"but the attacker would need an ideal environment – strong signal, "
So that's all SuperHub2 users safe then.
A Wi-Fi security flaw leaves Virgin Media subscribers' wireless connections vulnerable to takeover by hackers. The vulnerability, identified by IT consultant Paul Moore, means Virgin Media Superhub router/modem combo devices leak users' passwords every time they reboot. The issue arises because the Netgear-manufactured device …
I am a (relatively) techie person, although my job isn't working with networking kit in an IT environment, and I have a SuperHub2. I dearly dearly dearly wish that I could have just kept my little dinky VM modem with my own router, but VM tell me that they "aren't compatible with speeds higher than 20Mbps" for some reason. I can't work out whether that's just the party line their helldesk folks have been told to spin (surely they're all DOCSIS3.0 compatible?) or whether there is some technical element of truth to it... I'd be interested if anyone knows the truth.
Onto the 'Super' Hub 2. Modem mode on mine simply refuses to work correctly. When it was installed, once it had been proven to be working correctly "as-is", the first thing I did was flick it into modem mode to use my D-Link DIR645 with it... and nothing. The 'modem' wasn't assigning a WAN IP address to the router. I found this odd, as the router itself had been functioning perfectly fine an hour beforehand with my old dinky VM modem:
- Tried swapping cables, just in case. Nothing.
- Tried plugging the 'modem' directly into a machine to see if the machine would get an IP address... it timed out and assigned itself a 169.xxx IP address. Obviously: nothing.
- Reset the Hub at least five times while trying various things. Nothing.
- Tried various combinations of cables, networks cards, boxes, machines and both router and 'modem' settings. Nothing.
- Hit the VM forums for some support, and got the usual nonsense from their 'Technical' support people (i.e. power cycle it; do a software reset etc. - all the stuff I'd told them I'd already done.)
Eventually decided to run the SuperHub2 as a router for a week and try again. Still nothing, although some random software update turned up in the logs, but wasn't installed as the security hash was for the wrong bit of kit. At this point I start wondering if I've maybe just been unfortunate and got a bit of kit borked from the factory - I suppose these things can happen now and then.
Got fed up, phoned VM Helldesk - who were surprisingly sanguine about the entire affair. Explained what I'd done, and was told immediately that they'd replace the unit - I didn't even have to power cycle the damned thing while I was on the phone.
Engineer turned up and replaced the unit and had basically the same problems again. (Full disclosure - it did, on first turning modem mode on, give the router an IP address, but then it seemed to pull down some kind of software update which borked it again.)
The engineer, bless him, was very helpful and tried all sorts of things while I was there, but we eventually ran out of time - and to be fair to him, it worked flawlessly (for small values of 'flawless') when in router mode. He seemed to think it could be some form of incompatibility between the Netgear SuperHub and the D-Link router. Not sure what to think about that - I know in the bad old days this could happen between different manufacturers, but one would hope that the various firmware IP stacks would have been able to talk to each other over an apparently standard protocol by now!
So, the upshot is I'm currently sat using the SuperHub as VM intend - as a router. As it seems to work well at my house and I can get a decent signal from it in every room, I'm tempted to just leave it as-is. Might give it another go once the new firmware update comes out, but it's annoying. My only other consideration is whether to hit eBay and buy an old Cisco router / VPN tunneller so I can route a lot of my traffic through a VPN so I don't get hit with throttling for having the temerity to use my 'unlimited' internet connection to stream video using the TorrentStream protocol.
Anyone on here got any thoughts or similar stories of woe? If anyone has any potential solutions I'd be interested to hear them.
@BenR
I had the same problem; modem mode does not provide an IP for a downstream router. Got no joy, but instead run my router on a normal port and simply turn off the wireless on the Superhub.
I'm sure there are all sorts of hideously subtle reasons why this is wrong, but it works, and the Superhub itself is invisible to wireless.
what kind of moron leaves the wifi enabled on a superhub anyway?
Not every one is as tech-savvy as the average El Reg commentard. When a well known company offers a product or service with useful features, you can hardly blame people for expecting it not to be riddled with vulnerabilities and needing all the useful features to be disabled.
VM and Netgear are the ones who should be castigated for this. Not their customers.
And how many friends and mums actually listen and can be bothered to take action in an area that they're already scared of. Techies also tell their mums to back up, install NAS devices and write one-click backup scripts and add calendar reminders and mums STILL don't every back up, despite being reminded at every visit and having lost important data in the past.
Even those with tech-savvy relatives and/or friends rarely listen. When they plug it in and it connects to the internet they consider the matter closed. The don't have the inclination to think about the complexity of getting connected. As far as they're concerned the modem is just a tap for the modern world. Plug it in to the wall, turn it on and out pours the internet. If you make devices for the masses then, as far as is possible, that is what should happen.
I read it as "If you use it for a while, you'll get sick of it, and quite likely buy a proper router".
I'm not criticizing the customers, but the router Virgin hand out.
