Sky: ‘Serious’ security flaw on six million routers left customers vulnerable to hackers

A “serious” security flaw affecting around six million Sky routers left customers open to hackers for more than 17 months, researchers have said.

The security issue meant internet users with Sky routers were vulnerable to hacks and online attacks for well over a year, according to internet security company Pen Test Partners.

Hackers could have accessed the passwords and private information of Sky router customers, if they hadn’t changed the router’s default admin password.

The flaw was discovered by Raf Fini, a researcher at Pen Test Partners. Mr Fini’s colleague Ken Munro told ITV News “anything” users did on their home Wi-Fi was potentially accessible by a cyber attacker.

He said hackers would have been able to take over the “online life” of a Sky router user.

Mr Munro said it took Sky “too long” to fix the problem, after the company was made aware of it, leaving users across the country vulnerable for longer than they could have been.

Pen Test Partners said they notified Sky about the problem in May 2020. Sky acknowledged the problem, but it wasn’t until October 2021 – 17 months and 11 days later – that Sky said 99% of all affected routers had been updated.

In response to the security issues, Sky told ITV News it began work on fixing the solution as soon as they became aware of the problem.

A Sky spokesperson said: “We can confirm that a fix has been delivered to all Sky-manufactured products.” ITV