Virgin Media has advised its 800,000 customers to change their passwords to reduce the risk of hacking after finding that many customers were still using risky default network and router passwords.
Recent Which? Report
One of the catalysts for Virgin Media advising customers to change their passwords was an investigation by Which? highlighting the fact that keeping the default password could make it easier for hackers to potentially access the provider’s Super Hub 2 router. This, in turn, could enable them to access a user’s smart appliances / IoT devices such as domestic CCTV cameras or even a child’s toy.
Hackers Could See Inside Your Home
The investigative study by Which? in conjunction with ethical security researchers SureCloud found that fifteen devices were tested, eight of which were found to have security issues. In one case, a home CCTV system was hacked because the administrator account was not password protected. Hackers were able to see live pictures and in some instances, were able to move cameras inside the house. Which? is now calling for the industry to improve basic security provisions.
It has long been known that not changing the default password in smart / Internet of Things (IoT) devices around the home for example, could put them at greater risk of being taken over by hackers.
The fact that IoT devices have a connection to the Internet, are prevalent, and are often overlooked in security planning (and are therefore likely left unguarded) means that they are vulnerable to hacks and attacks. Also, many tend to be connected to (or in control of) physical objects in homes and businesses e.g. white goods, CCTV cameras, printers elevators, doors, heating or fire safety systems.
IoT devices are also deployed in many systems that link to and are supplied by major utilities e.g. smart meters in homes. This means that a large scale attack on these systems could affect the economy.
Hackers have also shown that they can take over large numbers of IoT devices at once and use them as a botnet to attack other systems e.g. the ‘Mirai’ attack in October 2016.
Virgin Media Super Hub 2 Security Flaw
Earlier this month, Virgin Media’s (Netgear) Super Hub 2 and Super Hub 2 AC home routers made the news when a security patch had to be rolled out for them after they were found to all have exactly the same private encryption key, thus making them more vulnerable to hacks.
What Does This Mean For Your Business?
In this case, Virgin Media has acted quickly to avoid potentially bigger problems and has assured customers that the security of their systems and equipment is continually upgraded.
One positive aspect of this situation is that it has raised awareness of the vulnerability of IoT devices to attack. The message to users is, of course, that it is good practice to change default passwords on new devices e.g. routers and other IoT devices as soon as possible after setup.
Manufacturers and retailers of smart home and business devices also need to take some responsibility for minimizing the security risks in their products e.g. by building in better security features and by issuing regular updates and patches, and by informing buyers of the security measures that they need to take to use devices safely.