Sky Slow to Fix Bug in Routers

Sky Slow to Fix Bug in Routers

Entertainment company Sky took more than 17 months to fix a security flaw that impacted roughly six million routers belonging to its customers. 

The DNS rebinding vulnerability was discovered in May 2020 by Raf Fini, a researcher at British cybersecurity company Pen Test Partners

Six router models were affected by the flaw: Sky Hub 3, Sky Hub 3.5, Booster 3, Sky Hub, Sky Hub 4, and Booster 4. 

“It affected users with the default router’s admin password (admin:sky), which was the case for a high percentage of routers,” wrote Pen Test Partners in a blog post

The flaw could have exposed a victim’s home network to the internet, allowing a cyber-criminal to gain direct access to the victim’s computers and devices.

Pen Test Partners criticized Sky’s snail-paced approach to fixing the vulnerability.

“Sky did not prioritize fixing the issue, taking nearly 18 months to fully resolve it, failing to meet numerous deadlines they set themselves,” said Pen Test Partners.

They added: “Despite having a published vulnerability disclosure program, Sky’s communications were particularly poor and had to be chased multiple times for responses.”

Pen Test Partners grew so frustrated with the entertainment company’s apparent lack of action that it

Read More: https://www.infosecurity-magazine.com/news/sky-router-flaw-slow-fix/