0

Discussion topic: Security concerns about Sky staff/systems accessing internal router LAN

Reply
Avatar for Rockingit
Level 1 icon
What's this?
This message was authored by: Rockingit

Message posted on ‎22 Jul 2025 08:41 AM

Security concerns about Sky staff/systems accessing internal router LAN

Whilst in the throws of a horrendous tech support call yesterday (which has only started to get resolved after I hung up and made a formal complaint...) I was a bit shocked to have the tech support agent tell me (wrongly) that my issue was with dropped packets on our side of the LAN wifi, and then proceeded to tell me the machine names involved - in other words they were monitoring/able to access the private LAN side of the router and log traffic.  (Not talking about the WAN side, that's theirs and of course is going to be monitored in stages)

 

Apart from the privacy and security issues involved - especially now they've moved everything over to India - I'm perplexed as to how.  I've checked our router and there are no sneakily open ports, remote management...nadda.  This makes me think that if you use their supplied router there is some undisclosed backdoor access going on that's straddling a local firewall?

 

More's the point, how do we prevent this?  We are a business account not residential and this throws some massive privacy /gdpr issues with regards to some of our client data.

 

Cheers, R.

 

 

Report post
Post 1 of 8
389 Views
0 Likes
Reply
Reply

All Replies

Avatar for Mr+Slant
Level 9 icon
What's this?
This message was authored by: Mr+Slant

Message posted on ‎22 Jul 2025 10:21 AM - last edited: ‎22 Jul 2025 10:24 AM

Re: Security concerns about Sky staff/systems accessing internal router LAN

It'll be TR-069 and there's nothing you can do to prevent it other than use a router which wasn't supplied by Sky. You should find port 7547 TCP is open and you won't be able to close it.

 

Every major ISP in the UK uses TR-069 (or their own variant) so this isn't unique to Sky.

 

https://en.wikipedia.org/wiki/TR-069

Report post
Post 2 of 8
376 Views
Reply
Avatar for Rockingit
Level 1 icon
What's this?
Topic Author
This message was authored by: Rockingit

Message posted on ‎22 Jul 2025 10:44 AM

Re: Security concerns about Sky staff/systems accessing internal router LAN

Thank you for the education - had no idea!

 

So the logical next question has to be...   recommendations for a suitable replacement router?

Report post
Post 3 of 8
367 Views
0 Likes
Reply
Avatar for TimmyBGood
Level 16 icon
What's this?
Superuser
This message was authored by: TimmyBGood

Message posted on ‎22 Jul 2025 11:31 AM - last edited: ‎22 Jul 2025 11:39 AM

Re: Security concerns about Sky staff/systems accessing internal router LAN

Posted by a Superuser, not a Sky employee. Find out more
@Rockingit wrote:

and then proceeded to tell me the machine names involved - in other words they were monitoring/able to access the private LAN side of the router and log traffic. 

 

Being able to see WINS or similar names of devices talking to or through the Hub is not the same thing as monitoring or logging traffic content.

 

It's perhaps problematic if a user has chosen to name a device 'bathroom_spycam_3'  ; )

* * * * * * *

Sky Glass 55" (on ethernet) & two Stream Pucks (one ethernet / one WiFi)
BT Halo 3+ Ultrafast FTTP (500Mbs), BT Smart Hub 2
Report post
Post 4 of 8
352 Views
0 Likes
Reply
Avatar for JimM1
Level 12 icon
What's this?
This message was authored by: JimM1

Message posted on ‎22 Jul 2025 12:20 PM

Re: Security concerns about Sky staff/systems accessing internal router LAN

@Rockingit As you are a business acount with sky you should talk to the business manager for your account at sky!

Report post
Post 5 of 8
329 Views
0 Likes
Reply
Avatar for Mr+Slant
Level 9 icon
What's this?
This message was authored by: Mr+Slant

Message posted on ‎22 Jul 2025 12:32 PM

Re: Security concerns about Sky staff/systems accessing internal router LAN

Depends on what service you have in terms of what's available. VDSL2/G.fast/FTTP will all have different options.

 

Main thing is to ensure the router supports DHCP Option61 (sometimes erroneously referred to as MER) so it'll connect to Sky. Not all do.

Report post
Post 6 of 8
321 Views
0 Likes
Reply
Avatar for Osmond
Level 2 icon
What's this?
This message was authored by: Osmond

Message posted on ‎22 Jul 2025 02:12 PM

Re: Security concerns about Sky staff/systems accessing internal router LAN

If you are concerned about privacy, are technically minded and have a spare bare metal machine you could create your own router using OPNSense.

Report post
Post 7 of 8
304 Views
0 Likes
Reply
Avatar for jamesn123
Level 16 icon
What's this?
Superuser
This message was authored by: jamesn123

Message posted on ‎22 Jul 2025 04:09 PM

Re: Security concerns about Sky staff/systems accessing internal router LAN

Posted by a Superuser, not a Sky employee. Find out more

@Rockingit 

Sky cannot see your LAN traffic directly, they can see device names (Which also appear in the Sky broadband diagnostics area on the website) and router traffic statistics e.g. WAN speed, number of tx/rx packets, dropped packets etc. 

I am NOT a Sky Employee
Myself & Others offer our time to help others, please be respectful.
Report post
Post 8 of 8
292 Views
0 Likes
Reply
Reply