Virgin Media tells 800,000 customers to change passwords after routers found vulnerable to hackers

Virgin Media has warned 800,000 customers using its Super Hub 2 router to change their passwords because a security vulnerability could expose their passwords to hackers, enabling attackers to gain control of other smart devices on the network.

The company says that the risk of compromise is only minimal, but customers who haven't changed the default password displayed on a sticker attached to the router to change both that and their network password in order to protect against potential attacks.

Virgin has advised Super Hub 2 users to switch to a "unique" password which should contain at least 12 characters using a mix of upper and lower case letters and numbers.

The warning comes after an investigation by Which? and ethical hackers at SureCloud who found they could infiltrate Super Hub 2 and use it to access to other household connected devices including children's toys, internet connected IP cameras, smartlocks and more. Even Amazon Echo was found to have a vulnerability with regards to voice ordering, but it was hard to crack.

A total of 15 devices were connected to a testing environment and researchers found vulnerabilities in eight of the fifteen devices, including the Super Hub 2 router, the gateway to all the devices within the environment. Ethical hackers say they were able to breach it within days.

Researchers found that one CCTV camera had particularly poor security as it operates over the internet using a default administrator account with no password. Researchers say they found thousands of cameras with these vulnerabilities which can expose live feeds of people's homes to the internet, in come cases even allowing an attacker to pan and tilt the camera.

However, Virgin Media, while noting the vulnerability, have pointed to this being an issue which exists of all routers of this age, but that the company, as well as issuing advice to change passwords, will be upgrading customers to a newer version of the router.

"The security of our network and of our customers is of paramount importance to us. We continually upgrade our systems and equipment to ensure that we meet all current industry standards," said a Virgin Media spokesperson told ZDNet.

"To the extent that technology allows this to be done, we regularly support our customers through advice and updates and offer them the chance to upgrade to a Hub 3.0 which contains additional security provisions."

While the Internet of Things and connected devices can bring benefitss, consumers "should be aware that some of these appliances are vulnerable and offer little or no security" said Alex Neill, Which? Managing Director of Home Products and Services.

"Manufacturers need to ensure that any smart product sold is secure by design," she added.

Keen to grab a piece of the Internet of Things pie, many manufacturers continue to rush out connected devices without sufficient cybersecurity, failing to learn the security lessons of the past and potentially putting millions at risk from a catastrophic data breach.

READ MORE ON CYBERCRIME

• Securing the IoT: A question of checks and balances
• Smart toy flaws make hacking kids' info child's play [CNET]
• How IoT hackers turned a university's network against itself
• The Internet of Things? It's really a giant robot and we don't know how to fix it
• Researchers use $5 speaker to hack IoT devices, smartphones, automobiles [TechRepublic]