Six million Sky routers had a major security flaw
Image by USA-Reiseblogger from Pixabay
There were around six million Sky Broadband customer routers in the UK were affected by this vulnerability. The problem has been fixed, but it took over 17 months to address.
The security flaw (DNS rebinding attack) allowed threat actors to easily exploit the customer’s home network.
The hackers could gain access if the user had not changed the default password, or were able to brute-force the credentials.
Sky models affected:
- Sky Hub 3 (ER110)
- Sky Hub 3.5 (ER115)
- Booster 3 (EE120)
- Sky Hub 2 (SR102)
- Booster 2 (SB601)
- Sky Hub (SR101)
- Sky Hub 4 (SR203)
- Booster 4 (SE210)
Although, these last two devices (Sky Hub 4 & Booster 4) came with a randomly generated admin password, which would have made it more difficult for hackers to exploit.
Also, about 1% of the routers issued by Sky are not made by the company itself and could not be updated with the fix. Customers who have one of those can now ask for it to be replaced free of charge.
17 Months
5/11/2020 – The PenTestPartners team reported their findings to Sky, who acknowledged the issue and set a fixing date for November 2020.
Sky eventually revised the plan, promising to fix 50% of the affected models by May 2021, which was fulfilled.
10/22/2021 – Sky emailed to say that Sky had fixed 99% of all vulnerable routers via an update.
During the 17 months since the initial disclosure, users were vulnerable to DNS rebinding attacks during a period when many of them worked from home.
Lessons Learned
- Always change the default router password (admin & wifi)
- Keep your router firmware up to date (if it doesn’t automatically update)
Sources: BBC, Medium, Bleepingcomputer