is also worth noting not to use common words. preferably using a random mixture of characters to prevent dictonary attacks.