Significant Security Flaw Left 6 Million Sky Routers Customers Exposed

  • Sky routers had a serious security flaw that left approximately 6 million customers exposed to remote access.
  • This vulnerability was discovered and reported in May 2020 and was fixed only now, 18 months later.
  • The exploit happened when a user opened a malicious link or website.

A major flaw in Sky broadband routers affected some 6 million customers who were left exposed to the remote compromise of their home networks. Even though the issue was reported as soon as it was discovered, the company took 18 months to fix it, leaving its clients endangered all this time. The researchers decided not to disclose their findings after the standard 90 days since users working from home would have been affected.

In May 2020, researchers discovered a DNS rebinding vulnerability in the Sky routers that allowed an attacker to bypass the same-origin policy, a browser feature that prevents web apps from interacting with domains without user consent. This flaw affected users who didn't change the default router's admin password (which, sadly, was the case for a great number of routers). However, brute-forcing non-default credentials was also an option.

source: PenTestPartners

The attack unraveled when a user opened a compromised link or visited a website operated by the actors that contained an iframe requesting data from a subdomain under the actor's control. In this request, a malicious DNS server responded with the correct IP address of the compromised server, loading a JavaScript payload in the iframe, which sent consecutive HTTP requests to the server.

The malicious HTTP server stopped responding after a few seconds, so the browser then sent another DNS request, but now the malicious DNS server replied with the victim's IP address - the client's router. As a result, the user's browser treated the router's IP address (192.168.0.1) as the subdomain's IP and dangerously gave the iframe control over the router.

After the payload connection to the target router was established, the attacker could connect directly to the router’s web application and do things like setting up a DMZ server or configuring port forwarding to expose the user network.

This security flaw affected the following models: Sky Hub 3, 3.5 and Booster 3 (ER110, ER115, EE120), Sky Hub 2 and Booster 2 (SR102, SB601), Sky Hub (SR101), and Sky Hub 4 and Booster 4 (SR203, SE210).

This month, a new malware written in the open-source programming language Golang (Go) was discovered to have 33 exploits ready to be deployed targeting vulnerabilities found in millions of routers and IoT devices. Also, in October, Cisco Talos discovered multiple vulnerabilities in the ZTE MF971R LTE portable router.

REVIEW OVERVIEW

Latest

Why Is Demon Slayer So Popular?

In August 2019, the world suddenly started talking about an anime series that had just released its nineteenth episode. Fast forward to...

F1 Live Stream 2022: How to Watch Formula 1 Without Cable

There's not much time until the 2022 Formula 1 World Championship gets underway - the first race is scheduled for late March,...

Disney+ Announces Basketball Series Inspired By Award-Winning Book The Crossover

Disney Plus announced a new basketball-themed drama series that is set to land on the streaming platform, drawing inspiration from the critically...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari