Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Sunday, 5 February, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Virgin Media Fixes Super Hub 3.0 Security Flaws.

by The Gurus
December 13, 2018
in Network Security
Virgin Media Fixes Super Hub 3.0 Security Flaws.
Share on FacebookShare on Twitter

Virgin Media has fixed multiple vulnerabilities in its Super Hub 3.0 broadband modem, after a researcher from global cyber security and risk mitigation expert, NCC Group, proved that they could enable hackers to remotely monitor network traffic and execute commands on the devices.

The firmware security flaws in a third party router, were discovered and disclosed to Virgin Media by Balazs Bucsay, managing security consultant at NCC Group, in 2017.

Bucsay was able to chain vulnerabilities together to create a remote exploit that could be actioned with no authentication from the Super Hub 3.0 owner.

By embedding the exploit in webpages and sending them to users via spear phishing emails, hackers could have controlled and installed backdoors in millions of modems, potentially giving them access to users’ internal home networks.

The vulnerabilities were located in multiple parts of the Super Hub 3.0’s firmware, including different services and additional web-related files.

By taking advantage of three different static cookies within the firmware’s web service binary, Bucsay was able to bypass its authentication and authorisation procedures and access all functionality of the device with administrator privileges.

Commenting on the research, Balazs Bucsay said: “This discovery should alert other internet service providers to the importance of checking and upgrading the security of any third- party hardware they use.

“Vendors often supply the same firmware with small modifications to white label the product for different customers.

“Virgin Media should be praised for taking these vulnerabilities seriously in order to protect their customers, and its vital that other providers follow their lead by upgrading their firmware.”

NCC Group responsibly disclosed the Super Hub vulnerabilities to Virgin Media in March 2017, after carrying out dedicated research to find them during the winter of 2016-2017. After working with NCC Group to fix the reported issues, Virgin Media rolled out a new firmware (version 9.1.116.608) in July 2018.

A detailed description of the research can be found in this blog.

FacebookTweetLinkedIn
ShareTweetShare
Previous Post

Why Other Hotel Chains Could Fall Victim To A ‘Marriott-style’ Data Breach.

Next Post

Fujitsu EMEIA’s VP Of Enterprise Cyber Security – Rob Norris – Shares His Cyber Security Predictions For 2019.

Recent News

london-skyline-canary-wharf

Ransomware attack halts London trading

February 3, 2023
Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

Ransomware conversations: Why the CFO is pivotal to discussing and preparing for risk

February 2, 2023
JD Sports admits data breach

JD Sports admits data breach

January 31, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information