7 Seconds Is All It Takes to Hack Networks of Virgin Super Hub Router ...

You are currently viewing our forum as a guest. This means you are limited to certain areas of the board and that there are some features you can't use or read.

We are an active community of worldwide senior members participating in chat, politics, travel, health, blogging, graphics, computer issues & help, book club, literature & poetry, finance discussions, recipe exchange and much more. Also, as a member you will be able to access member only sections, many features, send personal messages, make new friends, etc.

Registration is simple, fast and completely free. Why not register today and become a part of the group. Registration button at the very top left of the page.

Thank you for stopping by.

Join our community!

In case of difficulty, email worldwideseniors.org@gmail.com.
If you're already a member please log in to your account to access all of our features:

7 Seconds Is All It Takes to Hack Networks of Virgin Super Hub Router ...
Topic Started: Mar 8 2014, 08:02 PM (1,068 Views)
Deleted User	Mar 8 2014, 08:02 PM Post #1
Deleted User	Quote: 7 Seconds Is All It Takes to Hack Networks of Virgin Super Hub Router ... If you’re a Virgin Media customer and you use a Super Hub or Super Hub 2 router to access the Internet, you should know that hackers can access your network and do whatever they want with your Web connection. British security researcher Paul Moore is the one who identified the issue. He has reported it to Virgin and Virgin has reported it to the manufacturer, Netgear. However, since it could take months until the vulnerability is fixed, Moore has decided to publish an advisory to teach users how to protect themselves. The expert has found that, when the Super Hub device is started, it takes around 1 minute to fully boot. In this timeframe, there’s a 7-second window in which the Wi-Fi is enabled without any kind of encryption. During this 7-second window, an attacker could compromise the device. If you’re thinking that it’s impossible for someone to compromise the device in 7 seconds, you are wrong. There are two other factors that enable an attacker to exploit these 7 seconds. One of them is the fact that devices are accessible by default via two IPs: 192.168.100.1 and 192.168.0.1. The second is the fact that all Super Hub and Super Hub 2 routers have a default password, “changeme,” which users rarely change. With this information in hand, a hacker who’s in close range of the targeted network can access the device’s user interface and obtain the Wi-Fi encryption key from the “Security Settings” menu. The encryption key is in plain text, so it can be easily copied. After the 7 seconds, encryption is enabled. However, if the attacker has already gained access to the encryption key, it doesn’t matter. Further details & screenshots here: http://news.softpedia.com/news/7-Seconds-Is-All-It-Takes-to-Hack-Networks-of-Virgin-Super-Hub-Router-Owners-430976.shtml
Deleted User


Trotsky	Mar 9 2014, 12:06 AM Post #2
Big City Boy Posts: 38,319 Group: Member Member #79 Joined: September 8, 2005	Quote: The second is the fact that all Super Hub and Super Hub 2 routers have a default password, “changeme,” which users rarely change. So then basically, the networks are vulnerable because users don't select a password.



wildie	Mar 9 2014, 07:13 AM Post #3
Veteran Member Posts: 12,173 Group: Member Member #442 Joined: October 11, 2006	It seems to me that its only vulnerable during the BOOT interval. So if you are like myself and never turn the router off, there is no problem!



Delphi51	Mar 9 2014, 04:56 PM Post #4
Member title Posts: 13,967 Group: Administration Member #441 Joined: October 10, 2006	There has been news that nearly all home routers are vulnerable. Linksys, Cisco and Dlink are mentioned for starters. http://slashdot.org/topic/datacenter/home-routers-pose-biggest-consumer-cyberthreat/



Deleted User	Mar 9 2014, 10:07 PM Post #5
Deleted User	Most people do not use secure passwords for their routers or login. From what I have been told most will leave their password as Administrator or a name they can remember which is not secure. I went to the dollar store and purchased a recipe box with the alphabet inserts & cards and write down all my login details and any thing else I do on the internet. That way I do not have to worry about remembering. :snowflake:
Deleted User


Trotsky	Mar 10 2014, 01:27 AM Post #6
Big City Boy Posts: 38,319 Group: Member Member #79 Joined: September 8, 2005	Toodles Mar 9 2014, 10:07 PM I went to the dollar store and purchased a recipe box with the alphabet inserts & cards and write down all my login details and any thing else I do on the internet. That way I do not have to worry about remembering. :snowflake: I use loose leaf sheets in a folder. I keep appending new sheets and it's up to 6 pages now. Occasionally I cross out oldy-oldies and when I have enough cross outs I make a new neat page with room for a few newbies. Last check in I found the password to my BLUE-LIGHT account...that was K-Mart's sign in account which was among the first $10 ISP's (50Kbps) and the first to start wrecking the AOL near monopoly. laugh123 laugh123 It brought back memories. But index cards are a terrific idea...maybe I'll transfer the hundreds of passwords and aliases over some day when we get 24+ inches of snow. My router and both identites are well passworded. The downside is trying to remember how passwords, encryptions, WAPS and WEPS all work when I need to make a change. And sometimes it's a pain, after a lightning fast boot at the break of dawn to try to get 11 alphaneumerics in correctly. In the dark it usually takes about 10 tries...I always have to give up and switch the desk light on. Edited by Trotsky, Mar 10 2014, 01:29 AM.