I had annoying problems with it for ages - mediocre performance (but I was OK with that - it was free), but performance used to continuously degrade and then magically restore on a reboot.
Bit the bullet, bought a "bells and whistles" Asus and very happy. Asus is a great router, and now the Virgin box is just working as a modem, it's been faultless.
"but performance used to continuously degrade and then magically restore on a reboot"
So you left it running 24/7? Unless you're working variable shifts or suffer from insomnia a cheap time switch will pay for itself in a year or two, cause no inconvenience, and reduces the time your router is up and exposed to any attempted hacks. And it's rebooted once or twice a day.
Was that just trolling or did you mean it?
What kind of techie forgets that these devices are sent out to ordinary members of the public who pay Virgin good money because they just want to connect to the interwebs.
They're not techies. It's the job of techies to remember this fact and deal with it.
And; " surely everybody knows to switch it to modem mode and use your own router".
Bollocks!
Why would they know this? Or have their own router? Or even know what a router is.
To most ordianry people, including those in your block of flats, the hub is a shiny black box with lots of gee whizz lights that make the computer talk to the Facebook.
So I'm a moron for having a life, oh dear seems a little knowledge and a lack of useful things to do has made you think you have a valid opinion
Strangely enough the unaptly <sic> named Superhub, provides me with reasonable cover around the house, and generally works.
Why would I waste my time and money switching it to modem mode and installing an unnecessary wireless router?
If I want US Netflix I will stick with using a VPN service.
This is unfortunately standard for home networking. You're lucky if it works at all and security is too much to expect. Even Netgear's "blue metal" boxes, which they pretend are business class, have problems like this. My FVS336G, which is a frickin firewall, must have spent over a year with so many security holes that it would have needed another firewall to protect it.
I think you're right, this is pretty standard. People pay good money for stuff they expect to work as advertised and they're getting screwed.
As for Netgear, I've got a WNR3500Lv2 here. It too doesn't live up to their claims, but I bought it knowing what I was getting and never even as much as looked at the original Netgear firmware. I'm personally very happy with what I got, but if these companies are going to market to the average user, they should mark it "as is".
I use a VMDG480 hub, yes routing as well as modem. I assume it is an earlier version of the gear described in this article.
The other evening it reset itself to factory defaults, I don't know why. But (after a "pin-in-the-hole" reset) I have reapplied a set of passwords etc., different from my previous ones.
No, I have not contacted the Helldesk either. Better to just get on with things.
"All Virgin Media Business customer morons, because Modem Mode is not available on the business firmware on the Super Hub 1."
I had the same problem when Virgin sent me their utterly crap Super Hub 1 (it can't even manage streaming blu-ray video over a wired network FFS!) before they'd updated the firmware to allow modem only mode.
It's fixable - just disable wireless on the Super Hub and set it up as a wired gateway on your 'proper' wireless router on a different IP network (i.e. 192.168.100.0 and 192.168.101.0.)
It may not be the most desirable solution, and needs at least some networking knowledge (though I'm not a qualified network techie), but it works...
You don't want the super hub 2, their support forums are filled with errors and messages about how crap they are.
I am 5 out of 35 days with no internet at all and with failed engineer visits and an indian call centre shocked I can't be around all day in case one decides to turn up I researched myself to prove the super hub 2 was pants. Their help being to reboot (which I can manage myself thanks)
2 x Daily reboots, web front end crashing, resetting values, losing signal, not coming back after a reboot etc.
So I turned it to modem only and bought a proper router that had good reviews from proper tech websites.
Voila. No more problems and haven't had any for 2 weeks of 24/7 up time..
Be happy you don't have the super hub 2.
When I first got my SuperHub I had a default password for the device admin webapp. First thing I did was change it. When I needed tech support a couple of hours later (turned out the wiring was dodgy and had been marginable but acceptable to the old modem, but not for the superhub) the first thing they did was ask me to change the password back to default.
After that I just used the superhub in passive move with the wifi turned off and the device hooked up to an external router. If they require you to have the default password for tech support then they obviously can't be depended on for decent security.
" Netgear-manufactured device initially brings up the wireless network without any form of encryption, allowing it to accidentally leak its Wi-Fi password in the clear to anyone nearby."
Makes me wonder when these people make a security device, do they actually test it for vulnerabilities or what ?
With the old VM modem I ran my Belkin for the wifi and all worked well. VM replaced the modem with a superhub when they uprated my speed, the problem was that the superhub and Belkin kit wouldn't talk to each other reliably often having to reboot the Belkin.
I upgraded my pc (Windows 7 - bring back XP) with an SSD and now the problem is the PC boots up faster than the superhub and I have to hit the network trouble shooter to get the superhub to respond.
Fairplay to VM support, after getting a run of problems with the superhub, they sent a techy round who replaced it for me. Don't try to get through the menu system to support, after about 6 options it tells you the number is no longer in service, ring sales and ask them to put you through to support.