Virgin Media broadband security alerts explained
The Virgin Media Internet Security team issue automated communications to customers via letter and email when they have received intelligence to suggest there is vulnerability on the customer’s home network that can be exploited by a remote attacker.
In most cases, this intelligence is provided by 3rd party security organisations such as The Shadowserver Foundation, who undertake regular scanning of public-facing devices on the Internet and report any issues to the relevant Internet Service Provider (ISP).
Advice on how to resolve each vulnerability we send communications about are listed at virginmedia.com/securityhub.
Why do these vulnerabilities need to be resolved? Why do these vulnerabilities need to be resolved?
The threat posed to a customer, ourselves as an ISP and 3rd parties vary depending on the vulnerability. Most issues allow for a malicious 3rd party to exploit the vulnerability on the customer’s network to either steal personal information or to use the network to amplify malicious traffic – such as participating in a Denial of Service attack on other Internet users.
If these issues are not resolved immediately, then any personal information on devices using the vulnerable home network could be at risk and in cases where the vulnerability could be used to amplify malicious traffic, it could cause significant issues with Broadband performance and stability as the connection is essentially being flooded with traffic.
How have these vulnerabilities occurred? How have these vulnerabilities occurred?
In most cases it is down to a misconfiguration on a firewall being used on the home network. If you’re unfamiliar with the concept of a firewall, think of it as a version of airport customs but for your home network – it will only let certain types of wanted traffic to pass in and out.
Unless you have a specific setup configured, your devices will be using the built-in firewall on our Hub 3 or Super Hub routers to filter out any unwanted traffic from entering or leaving your network.
The most common cause behind these vulnerabilities is a port forwarding or port filtering rule that has been setup in the router’s firewall to allow traffic over the vulnerable port(s) from passing to the outside world.
Another common cause is a device has been placed in the firewall’s DMZ, this essentially allows the device in question to bypass all firewall settings – any services running on that device that aren’t designed to be exposed beyond your home network will cause a vulnerability.
Are these vulnerabilities opened by malware and/or hackers? Are these vulnerabilities opened by malware and/or hackers?
It is possible, but in most cases no. The majority of the vulnerabilities we issue communications regarding are likely to be caused by a misconfiguration on a firewall/router or a computer running on a home network.
Home network protection Home network protection
Configuring a firewall
Every communication we issue about a vulnerability will list steps that can be taken to resolve the issue. In most cases the steps require you to login to the Hub 3's or Super Hub’s configuration pages and remove any unneeded port forwarding or filtering rules as well as removing devices from the DMZ.
What is the DMZ?
The DMZ standards for Demilitarised Zone, it’s a feature in most router firewalls, including the Virgin Media Hub 3's and Super Hubs. It allows for any devices placed in the DMZ to bypass all firewall settings. This should only be used in very specific circumstances, such as when a customer wishes to use a device that has its own software firewall configured.
If there is a device in the DMZ that is using a service that should not be exposed to the Internet, or it has a flaw in a service it uses – then it can be misused by malicious third parties to commit abuse.
Will resolving these issues stop some Internet services from working? Will resolving these issues stop some Internet services from working?
No, making changes in the firewall based on the advice we have listed at virginmedia.com/securityhub will not stop any services from working.
Most of the vulnerabilities we issue communications about are relating to services that are only designed to run on a local network – in other words, they shouldn’t be exposed to the Internet, only the devices running on your home network.
An example of this is:
Bob has received a Multicast DNS letter advising that the service is exposed past the firewall. The customer identifies that they have a games console in the DMZ, the console uses the Multicast DNS service in order to communicate with other devices in the home for doing things like video streaming.
Removing the device in the DMZ will fix the problem and won’t cause Bob any problems with any of the streaming services he uses because Multicast DNS is only designed to be used on a local network, not on the Internet.