- This robot vacuum has a side-mounted handheld vacuum and is $380 off for Black Friday
- This 2 TB Samsung 990 Pro M.2 SSD is on sale for $160 this Black Friday
- Buy Microsoft Visio Professional or Microsoft Project Professional 2024 for just $80
- Get Microsoft Office Pro and Windows 11 Pro for 87% off with this bundle
- Buy or gift a Babbel subscription for 78% off to learn a new language - new low price
Sky Slow to Fix Bug in Routers
Entertainment company Sky took more than 17 months to fix a security flaw that impacted roughly six million routers belonging to its customers.
The DNS rebinding vulnerability was discovered in May 2020 by Raf Fini, a researcher at British cybersecurity company Pen Test Partners.
Six router models were affected by the flaw: Sky Hub 3, Sky Hub 3.5, Booster 3, Sky Hub, Sky Hub 4, and Booster 4.
“It affected users with the default router’s admin password (admin:sky), which was the case for a high percentage of routers,” wrote Pen Test Partners in a blog post.
The flaw could have exposed a victim’s home network to the internet, allowing a cyber-criminal to gain direct access to the victim’s computers and devices.
Pen Test Partners criticized Sky’s snail-paced approach to fixing the vulnerability.
“Sky did not prioritize fixing the issue, taking nearly 18 months to fully resolve it, failing to meet numerous deadlines they set themselves,” said Pen Test Partners.
They added: “Despite having a published vulnerability disclosure program, Sky’s communications were particularly poor and had to be chased multiple times for responses.”
Pen Test Partners grew so frustrated with the entertainment company’s apparent lack of action that it eventually reached out to the BBC on August 6 over the matter.
“Only after we had involved a trusted journalist was the remediation program accelerated,” wrote Pen Test Partners.
Sky said in an email on October 22 that 99% of the affected routers had been updated. The company has offered to replace affected routers free of charge for its customers.
“After being alerted to the risk, we began work on finding a remedy for the problem and we can confirm that a fix has been delivered to all Sky-manufactured products,” said Sky.
Commenting on the news, Burak Agca, security engineer at Lookout said: “This situation shows why there has never been a greater need for zero trust networking strategies to be implemented by companies.
“Understanding whether a network connection has been compromised is critical for data in transit. Zero Trust Network Access (ZTNA) and Cloud Access Security Broker (CASB) services ensure that data and resources are only presented to registered and authenticated users, depending on the type of device and location, and the level of threat exposure.”
