Bug in Virgin Media 'Super Hub' routers left devices open to hacking – are you at risk?

A vulnerability in Virgin Media's wireless home internet routers could, until recently, give hackers the ability to gain complete control over the software and potentially monitor web traffic flowing through the network from connected PCs, smartphones and tablet.

That's according to researchers from Context, a cybersecurity firm, who reverse engineered software from two popular Netgear-made routers – the Super Hub 2 and Super Hub 2AC – and discovered a bug in the 'custom backup configuration' feature left devices open to attack.

According an in-depth analysis, while these configuration backups were adequately encrypted, the private encryption key used in the hubs was the same in all Virgin Media devices issued to homes across the UK.

In theory, Context claimed the bug meant a hacker with access to the admin panel of a hub could download a configuration file, add additional instructions to enable remote access and then restore the file to the hub.

The attacker could, researchers said, use the technique gain further control over the router and then intercept traffic transmitted on the network.

The vulnerability was initially discovered in October last year. Virgin Media said it worked with both Context and Netgear to fix the flaw and – luckily for users – the firm finally rolled out a full patch as part of scheduled firmware update at the end of last month (May 2017).

Andy Monaghan, a principal security researcher at Context said: "The Super Hub represents the default home router offering from one of the UK's largest internet service providers (ISPs) and is therefore present in millions of UK households, making it a prime target for attackers.

"While ISP-provided routers like this are generally subject to more security testing than a typical off-the-shelf home router, our research shows that a determined attacker can find flaws such as this using inexpensive equipment."

Jan Mitchell, a senior researcher at Context, added: "ISPs will always be at the mercy of their hardware suppliers to some extent. Recent press coverage of attacks such as the Mirai worm highlights the importance of carrying out independent security testing."

In a statement to IBTimes UK, a Virgin Media spokesperson stressed that users are no longer impacted by the vulnerability. "Virgin Media has deployed a firmware patch to our SuperHub 2 and 2AC routers that addresses this issue," a statement read.

"We take the security of our customers very seriously. Experts within our organisation often work with trusted third-parties to help keep our customers as secure as possible. We thank Context for their professionalism and cooperation."