That IOT stuff is a mess, esp. given how it is like the wild west policy and security wise.
Too many people connect their new IOT device and do nothing more. Say for example a CCTV IOT device, they think it will allow them to secure their home by seeing what is going on when they need to.
The reality: they put it online with default known ports, default username and password, default remote admin on+default remote admin&password that is publicly known.
The end result? They created a way anyone on the Internet can monitor that home and in some cases, burglars use it to case out a home. When they check the webcam to see it is empty and get a sense of when it is generally empty. They clear out the house hard. They also contribute to DDOS.
It's worse that someone having a public facebook profile with their home address and then posting "I'm going on vacation for (duration.)" Which the Internet reads as "Come rob my house please, I beg you, I am desperate to be robbed."
If Virgin Media haven't changed it by now - do you honestly think that they will do so in the future?
FWIW - I'm actually with you in that that Virgin Media should be adding the facility to turn it off if users wish to. However I will say that security by obscurity is a bad principle. Indeed most hackers are looking for exposed services they can exploit.
Do you honestly not think that hackers would not and in fact have not already changed their tactics in response to the increasing use of ICMP echo hiding.
Shadowserver (a non profit organisation who scans the internet looking for exploits) uses other exploits to identify vulnerable computers such as mDNS or NTP queries. The only difference between groups like Shadowserver and other hackers is that Shadowserver notifies ISPs of their findings who can then alert the users concerned.
Having ICMP Echo response hidden has limited to no security value. Indeed if you do a little digging you'll find that those who deal with internet security do not hold Steve Gibson (who runs GRC) in high regard.
Disclaimer: I do not work for Virgin Media. The opinions expressed above are solely my own and should not be taken to be indicative of Virgin Media's opinions.
Only use Helpful answer if your problems been solved.