Darcie	Mar 10 2014, 02:30 AM Post #7
Skeptic Posts: 31,154 Group: Member Member #714 Joined: March 30, 2010	I have been relying on memory until recently, now I do put some in the back of a little budget book. I have birthdays of relatives for various items and no one knows which relative it is, my aide memoire is that I call the item or the site by the name of the relative so mostly it is recalled quite easily. Figure it is secure as who in the hell knows the birthdays of someone else's relatives? I don't,



reactivate	Mar 10 2014, 02:57 AM Post #8
Gold Star Member Posts: 3,897 Group: Member Member #769 Joined: May 18, 2010	It is possible to purchase software that will crack just about any password within a relatively short time. The only effective mechanism to stop (actually slow) them is to have a password system that will lock out any further attempts for several hours after a few failures.



wildie	Mar 11 2014, 02:24 AM Post #9
Veteran Member Posts: 12,173 Group: Member Member #442 Joined: October 11, 2006	Delphi51 Mar 9 2014, 04:56 PM There has been news that nearly all home routers are vulnerable. Linksys, Cisco and Dlink are mentioned for starters. http://slashdot.org/topic/datacenter/home-routers-pose-biggest-consumer-cyberthreat/ From your link! Quote: the only real solution is to protect home routers from attack by disabling any kind of remote administrative access to the router, changing default usernames and passwords and updating firmware on routers. The article is of course directed to nerds and can leave the rest of us scratching our heads. For the average home user not much can be done, except to adhere to the advice quoted!



Trotsky	Mar 14 2014, 12:30 AM Post #10
Big City Boy Posts: 38,319 Group: Member Member #79 Joined: September 8, 2005	Quote: Linksys, Cisco and Dlink are mentioned for starters. Actiontec?? Anyhoo, I guess it's really no different from any apartment or home being subject to sophisticated burglary...and any bank vault for that matter. Quote: The only effective mechanism to stop (actually slow) them is to have a password system that will lock out any further attempts for several hours after a few failures :cold: How could that be arranged? Edited by Trotsky, Mar 14 2014, 12:31 AM.



wildie	Mar 14 2014, 03:59 PM Post #11
Veteran Member Posts: 12,173 Group: Member Member #442 Joined: October 11, 2006	Trotsky Mar 14 2014, 12:30 AM Quote: Linksys, Cisco and Dlink are mentioned for starters. Actiontec?? Anyhoo, I guess it's really no different from any apartment or home being subject to sophisticated burglary...and any bank vault for that matter. Quote: The only effective mechanism to stop (actually slow) them is to have a password system that will lock out any further attempts for several hours after a few failures :cold: How could that be arranged? When i first started to work on computerized telephone systems, administration required password access. Three attempts were allowed and if none were correct, access was blocked and a timer initiated to block all access for a time after! This technology was available in the 80s, so I would think it would be simple addition to the router software to incorporate a feature such as this!



Trotsky	Mar 15 2014, 12:42 AM Post #12
Big City Boy Posts: 38,319 Group: Member Member #79 Joined: September 8, 2005	Any guesses or knowledge on how many attempts you get with Windows 7 to sign in to an ADMINISTRATIVE IDENTITY (or any passworded identity) before a time delay? I can't find anything on it. I know that I have tried at least a half dozen times with groggy morning eyes and 6 was never a problem. OY: Seems there are ways to remove password protection from an Administrative account. Lots of words but the gist is it can be done without any need to crack the password: http://www.techfleece.com/2013/07/12/how-to-crack-a-forgotten-admin-password-in-windows-7/ A sight aside: A good read for all, and an adorable picture:VVVV http://www.smartplanet.com/blog/thinking-tech/how-to-steal-an-identity-in-seven-easy-steps/ Edited by Trotsky, Mar 15 2014, 12:56 AM.



1 user reading this topic (1 Guest and 0 Anonymous)


« Previous Topic · SOFTWARE & HARDWARE · Next Topic »