Sky Q system - hacked??

NickNickleby

Greetings,

I am pretty unfamiliar with this system, but my mother has it installed. They have a broadband connection (router with DSL and WiFi), the SKY Q box next to the telly and a second SKYQ box (MID or something like that I think its called) to provide signal to the second TV.

Anyway, they're convinced someone has hacked them, because they've noticed that some recordings show up as 'viewed' but they're convinced they haven't looked at them yet. Apparently the next door neighbour recently got rid of Sky, so 2 + 2 makes hacking.

I've worked out that the SKY Q box gets tv signals from the dish and distributes them to the tv via hdmi, and to the MID box over wireless. So, if the MID box can connect to the SKY Q box, what's to stop someone putting another MID box in and connecting to the same SKY Q box?? As far as I can tell, the MID box doesn't ask for the SSID or WPA passwords, so could I be on to something?

To be honest, it'd surprise me if it was that simple, and perhaps it does verify with SKy via the internet connection (so that would suggest it uses the SSID, does it not?). All my suppositions are based on asking the brother what exactly happened when the technician installed the equipment, and also by looking at the setup using the RC for each of the boxes.

If anyone can confirm that a naughty neighbour with the right knowledge could do this, then I'll look at ways to get around it (changing SSIDs, dynamic ip address versus static etc).


By the way, it occurs to me that if I wanted to do this, this is exactly what I'd be asking on the Internet. My post history will show that I use Amiko Alien and am averse to piracy or theft of any kind. So, if someone can confirm that such a hack has been done before, then I'll take the story seriously and work to prevent it. Otherwise I'll tell the brother he's imagining it :pac:. Of course it might be prudent to implement tighter security anyway.
Cheers.

Mundo7976

Any chance the neighbour has gained a cess to the wifi network? If so they can watch recordings through sky Q app.
Secondly, if your folks were watching a programme and then decided to record it it will show as having been watched

EdgeCase

Yeah anyone who has a mobile phone / tablet with the Sky Q app and who an access your home Wi-Fi network can watch your Sky Q content.

Is their Wi-Fi network password protected or do they grant access to anyone outside the house?

corminators

It's possibly that you set a recording at say 9pm, then you are flicking thru the channels at that time and come across the show- it sets it to viewed in the system.

NickNickleby

Thanks guys for all the replies.

THeir house wifi needs a password to get in. but its the default one. I remember reading once that wifi can be hacked if the default SSID is used, because the default password is generated based on the SSID. figure out the algorithm and you can get into anyone's wifi. IF they are using the default SSID (which is why my home one is quite amusing, or rather, droll).

But then you got me to thinking a bit more on this. Do you know that by default, some providers allow their mobile users to access ANY wifi (of course as lomng as its in the same provider). Now, if SKY do that, then a smart user might have a sky mobile phone and connect to my mam's wifi. This of course is meant to be to allow Internet access via SKY broadband from your sky mobile. But this means that the mobile phone owner would be connected to the wireless LAN. Perhaps it would then be possible to target the SKY from the phone next door. This is really tin foil hat stuff at this stage. Even if you could, would you bother going to all that trouble to watch David Attenborough on a phone?

Still, this is all food for thought when tightening things up. However, I think its fair to say that the most likely scenario is the flicking through the channels can cause the 'viewed' flag to be set - the house is channel-flick-central :pac:.

Anyway guys, thanks for the ideas. I'll tell them they've been hacked and someone is watching porn :pac::pac::pac::pac::pac: (of course, I won't).

AlmightyCushion

NickNickleby wrote: »

Thanks guys for all the replies.

THeir house wifi needs a password to get in. but its the default one. I remember reading once that wifi can be hacked if the default SSID is used, because the default password is generated based on the SSID. figure out the algorithm and you can get into anyone's wifi. IF they are using the default SSID (which is why my home one is quite amusing, or rather, droll).

