Entertainment corporation Sky took more than 17 months to repair a security flaw that impacted around six million routers belonging to its customers.
The DNS rebinding vulnerability was discovered in May 2020 by Raf Fini, a researcher at British cybersecurity company Pen Examination Companions.
6 router types were affected by the flaw: Sky Hub 3, Sky Hub 3.5, Booster 3, Sky Hub, Sky Hub 4, and Booster 4.
Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.
Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).
➤ Activate Your Coupon Code
“It influenced end users with the default router’s admin password (admin:sky), which was the circumstance for a large share of routers,” wrote Pen Take a look at Companions in a blog post.
The flaw could have exposed a victim’s household network to the internet, enabling a cyber-prison to attain immediate access to the victim’s personal computers and units.
Pen Examination Partners criticized Sky’s snail-paced method to fixing the vulnerability.
“Sky did not prioritize correcting the issue, having approximately 18 months to entirely resolve it, failing to fulfill many deadlines they established by themselves,” said Pen Check Associates.
They additional: “Despite acquiring a released vulnerability disclosure program, Sky’s communications were particularly very poor and experienced to be chased multiple occasions for responses.”
Pen Examination Partners grew so pissed off with the leisure company’s apparent absence of action that it finally achieved out to the BBC on August 6 over the make a difference.
“Only just after we had concerned a trustworthy journalist was the remediation plan accelerated,” wrote Pen Take a look at Associates.
Sky claimed in an email on October 22 that 99% of the impacted routers experienced been current. The corporation has made available to substitute impacted routers cost-free of cost for its shoppers.
“After currently being alerted to the risk, we commenced perform on obtaining a treatment for the trouble and we can verify that a take care of has been shipped to all Sky-manufactured products,” said Sky.
Commenting on the news, Burak Agca, security engineer at Lookout said: “This scenario exhibits why there has by no means been a higher need to have for zero have confidence in networking approaches to be implemented by organizations.
“Understanding whether a network link has been compromised is critical for facts in transit. Zero Belief Network Access (ZTNA) and Cloud Accessibility Security Broker (CASB) solutions be certain that knowledge and means are only presented to registered and authenticated users, depending on the kind of device and locale, and the degree of threat publicity.”
Some sections of this short article are sourced from:
www.infosecurity-magazine.com