Hundreds of thousands of Virgin Media customers advised over hacking risk

Which? investigated whether hackers can access home networks and connected appliances 

Which? said it contacted the manufacturers of eight affected products to alert them to flaws as part of the investigation, with the majority updating their software and security.
Which? said it contacted the manufacturers of eight affected products to alert them to flaws as part of the investigation, with the majority updating their software and security.

Virgin Media is advising more than 800,000 customers with a specific router to change their password immediately after an investigation found hackers could gain access to it.

The company said the risk to customers with a Super Hub 2 router was "small" but advised them to change both their network and router passwords if they were still set as the default shown on the attached sticker.

The advice followed a Which? snapshot investigation which found that hackers could access home networks and connected appliances in as little as four days.

Ethical security researchers SureCloud gained access to the Super Hub 2, although Virgin Media said the issue existed with other routers of the same age, not just their model.

A Virgin Media spokesman said: "The security of our network and of our customers is of paramount importance to us.

"We continually upgrade our systems and equipment to ensure that we meet all current industry standards.

"To the extent that technology allows this to be done, we regularly support our customers through advice and updates and offer them the chance to upgrade to a Hub 3.0 which contains additional security provisions."

The Which? study tested whether popular smart gadgets and appliances, including wireless cameras, a smart padlock and a children's Bluetooth toy, could stand up to a possible hack.

Some of the devices proved harder than others to infiltrate, such as the Amazon Echo, but eight out of 15 appliances were found to have at least one security flaw.

The test found that the Fredi Megapix home CCTV camera system operated over the internet using a default administrator account without a password, and Which? found thousands of similar cameras available for anyone to watch the live feed over the internet.

The watchdog said that "worse still" a hacker could even pan and tilt the cameras to monitor activity in the house.

SureCloud hacked the CloudPets stuffed toy, which allows family and friends to send messages to a child via Bluetooth and made it play its own voice messages.

Which? said it contacted the manufacturers of eight affected products to alert them to flaws as part of the investigation, with the majority updating their software and security.

It did not receive a response from the manufacturers of either Fredi Megapix or CloudPets.

The consumer group said the industry needed to take the security of internet-enabled and smart products seriously by addressing the basics such as ensuring devices required a unique password before use, using two-factor authentication, and issuing regular security updates for software.

Alex Neill, Which? managing director of home products and services, said: "There is no denying the huge benefits that smart-home gadgets and devices bring to our daily lives.

"However, as our investigation clearly shows, consumers should be aware that some of these appliances are vulnerable and offer little or no security.

"There are a number of steps people can take to better protect their home, but hackers are growing increasingly more sophisticated.

"Manufacturers need to ensure that any smart product sold is secure by design."

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in