Millions Of Sky Routers Left Vulnerable To Attack For Months

A security flaw left six million Sky routers vulnerable to serious attacks for 18 months, researchers have said.

The bug could have allowed attackers to route online traffic through a malicious server, enabling them to steal passwords and other sensitive information, Pen Test Partners said.

Sky said it fixed the issue in October, 18 months after it had been notified by researchers.

The company said delivering a fix to multiple router models took time.

Patch delay

The researchers recommended users change their default router administrator passwords. Users who had not changed the password could have been more easily exploited. There is no evidence that the bug was exploited.

“We recommend that customers change the administrator password for the router web interface to mitigate this vulnerability,” PenTest Partners said in an advisory.

“We take the safety and security of our customers very seriously. After being alerted to the risk, we began work on finding a remedy for the problem and we can confirm that a fix has been delivered to all Sky-manufactured products,” Sky said in a statement.

The company said the roughly 1 percent of customers who use routers not manufactured by Sky can ask for these to be replaced free of charge.

DNS rebinding attack

Pen Test Partners said the flaw could have made the routers susceptible to a DNS rebinding attack, carried out by luring the user to a malicious website via a phishing email.

The attack could have been used to hijack the user’s online traffic, the firm said.

The vulnerable routers were Sky Hub, Sky Hub 2, Sky Hub 3, Sky Hub 3.5 and Booster 3. Sky Hub 4 and Booster 4 were also susceptible, but used randomly generated passwords, making attacks more difficult.

In May a Which? investigation found that millions of older routers could no longer receive security updates, but remained in use, making them vulnerable to attacks.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

TikTok ‘Halts E-Commerce Expansion Plans’

TikTok reportedly scraps plans to expand TikTok Shop livestream commerce in Europe and US after…

2 hours ago

European Parliament Passes Landmark Tech Regulations

European Parliament votes to adopt Digital Markets Act and Digital Services Act, but campaigners warn…

2 hours ago

Indian Economic Police Raid Offices Of Smartphone Maker Vivo

Indian economic crime agency Enforcement Directorate raids dozens of locations across India belonging to China's…

4 hours ago

French Music Service Deezer Slumps On Market Debut

Spotify and Apple Music competitor Deezer falls below opening price after long-delayed IPO in Paris…

5 hours ago

Foxconn Expects Stronger Sales In Spite Of Economic Gloom

iPhone manufacturer Foxconn revises full-year expectations upward amidst strong consumer and data centre demand, bucking…

6 hours ago

Samsung ‘To See Profits Jump’ On Data Centre Demand

Industry analysts expect Samsung's profits to jump 15 percent for the second quarter as strong…

6 hours ago