Virgin Media and the WPS flaw

Some cleaver guys figured out that there is a flaw in Wi-Fi Protected Setup (WPS). WPS was developed for an easy way to connect devices to a wireless network, by using an eight-digit pin code. WPS is enabled on many routers as default, no matter if they are running WEP, WPA or WPA2 encryption. The flaw basically enables you to bruteforce the pin needed to connect to a wireless network in a matter of hours.

Since I’m a Virgin Media customer I tried this hack with a program called Reaver, on my so-called “Super Hub” from Virgin Media. I seemed to be working, so I start looking for a way to fix this flaw. In a Virgin Media forum other customers was asking how to protect against this flaw as well, and Virgin Medias answer was to turn off the WPS function.

The Super Hub team has been investigating this potential vulnerability alongside our partners Netgear and Broadcom. We’re taking this industry wide issue with the WPS standard very seriously and are working with our partners to see what additional security measures we can implement.

In the meantime both our and Netgear’s testing have confirmed that turning the WPS PIN off in the GUI removes any potential for this vulnerability to affect the Super Hub and Hub. You can switch the WPS PIN off by going into the advanced settings, then the Advanced Wireless Settings menu, ticking the box marked Disable WPS PIN and clicking apply.
Thanks

Mark Wilkin
Help & Support Forum Manager

So I turned off the WPS feature as instructed, and tried the hack again. The pins still seemed to be accepted when send to the router. I even captured a broadcast packet from the router and had a look at it in Wireshark, and discover that WPS is still set as “Configured”. I posted the result on the forum, and was told that their Super Hub team would have a look at it.


They later emailed me, asking what version of the firmware was running on my router. I told them that it was the newest version – R30. Since then I haven’t heard anything from Virgin Media, I’m starting to think that they would rather just forget the problem than fix it.

Read my original post on Virgin media Help & Support forum here.

Share Button

Comments

comments

Bookmark the permalink.

12 Responses to Virgin Media and the WPS flaw

  1. VM_User says:

    Heya, I’ve read some routers need to be restarted for it to take effect, did you try that?

    Sadly I’m going to be getting a SuperHub soon, so I’m a bit paranoid about this, plus I’ve heard in the vm forums it resets its settings for no reason.

  2. Hegelund says:

    Hi VM_User

    Yeah I think I read that somewhere as well – And yup I also tried that, without any luck.
    If you really paranoid about it, you could put the Superhub in Modem Mode and route the traffic to a router of your own, and let that one handle the wireless network.

  3. VM_User says:

    Yeah, I’m gonna do that, but I’ve read people saying even in modem mode it resets, anyway theres meant to be a new firmware update in works, so I hope that sorts it out.

  4. Hegelund says:

    Okay I don’t know about that – let’s hope that firmware update comes soon and does the trick.

  5. pbrondum says:

    Hi VM_User

    The superhub is a pain, as you are afraid of, it does reset itself, even in modem-mode.
    This sometimes cause routers after the superhub to loose their ISP settings.
    Often it requires to manual reset the superhub again 🙁

  6. Superboob says:

    The pins still seemed to be accepted when send to the router. I even captured a broadcast packet from the router and had a look at it in Wireshark, and discover that WPS is still set as “Configured”

    DOES THIS MEAN REAVER WILL STILL HACK THE PIN?

  7. Hegelund says:

    Hi Superboob!

    I didn’t let it run through all the PINS and thereby get the password. It was just an proof of concept. But if I had, I would imagine Reaver would still be able to hack the router – yes.

  8. boatman says:

    disable the 2 WPS PIN checkboxes

    reaver will still run through all the pins but no longer recieves affirmation when it tries the correct pin.

    reaver will run through all possible combinations then terminate without finding the PIN

    see for yourself, should only take a few hours if you have strong WiFi signal

  9. Hegelund says:

    Hi boatman

    Thanks for your reply. I just moved, and am no longer a Virgin media customer, so unfortunately I cannot test this out.

  10. VM_User says:

    Heya, I finally got the SuperHub, first thing I did was put it in modem mode, I’ve had no problems so far (Jun 27th).

    Anyway thought I’d let peeps know that Firmware R36 seems to be able to disable WPS, I checked with Wireshark, WPS no longer shows up when it’s disabled, and reaver just sits there doing nothing.

  11. Hegelund says:

    Okay that’s good to know, Thanks for that VM_User!

  12. Dan Kinobi says:

    Confirmed. R36 appears to solve wps woes.

    For the time being anyways 😉

Leave a Reply

Your email address will not be published. Required fields are marked *