Results 1 to 8 of 8
How do sky update the router?
This is a discussion on How do sky update the router? within the Sky Router forums, part of the Sky Broadband help category; I was wondering how it is that Sky are able to update the router remotely. If the router username and ...
- 14-09-06, 08:18 AM #1
How do sky update the router?
I was wondering how it is that Sky are able to update the router remotely. If the router username and password are changed away from their defaults they shouldn't be able to log in. Does the Sky firmware therefore include a backdoor and what sort of security risk (if any) does that pose to users?
Edit: A bit of thought says that the router will be checking a server every so often (probably in the early hours) to look for updates rather than Sky logging in. Maybe Sky would check their logs to make sure all was well and good with your router - that'd be nice. Wonder where that server is (if I'm getting this right)?
Last edited by markbloke; 14-09-06 at 08:37 AM.
- 14-09-06, 08:35 AM #2
your router is obviously connected to them. i would think they can flash it from their end using the supervisor password they have not allowed us to know - ie the one that allows you to telnet etc.
as far as any backdoor goes - my biggest worry is, if they are changing open source software to meet their own requirements and not publishing what they have done - they could easily change firewall rules to let unrequested packets from them pass through the firewall to your pc. the next thing we could notice is adverts from sky popping up on our machines.
Last edited by dingdong; 14-09-06 at 12:11 PM.
- 14-09-06, 12:15 PM #3
lol now that would be some clever marketing
- 14-09-06, 12:26 PM #4
very possible though especially as some people have been advised to turn off their own software based firewalls to get the router to work.
depending on what sky put into the router software it could easily give them full control of your pc. i;'m not of course suggesting they would do this - but they could.
Last edited by dingdong; 14-09-06 at 12:28 PM.
- 14-09-06, 01:13 PM #5
If I understand correctly, markbloke was asking if Sky could still update the router after, er, well, you know, the root password had by some means or other been changed from the secret sky one to blank? In such a situation, any hidden user needed to perform the updates would have been lost. Given that they'd be unable to do the "press the button and power on" trick, I doubt they'd be able to access it.
I can envisage a humerous conversation with sky whereby sky say "we can't seem to access your router for updates", "yes, that's right, I've made some changes to the, er, config", "well we need access as per the agreement, or we'll disconnect you", "absolutely no problem at all old chap, what access do you need and I'll set it up for you right away", "we're not going to tell you - it's secret!".
EDIT. Yes, it would be wise to keep a PC firewall running to prevent sky shenanigans.
- 14-09-06, 01:27 PM #6
although on a more serious note there is no way they are going to use it like that for marketing and hence why they also give you the software firewall aswell.
the router checks a server for the update at certain times.
wound be kind of crazy advertising though lol
- 14-09-06, 01:29 PM #7
re: the router checks a server for the update at certain times.
that's ok then
guess mine won't be doing that until they send me one that works
- 14-09-06, 02:34 PM #8
Yup, I figured Sky wouldn't want to be trying to upgrade thousands of customers individually when they can do it by setting up a server (somewhere?) and getting the routers to do the donkey work. It was just the bit about not denying Sky "access" in the T&C that threw me. In any case I doubt they actually compile a list of "missing" user IDs from their update logs and pester people just yet but maybe they'd be a bit more vigilant in the case of a major security update.
My router is of course using happy clappy Sky firmware so I'm not bovvered anyway, just curious as always.