Six million Sky broadband customers exposed to flaw that could let hackers steal bank info
19 November 2021, 15:55
Around six million Sky broadband customers were exposed to a security flaw that would have allowed hackers to "control millions of hubs for 18 months", a security company has warned.
Listen to this article
Loading audio...
The flaw has been fixed, but the security researchers said it took Sky nearly 18 months to fix the problem.
The bug was uncovered by the security group Pen Test Partners, who said it affected users who had not changed the router's default admin password.
As this is simple and easy to guess, hackers could easily reconfigure the router and take over a network, just by directing the user to a malicious network.
This could then give hackers access to sensitive information including log-in details for online banking.
According to the researchers, the affected router models were: Sky Hub 3 (ER110), Sky Hub 3.5 (ER115), Booster 3 (EE120), Sky Hub (SR101), Sky Hub (SR203), and the Booster 4 (SE210).
Sky said it had begun working to fix the problem as soon as it was made aware of it and it took the security of its customers "very seriously".
Cyber security expert explains what is behind the twitter hack
Pen Test Partners said there was no evidence the flaw had been exploited, but criticised Sky for the time it took to fix the issue.
It claimed the internet service provider had repeatedly pushed back deadlines it had set to fix the problem.
A spokesman for Sky said: "We take the safety and security of our customers very seriously.
"After being alerted to the risk, we began work on finding a remedy for the problem and we can confirm that a fix has been delivered to all Sky manufactured products."
The initial delay to the time it took for Sky to fix the problem was put down to the coronavirus pandemic, researchers said.
It also said it did not want to disrupt the "vastly increased network loading as working from home became the new norm".
But researchers were concerned by the speed - and time it took - for the company to respond, saying they believed Sky "did not give the patch the priority their customers deserved".
If you have a broadband router mentioned above, the research company has advised you change the passwords on it from the default ones set.
