Significant Security Flaw Left 6 Million Sky Routers Customers Exposed

  • Sky routers had a serious security flaw that left approximately 6 million customers exposed to remote access.
  • This vulnerability was discovered and reported in May 2020 and was fixed only now, 18 months later.
  • The exploit happened when a user opened a malicious link or website.

A major flaw in Sky broadband routers affected some 6 million customers who were left exposed to the remote compromise of their home networks. Even though the issue was reported as soon as it was discovered, the company took 18 months to fix it, leaving its clients endangered all this time. The researchers decided not to disclose their findings after the standard 90 days since users working from home would have been affected.

In May 2020, researchers discovered a DNS rebinding vulnerability in the Sky routers that allowed an attacker to bypass the same-origin policy, a browser feature that prevents web apps from interacting with domains without user consent. This flaw affected users who didn't change the default router's admin password (which, sadly, was the case for a great number of routers). However, brute-forcing non-default credentials was also an option.

source: PenTestPartners

The attack unraveled when a user opened a compromised link or visited a website operated by the actors that contained an iframe requesting data from a subdomain under the actor's control. In this request, a malicious DNS server responded with the correct IP address of the compromised server, loading a JavaScript payload in the iframe, which sent consecutive HTTP requests to the server.

The malicious HTTP server stopped responding after a few seconds, so the browser then sent another DNS request, but now the malicious DNS server replied with the victim's IP address - the client's router. As a result, the user's browser treated the router's IP address (192.168.0.1) as the subdomain's IP and dangerously gave the iframe control over the router.

After the payload connection to the target router was established, the attacker could connect directly to the router’s web application and do things like setting up a DMZ server or configuring port forwarding to expose the user network.

This security flaw affected the following models: Sky Hub 3, 3.5 and Booster 3 (ER110, ER115, EE120), Sky Hub 2 and Booster 2 (SR102, SB601), Sky Hub (SR101), and Sky Hub 4 and Booster 4 (SR203, SE210).

This month, a new malware written in the open-source programming language Golang (Go) was discovered to have 33 exploits ready to be deployed targeting vulnerabilities found in millions of routers and IoT devices. Also, in October, Cisco Talos discovered multiple vulnerabilities in the ZTE MF971R LTE portable router.

Latest
How to Watch European Athletics Championships 2022 Online From Anywhere
The Athletics action is about to get underway at the 2022 European Championships, and we cannot wait to watch our favorite track...
How to Watch Legacy: The True Story of the LA Lakers Online From Anywhere
A new documentary series featuring LeBron James, Shaquille O'Neal, Magic Johnson, and more will soon premiere, and we're excited to watch it...
How to Watch Sky High Club: Scotland and Beyond Online From Anywhere
The show that tells the stories of the young crew members of the UK's largest regional airline will premiere soon, and we...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari
[class^="wpforms-"]
[class^="wpforms-"]
[class^="wpforms-"]
[class^="wpforms-"]