Six million Sky routers exposed to takeover attacks for 17 months

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,262
Content source
https://www.bleepingcomputer.com/news/security/six-million-sky-routers-exposed-to-takeover-attacks-for-17-months/
Around six million Sky Broadband customer routers in the UK were affected by a critical vulnerability that took over 17 months to roll out a fix to customers.

The disclosed vulnerability is a DNS rebinding flaw that threat actors could easily exploit if the user had not changed the default admin password, or a threat actor could brute-force the credentials.

The result of the exploitation would be to compromise the customer's home network, change the router's configuration, and potentially pivot to other internal devices.
Click to expand...
Fix took 17 months to roll out

The PenTestPartners team reported their findings on May 11, 2020, and Sky acknowledged the issue and set a fixing date for November 2020.

That was over the standard 90 days of vulnerability disclosure, but the researchers accepted it without objection since the ISP was dealing with unusual traffic burdens from the COVID-19 lockdown.

The fixing patch never came, and Sky eventually revised the plan, promising to fix 50% of the affected models by May 2021, which was fulfilled.

With the other half still vulnerable and PenTestPartners feeling that Sky was not acting with much urgency, the researchers contacted the press in August as a way to apply additional pressure.

Eventually, on October 22, 2021, Sky emailed to say that Sky had fixed 99% of all vulnerable routers via an update.

This was over 17 months since the initial disclosure, leaving users vulnerable to DNS rebinding attacks during a period when many of them worked from home.
Click to expand...
 
  • Like
  • Wow
  • +Reputation
Reactions: upnorth, Nevi, brambedkar59 and 5 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • Wow
    • +Reputation
Security News YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel
Replies
6
Views
2,193
Security News
bazang
bazang
Gandalf_The_Grey
    • Love
    • +Reputation
Security News Two Santa Cruz students uncover security bug that could let millions do their laundry for free
Replies
1
Views
1,901
Security News
vtqhtr413
vtqhtr413
Gandalf_The_Grey
    • Wow
    • +Reputation
Security News Over 90,000 LG Smart TVs may be exposed to remote attacks
Replies
1
Views
1,417
Security News
ForgottenSeer 109138
F

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top