Sky internet users have complained about issues getting online
Sky internet users have complained about issues getting online

Millions of Sky routers left open to hackers for 18 months

Customers’ home networks and devices could have been taken over if they visited a malicious website

Adam Smith
Friday 19 November 2021 14:24
Comments

Millions of Sky routers suffered from a vulnerability that would have allowed a customer’s home network to be compromised by hackers.

Researchers from Pen Test Partners discovered that a DNS rebinding error – which allows an attacker to bypass defences in web browsers – meant that users with the default administrator password were left unprotected.

The default password (admin:sky) was set for a high percentage of routers, the researchers said, but a brute force attack (where hackers systematically guess passwords via trial and error) could also target routers where the password had been changed.

The issue would have given hackers direct access to computers and devices after they navigated to a malicious website. The browser would then treat the router’s IP address as the IP of the malicious website.

The Sky Hub 3 (ER110), Sky Hub 3.5 (ER115), Booster 3 (EE120), Sky Hub (SR101), Sky Hub 4 (SR203), and Booster 4 (SE210) were all affected by the issue.

“A key factor that allowed the routers to be automatically taken over via the DNS rebinding vulnerability was the default credentials used by most versions of the Sky devices”, Pen Test Partners wrote.

“Although a brute force attack could be used to discover non-default passwords, a custom password would significantly decrease the chances of a successful attack. Few customers change their router admin passwords from the default.”

The devices are now being patched automatically by Sky, but Pen Test Partners says that it took 18 months for them to fix the issue since they were first alerted to it on 11 May 2020.

Pen Test Partners says they did not disclose the vulnerability after 90 days because “ISPs were dealing with challenges from vastly increased network loading as working from home became the new norm. We didn’t want to do anything to limit the ability of people to work from home.”

Pen Test Partners eventually contacted the BBC in August this year after allegedly chasing Sky for updates to accelerate the patch.

"While the coronavirus pandemic put many internet service providers under pressure, as people moved to working from home, taking well over a year to fix an easily exploited security flaw simply isn’t acceptable," Pen Test Partner’s Ken Munro told BBC News.

"We take the safety and security of our customers very seriously," Sky said in response. "After being alerted to the risk, we began work on finding a remedy for the problem and we can confirm that a fix has been delivered to all Sky-manufactured products."

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged in