Six million Sky broadband routers had major security flaw

25 November 2021, 13:34

Sky stock
Sky stock. Picture: PA

Security researchers said a software bug could have allowed hackers to take over a user’s home network.

Around six million Sky broadband routers contained a software bug that could have allowed hackers to take over home networks and access devices and personal data, a security company has said.

The flaw has been fixed, but the security researchers said it took the company nearly 18 months to fix the problem.

Sky said it took the security of its customers “very seriously” and had begun working to fix the problem as soon as it was made aware of it.

The bug, which was uncovered by the security group Pen Test Partners, affected users who had not changed the router’s default admin password – which was simple and easy to guess – and could enable hackers to easily reconfigure the router and take over a network just by directing the user to a malicious website.

This could then give hackers access to sensitive information including log-in details for online banking and other websites.

According to the researchers, the affected router models were: Sky Hub 3 (ER110), Sky Hub 3.5 (ER115), Booster 3 (EE120), Sky Hub (SR101), Sky Hub (SR203), and the Booster 4 (SE210).

In addition, around 1% of the routers issued by Sky are not made by the company itself and could not be updated with the fix.

But customers who have one can ask Sky to replace it, free of charge.

Pen Test Partners said there was no evidence the flaw had been exploited, but criticised Sky for the time it took to fix the issue.

It claimed the internet service provider had repeatedly pushed back deadlines it had set to fix the problem.

The researchers said they understood the initial delay due to the coronavirus lockdown and the challenges facing internet providers because of the “vastly increased network loading as working from home became the new norm”, which it said it did not want to disrupt.

But they said they were concerned by the overall speed of the company’s response, saying they believed Sky “did not give the patch the priority their customers deserved”.

The group also encouraged anyone with a broadband router to change the passwords on it from the ones set by default.

In response, a Sky spokesperson said: “We take the safety and security of our customers very seriously.

“After being alerted to the risk, we began work on finding a remedy for the problem and we can confirm that a fix has been delivered to all Sky manufactured products.”

By Press Association

More Technology News

See more More Technology News

Elizabeth Denham

Outgoing Information Commissioner reflects on ‘big beast of a job’

A patient receives a Covid-19 vaccine booster

Social networking websites launch features to encourage users to get boosters

Social media apps

TikTok enhances safety policies around young people and online challenges

Apple iPhone 13

Apple to launch self-service repair scheme

The logo of mobile phone network EE is displayed on the screen of a smartphone

EE unveils gaming data monthly plans featuring Xbox consoles

Royal visit to Microsoft HQ

William visits Microsoft UK to learn how AI combats illegal wildlife trade

Huawei concerns

Government powers to strip Huawei equipment from 5G networks come into force

A child using a laptop computer

Peers back efforts to boost online age checks amid child safety fears

Oxford Street Stores Stock

Dyson launches virtual reality experience store

A picture of the Twitter, Instagram and Facebook icons

Prevent adults from direct messaging children, Ofcom tells social media firms

A Bitcoin symbol is presented on an LED screen during the closing ceremony of a congress for cryptocurrency investors in El Salvador

El Salvador to build cryptocurrency-fuelled Bitcoin City

End-to-end encryption has sparked fears of threatening children’s safety online (Peter Byrne/PA)

Facebook owner says encryption of all messaging services not until 2023

Electric vehicle charging points

Electric vehicle charging points: What are they and how do they work?

Amazon logo

Italian competition watchdog fines Apple and Amazon £170m

Ben Wood, founder of the Mobile Phone Museum

Mobile Phone Museum launches online

Lush store

Lush to close social media accounts over platform safety concerns