But then you got me to thinking a bit more on this. Do you know that by default, some providers allow their mobile users to access ANY wifi (of course as lomng as its in the same provider). Now, if SKY do that, then a smart user might have a sky mobile phone and connect to my mam's wifi. This of course is meant to be to allow Internet access via SKY broadband from your sky mobile. But this means that the mobile phone owner would be connected to the wireless LAN. Perhaps it would then be possible to target the SKY from the phone next door. This is really tin foil hat stuff at this stage. Even if you could, would you bother going to all that trouble to watch David Attenborough on a phone?

Still, this is all food for thought when tightening things up. However, I think its fair to say that the most likely scenario is the flicking through the channels can cause the 'viewed' flag to be set - the house is channel-flick-central :pac:.

Anyway guys, thanks for the ideas. I'll tell them they've been hacked and someone is watching porn :pac::pac::pac::pac::pac: (of course, I won't).

This is all wrong. The password for your wifi is not based on the SSID. Eircom used to do this but it was years ago and they have since changed it.

Also, if your provider allows their other subscriber to use your broadband (like Virgin's Horizon Wi-Free for example) they don't give them access to your wireless network. They create a separate wireless network just for those users. They cannot see traffic or access things on your wireless network.

NickNickleby

AlmightyCushion wrote: »

This is all wrong. The password for your wifi is not based on the SSID. Eircom used to do this but it was years ago and they have since changed it.

Also, if your provider allows their other subscriber to use your broadband (like Virgin's Horizon Wi-Free for example) they don't give them access to your wireless network. They create a separate wireless network just for those users. They cannot see traffic or access things on your wireless network.

Well, that's all very good news. It stands to reason that the Eircom fix would have been applied, and I only remembered that it was an issue with someone's router, so I apply the fix (ie personalised SSID) ever since.

Your second point is also reassuring, so they've closed the barn door before the horse has bolted.

So we're back to the most likely scenario.

Thanks for your input.

EdgeCase

Change the Wi-Fi password and see if it stops happening.

Ten Pin

... password...but its the default one.

As mentioned, change it, to something generated by a password manager/app that can be used on whatever connects to the WiFi network.

Just FYI the second box is called a Sky Q Mini

NickNickleby

EdgeCase wrote: »

Change the Wi-Fi password and see if it stops happening.

Ten Pin wrote: »

As mentioned, change it, to something generated by a password manager/app that can be used on whatever connects to the WiFi network.

Just FYI the second box is called a Sky Q Mini

Yes, I'm going to get rid of any 'defaults' whether it be SSID or IP address pool, or WiFi password. As pointed out by Almighty Cushion above, the service providers seem to be one step ahead so this might actually be redundant, but I think its good practice anyway. (We don't have a password manager app, so I keep my info in an encrypted file. Bit of a pain but I can live with it.).

Thanks for your suggestions.

redfacedbear

corminators wrote: »

It's possibly that you set a recording at say 9pm, then you are flicking thru the channels at that time and come across the show- it sets it to viewed in the system.

This definitely happens on Sky Q - flicking through a channel being recorded sets the viewed timer on the recording to that point even if you haven't watch any of the programme.

Also I'm fairly sure the mini box has to be paired to the main box, so if you check in the settings on the main box you'll see what minis are connected to it.

Marcusm

NickNickleby wrote: »

Well, that's all very good news. It stands to reason that the Eircom fix would have been applied, and I only remembered that it was an issue with someone's router, so I apply the fix (ie personalised SSID) ever since.

Your second point is also reassuring, so they've closed the barn door before the horse has bolted.

So we're back to the most likely scenario.

Thanks for your input.

It’s much more likely that one or other of them has flicked onto or through the channel as it’s being recorded and this is registered as the latest viewing point.

murpho999

Even if they get on your wifi, how can they access your programmes as you have to login with your Skyid and password on the app?

Marcusm

murpho999 wrote: »

Even if they get on your wifi, how can they access your programmes as you have to login with your Skyid and password on the app?

Not on the Sky Q app. its treats those who have access to the wifi as having access to Sky Q services. No log in required beyond wifi password.

murpho999

Marcusm wrote: »

Not on the Sky Q app. its treats those who have access to the wifi as having access to Sky Q services. No log in required beyond wifi password.

I wasn't aware of that as I'm signed in on my own Sky Q app.

You can also go into settings on the app and "Manage Devices" and see what devices are accessing the box.