UK ISP Had 6 Million Routers Vulnerable for a DNS Vulnerability for 18 Months
Security researchers have revealed that around 6 million Sky routers have been affected by a DNS rebinding vulnerability that would have let attackers control any router in the past 18 months.
Internet service providers (ISP) often offer their own routers to people who subscribe to their services. The problem is that ISPs have to provide proper support for those routers, or customers might keep vulnerable devices in their network.
Routers are all the most important as they are usually home guardians as well, acting as gatekeepers to our kingdoms. A crack in that “wall” is much less than ideal. Whether the exploit has been used in the wild is unclear.
Sky’s routers have been affected until recently by a DNS rebinding vulnerability that could have allowed attackers to remotely take over devices, especially those still using the default credentials. People who connected to the Internet from behind one of those routers could have been tricked into clicking on a link that let remote attackers redirect DNS traffic and eventually take control.
From there, obtaining the Wi-Fi password, enabling DMZ servers, or simply forwarding ports would have been trivial, eventually giving an attacker a legitimate way to enter the network.
“With remote management enabled, the attacker could connect directly to the router’s web application and modify any settings, such as setup up a DMZ server or configure port forwarding, exposing the internal home network to the internet,” said the Pen Test Partners researchers.
“Affected models: Sky Hub 3, 3.5 and Booster 3 (ER110, ER115, EE120) Sky Hub 2 and booster 2 (SR102, SB601) Sky Hub (SR101). The Sky Hub 4 and Booster 4 (SR203, SE210) were also affected by the DNS rebinding vulnerability, however, every device comes with a random administrator password, limiting the ease of attack as the password must be brute forced,” they added.
While it’s not uncommon to find vulnerabilities in routers, taking 18 months to fix the issue is not ordinary. The researchers initially provided Sky with the regular 90 days window and extended way past that mark when the pandemic hit.
The initial report came on May 11, 2020, but the ISP managed to cover 50% of the user base with a patch by May 2021. The latest messages from the company said that they managed to update 99% of the routers, 18 months later, in October 2021.
Abode IoT Security Camera Vulnerabilities Would Let Attackers Insert Images, Bitdefender Finds
December 21, 2021
Online Shoppers Beware, Mobile Scams Are on the Rise
December 17, 2021
The Holiday Guide to Tech Support: Fixing the Family Computer
November 24, 2021
Bitdefender Celebrates 20 Years of Cybersecurity Leadership
November 04, 2021
Bitdefender Study Reveals How Consumers Like (and Dislike) Managing Passwords
October 26, 2021
What are drive-by download attacks and how do you prevent them?
October 25, 2021