Virgin Media Virgin Media Community

RED48 · ‎26-05-2021

In the latest review by Which Magazine about security flaws with routers, they have included Vigin Media's Super Hub and Super Hub 2 as vulnerable because of 'Weak Password' and 'Lack of Updates' .

I am concrened about this because I have had my Super Hub since 2016. and since recently the speed has dropped considerably. I am on M200 and only getting 60Mbps. I have been in touch with technical support and they say that there is a problem in the area and expect the problems to be resolved in the next few days.

Do others have concerns about the security of the Super Hub 2? Is the hub security linked to the speed issues people are experiencing?

goslow · ‎26-05-2021

You are mentioning two separate issues - your speed issue and the security issue claimed by the Which article.

If VM have identified a speed issue in your area then there is not too much you can do immediately on the speed problem until the area fault is cleared.

On the matter of the Which article claiming security problems, the article and its sources are somewhat light on detail as to what the perceived threats are. AIUI, the article was comparing old routers against the government's new 'Secure by Design' standards.

The main, and most obvious, issue in the case of the SH2 is changing the default administrative passwords which were all the same for all units when produced. The default wi-fi settings and passwords may also be weak compared to current standards but can be improved by the user changing them to something more current/secure.

The Which article mentions other vulnerabilities when a potential hacker was 'in the vicinity' of the router but doesn't elaborate on what that means. It might be the wireless issue mentioned above or may mean any hacker has to be connected to the user's network.

VM have denied any security issues with the older equipment. In the recent past VM have offered upgrades to SH2 users and below but I am not sure where that stands now as there have been mentions on the forum of Hub 3 units being in short supply. AIUI, VM have been recycling equipment which is still current for reuse, so you may get a 'new' hub that has previously been used by someone else

One of the forum team staff should be able to advise if you can currently get an upgrade or not to a newer VM hub.

See where this Helpful Answer was posted

HughJarsse · ‎26-05-2021

"In the recent past VM have offered upgrades to SH2 users and below but I am not sure where that stands now as there have been mentions on the forum of Hub 3 units being in short supply."

As someone who still has a hub 2, (and has been having problems recently) I have tried to get an upgrade to hub 3, only to be told that I would need to upgrade my package to get one, that there were no 'free' upgrades to hub 2, (as I am only on the 100 meg package).

Don't really need more speed, just a reliable hub, but VM don't seem to agree, so looks like no upgraded hubs, unless you upgrade package as well...

See where this Helpful Answer was posted

goslow · ‎26-05-2021

You are mentioning two separate issues - your speed issue and the security issue claimed by the Which article.

If VM have identified a speed issue in your area then there is not too much you can do immediately on the speed problem until the area fault is cleared.

On the matter of the Which article claiming security problems, the article and its sources are somewhat light on detail as to what the perceived threats are. AIUI, the article was comparing old routers against the government's new 'Secure by Design' standards.

The main, and most obvious, issue in the case of the SH2 is changing the default administrative passwords which were all the same for all units when produced. The default wi-fi settings and passwords may also be weak compared to current standards but can be improved by the user changing them to something more current/secure.

The Which article mentions other vulnerabilities when a potential hacker was 'in the vicinity' of the router but doesn't elaborate on what that means. It might be the wireless issue mentioned above or may mean any hacker has to be connected to the user's network.

VM have denied any security issues with the older equipment. In the recent past VM have offered upgrades to SH2 users and below but I am not sure where that stands now as there have been mentions on the forum of Hub 3 units being in short supply. AIUI, VM have been recycling equipment which is still current for reuse, so you may get a 'new' hub that has previously been used by someone else

One of the forum team staff should be able to advise if you can currently get an upgrade or not to a newer VM hub.

HughJarsse · ‎26-05-2021

"In the recent past VM have offered upgrades to SH2 users and below but I am not sure where that stands now as there have been mentions on the forum of Hub 3 units being in short supply."

As someone who still has a hub 2, (and has been having problems recently) I have tried to get an upgrade to hub 3, only to be told that I would need to upgrade my package to get one, that there were no 'free' upgrades to hub 2, (as I am only on the 100 meg package).

Don't really need more speed, just a reliable hub, but VM don't seem to agree, so looks like no upgraded hubs, unless you upgrade package as well...

Corey_C · ‎27-05-2021

Thanks for your post and welcome to the Community Forums, RED48,

Sorry to hear that you have been having broadband issues. If you are wanting to improve the security of your home network then we would advise creating unique passwords:https://www.virginmedia.com/help/virgin-media-change-hub-wifi-name-and-password

Our records have also show that you have been in touch with our care team by phone regarding your connection speeds. Let us know if you need any further help.

Cheers,

Corey C

RED48 · ‎31-05-2021

Thanks. I agree that one should be able to upgrade the hub to the latest model without an upgrde to the package speed. I think they charge for the hub as well.

Serena_C · ‎31-05-2021

Thanks for your feedback regarding upgrading your Hub without upgrading your package speed.

I understand this may not be ideal for you to upgrade your speeds to obtain a Hub upgrade, I shall pass on your feedback now.

Best wishes,

Serena

RED48 · ‎31-05-2021

Thanks for your reply and the link. I have alreday set up password etc. My main concern is the lack of updates to the firmware for the older hubs. What is the policy for upgrading to the latest hub model? Does one have to upgrade the package as well? I would have thought that Virgin would be interested in the 'security' for their customer's broadband connections and would automatically offer upgrades of the equipment (Hub) when new more secure models are introduced.

Serena_C · ‎31-05-2021

Hi @RED48

Here is the link to change the default login details for the Hub's admin page: 192.168.0.1

In regards to the Which? article, if you change your Hubs password from the default password to something different, then it will be secure 🙂

Kind regards,

Serena

rncross · ‎01-06-2021

I found https://www.surecloud.com/services/blog/hackable-home-delving-virgin-media-super-hub-2 which gives a pretty good technical explanation of the background of the problems and what was done to examine them

As the blog concludes the longer the password the more mathematically improbable it is for it to be cracked (https://xkcd.com/936/ is a famous computing cartoon based explanation of that). Which just reinforces the point that Virgin Media have appalling security for their customer online accounts. It has been mentioned multiple times on this forum but to recap:

Virgin enforce weak passwords (i.e. limit of 10 characters)
Virgin breach industry and government standards with your passwords.

Virgin Media Virgin Media Community

Virgin Media Virgin Media Community

Super Hub 2 - Security