ASUS has settled a lawsuit with the FTC over its home routers’ vulnerabilities and has agreed to implement a security program that will be independently audited for the next 20 years.
In February 2014, thousands of Asus router owners found a disturbing text file saved to their devices.
“This is an automated message being sent out to everyone effected [sic],” the message read. “Your Asus router (and your documents) can be accessed by anyone in the world with an Internet connection.” The anonymous sender then urged the readers to visit a site that explained more about the router vulnerability.
Ars’ Dan Goodin suggests it should be regarded as a wake-up call not only for other router manufacturers, but for the entire IoT industry as well.
Read more about it here.
A new post by Ars Technica published yesterday reports two critical vulnerabilities affecting a series of ASUS RT routers. According to the report almost 13,000 routers have been exploited in the 8 months since the vulnerabilities were publicly disclosed, and the users of those routers have had files leaked online. ASUS is said to have patched the routers late last week.
As if that wasn’t enough, the same article makes mention of an attack that infects Linksys routers with self-replicating malware. The worm doesn’t seem to be stealing any data though.
Dan Gooding, the post’s author, notes in his closing paragraph:
Taken together, the attacks are a sign that routers and other Internet-connected devices are being subject to the same in-the-wild attacks that have plagued PCs—and in some cases Macs—for years. Readers are advised to lock down their routers by installing any available firmware updates, changing any default passwords, and ensuring that remote administration, Cloud, and FTP options are set to off if they’re not needed
You can find Ars’ post here.
If you have any questions or if you spotted any errors or omissions, please leave me a comment.