Security News > 2021 > November > Six million Sky routers exposed to takeover attacks for 17 months
Around six million Sky Broadband customer routers in the UK were affected by a critical vulnerability that took over 17 months to roll out a fix to customers.
DNS rebinding attacks are used to bypass a browser security measure called Same Origin Policy, which blocks a site from sending requests to websites other than its own origin.
This is where DNS Rebinding attacks come into play, and when conducted properly, leads to a whole slew of attacks.
The fixing patch never came, and Sky eventually revised the plan, promising to fix 50% of the affected models by May 2021, which was fulfilled.
Eventually, on October 22, 2021, Sky emailed to say that Sky had fixed 99% of all vulnerable routers via an update.
This was over 17 months since the initial disclosure, leaving users vulnerable to DNS rebinding attacks during a period when many of them worked from home.