Six million Sky routers had serious security flawon November 19, 2021 at 9:01 am

- Advertisement -
- Advertisement -
- Advertisement -
- Advertisement -

The issue, which could have let hackers take over home networks, took 18 months to fix, researchers say.

Sky router

About six million Sky routers had a significant software bug that could have allowed hackers to take over home networks, a security company has revealed.

The problem has been fixed – but researchers say it took Sky 18 months to address.

The vulnerability could have affected anyone who had not changed the router’s default admin password.

Sky said an update at such scale took time.

“We take the safety and security of our customers very seriously,” Sky said.

“After being alerted to the risk, we began work on finding a remedy for the problem and we can confirm that a fix has been delivered to all Sky-manufactured products.”

Affected models were:

  • Sky Hub 3 (ER110)
  • Sky Hub 3.5 (ER115)
  • Booster 3 (EE120)
  • Sky Hub (SR101)
  • Sky Hub 4 (SR203)
  • Booster 4 (SE210)

Although, these last two devices came with a randomly generated admin password, which would have made it harder for a hacker to exploit.

In addition, about 1% of routers issued by Sky are not made by the company itself.

And customers who have one can now ask for it to be replaced free of charge.

The flaw in software code, found by researcher Raf Fini, from Pen Test Partners, would have allowed a hacker to reconfigure a home router simply by directing the user to a malicious website via a phishing email.

And then they could “take over someone’s online life”, stealing passwords for banking and other websites, Pen Test Partner’s Ken Munro told BBC News.

There was no evidence the flaw had been exploited but the delay fixing it was baffling, he said.

“While the coronavirus pandemic put many internet service providers under pressure, as people moved to working from home, taking well over a year to fix an easily exploited security flaw simply isn’t acceptable,” he said.

Anyone with a router should change passwords from the ones set by default, Mr Munro added.

Earlier this year, BBC News discovered an insecure Vodafone router with a default password may have allowed a stranger to take over a couple’s wi-fi and use it to upload illegal images of child abuse to the internet.

The couple faced a police investigation that caused massive disruption to their lives and led to mental health problems.

In May, consumer watchdog Which? warned millions of routers that had missed several years of critical security updates, making them ripe for exploitation by hackers, remained in use in the UK.

- Advertisement -

Discover

Sponsor

Latest

Captain Sexton returns as Ireland make six changes for England at Twickenhamon March 10, 2022 at 11:06 am

Johnny Sexton is restored to Ireland's starting line-up as one of six changes made by Andy Farrell for the trip to Twickenham.

The Hot Shows of 2020 – Tips for Getting A Spot on The Hot List

So you want to be on the list of the hottest shows of 2020? Well, it is hard to know where to start, but...

Tokyo Olympics: First Covid cases in athletes’ village and Team GB have eight self-isolatingon July 18, 2021 at 2:18 pm

Two South Africa footballers test positive for Covid-19 in Olympic village, while eight Team GB athletes and staff isolating as close contacts.Meanwhile, six athletes...

Ingrid Betancourt: Former Farc captive announces presidential bidon January 19, 2022 at 1:59 am

Ex-Senator Ingrid Betancourt spent six years as a Farc captive after being kidnapped in 2002.Image source, Getty ImagesThe former Colombian senator, Ingrid Betancourt, has...

Families in Nottingham maternity inquiry hit out at reviewon April 6, 2022 at 4:03 pm

A letter states a review into failing maternity services in Nottingham is moving like treacle.Image source, LDRSDozens of families have written to the government...