Significant Security Flaw Left 6 Million Sky Routers Customers Exposed

  • Sky routers had a serious security flaw that left approximately 6 million customers exposed to remote access.
  • This vulnerability was discovered and reported in May 2020 and was fixed only now, 18 months later.
  • The exploit happened when a user opened a malicious link or website.

A major flaw in Sky broadband routers affected some 6 million customers who were left exposed to the remote compromise of their home networks. Even though the issue was reported as soon as it was discovered, the company took 18 months to fix it, leaving its clients endangered all this time. The researchers decided not to disclose their findings after the standard 90 days since users working from home would have been affected.

In May 2020, researchers discovered a DNS rebinding vulnerability in the Sky routers that allowed an attacker to bypass the same-origin policy, a browser feature that prevents web apps from interacting with domains without user consent. This flaw affected users who didn't change the default router's admin password (which, sadly, was the case for a great number of routers). However, brute-forcing non-default credentials was also an option.

source: PenTestPartners

The attack unraveled when a user opened a compromised link or visited a website operated by the actors that contained an iframe requesting data from a subdomain under the actor's control. In this request, a malicious DNS server responded with the correct IP address of the compromised server, loading a JavaScript payload in the iframe, which sent consecutive HTTP requests to the server.

The malicious HTTP server stopped responding after a few seconds, so the browser then sent another DNS request, but now the malicious DNS server replied with the victim's IP address - the client's router. As a result, the user's browser treated the router's IP address (192.168.0.1) as the subdomain's IP and dangerously gave the iframe control over the router.

After the payload connection to the target router was established, the attacker could connect directly to the router’s web application and do things like setting up a DMZ server or configuring port forwarding to expose the user network.

This security flaw affected the following models: Sky Hub 3, 3.5 and Booster 3 (ER110, ER115, EE120), Sky Hub 2 and Booster 2 (SR102, SB601), Sky Hub (SR101), and Sky Hub 4 and Booster 4 (SR203, SE210).

This month, a new malware written in the open-source programming language Golang (Go) was discovered to have 33 exploits ready to be deployed targeting vulnerabilities found in millions of routers and IoT devices. Also, in October, Cisco Talos discovered multiple vulnerabilities in the ZTE MF971R LTE portable router.

Latest
How to Watch RapCaviar Presents Online from Anywhere
Rapcaviar Presents is a new documentary that’s based on the influential Spotify playlist launched in 2015, which is followed by more than...
How to Watch Witness Online: Stream the 2023 Documentary Series from Anywhere
Witness is a new original documentary series that explores some of the most riveting viral videos of our time through the eyes...
How to Watch Six Four Online: Stream the Kevin McKidd & Vinette Robinson Drama from Anywhere
Six Four is a new drama based on the best-selling Japanese book by Hideo Yokoyama and is a dark and engrossing tale...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari