- Sky routers had a serious security flaw that left approximately 6 million customers exposed to remote access.
- This vulnerability was discovered and reported in May 2020 and was fixed only now, 18 months later.
- The exploit happened when a user opened a malicious link or website.
A major flaw in Sky broadband routers affected some 6 million customers who were left exposed to the remote compromise of their home networks. Even though the issue was reported as soon as it was discovered, the company took 18 months to fix it, leaving its clients endangered all this time. The researchers decided not to disclose their findings after the standard 90 days since users working from home would have been affected.
In May 2020, researchers discovered a DNS rebinding vulnerability in the Sky routers that allowed an attacker to bypass the same-origin policy, a browser feature that prevents web apps from interacting with domains without user consent. This flaw affected users who didn't change the default router's admin password (which, sadly, was the case for a great number of routers). However, brute-forcing non-default credentials was also an option.
The malicious HTTP server stopped responding after a few seconds, so the browser then sent another DNS request, but now the malicious DNS server replied with the victim's IP address - the client's router. As a result, the user's browser treated the router's IP address (192.168.0.1) as the subdomain's IP and dangerously gave the iframe control over the router.
After the payload connection to the target router was established, the attacker could connect directly to the router’s web application and do things like setting up a DMZ server or configuring port forwarding to expose the user network.
This security flaw affected the following models: Sky Hub 3, 3.5 and Booster 3 (ER110, ER115, EE120), Sky Hub 2 and Booster 2 (SR102, SB601), Sky Hub (SR101), and Sky Hub 4 and Booster 4 (SR203, SE210).
This month, a new malware written in the open-source programming language Golang (Go) was discovered to have 33 exploits ready to be deployed targeting vulnerabilities found in millions of routers and IoT devices. Also, in October, Cisco Talos discovered multiple vulnerabilities in the ZTE MF971R LTE portable router.