UK ISP Had 6 Million Routers Vulnerable for a DNS Vulnerability for 18 Months

Security researchers have revealed that around 6 million Sky routers have been affected by a DNS rebinding vulnerability that would have let attackers control any router in the past 18 months.

Internet service providers (ISP) often offer their own routers to people who subscribe to their services. The problem is that ISPs have to provide proper support for those routers, or customers might keep vulnerable devices in their network.

Routers are all the most important as they are usually home guardians as well, acting as gatekeepers to our kingdoms. A crack in that “wall” is much less than ideal. Whether the exploit has been used in the wild is unclear.

Sky’s routers have been affected until recently by a DNS rebinding vulnerability that could have allowed attackers to remotely take over devices, especially those still using the default credentials. People who connected to the Internet from behind one of those routers could have been tricked into clicking on a link that let remote attackers redirect DNS traffic and eventually take control.

From there, obtaining the Wi-Fi password, enabling DMZ servers, or simply forwarding ports would have been trivial, eventually giving an attacker a legitimate way to enter the network.

“With remote management enabled, the attacker could connect directly to the router’s web application and modify any settings, such as setup up a DMZ server or configure port forwarding, exposing the internal home network to the internet,” said the Pen Test Partners researchers.

“Affected models: Sky Hub 3, 3.5 and Booster 3 (ER110, ER115, EE120) Sky Hub 2 and booster 2 (SR102, SB601) Sky Hub (SR101). The Sky Hub 4 and Booster 4 (SR203, SE210) were also affected by the DNS rebinding vulnerability, however, every device comes with a random administrator password, limiting the ease of attack as the password must be brute forced,” they added.

While it’s not uncommon to find vulnerabilities in routers, taking 18 months to fix the issue is not ordinary. The researchers initially provided Sky with the regular 90 days window and extended way past that mark when the pandemic hit.

The initial report came on May 11, 2020, but the ISP managed to cover 50% of the user base with a patch by May 2021. The latest messages from the company said that they managed to update 99% of the routers, 18 months later, in October 2021.