Industry News

FTC Nails Asus for Failing Router Security

gavel-conviction-800

The Federal Trade Commission (FTC) and ASUSTeK Computer, Inc. have agreed to settle on beefing up home router security after critical flaws potentially affected hundreds of thousands of consumers.

Hackers could have allegedly exploited security vulnerabilities in both Asus routers and built-in cloud services for complete access to both network devices and data. Illicit router remote logins would have allowed hackers to install malicious code on household devices or monitor their traffic, potentially compromising any IoT (Internet-of-Things) device within the network.

“The Internet of Things is growing by leaps and bounds, with millions of consumers connecting smart devices to their home networks,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “Routers play a key role in securing those home networks, so it’s critical that companies like ASUS put reasonable security in place to protect consumers and their personal information.”

The settlement follows a complaint in 2014, following a mass compromise of Asus routers that enabled hackers to gain remote access to 12,900 Asus routers in February 2014, and potentially countless other connected devices.

Poor password protection and other easily exploitable vulnerabilities, such as cross-site scripting and cross-site request forgery, have made Asus routers easy targets for cybercriminals. What’s more, file transfer protocols enabled by the router allegedly broadcasted unencrypted data over the network.

The FTC’s stance claimes Asus has broken federal law by failing to protect its customers and data. The settlement forces Asus to maintain a security program and collaborate with independent testers for the next 20 years.

“The Commission issues an administrative complaint when it has ‘reason to believe’ that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest,” reads the FTC announcement. “The proposed consent order will require ASUS to establish and maintain a comprehensive security program subject to independent audits for the next 20 years.”

For those of you with home routers – Asus ror not – here are a couple of tips for securing them:

  • Change default login credentials to the administration console;
  • Install the latest security updates and patches for your router;
  • Limit access to network sharing features;
  • Carefully review the router’s default settings during the set-up process.

About the author

Liviu ARSENE

Liviu Arsene is the proud owner of the secret to the fountain of never-ending energy. That's what's been helping him work his everything off as a passionate tech news editor for the past couple of years. He is the youngest and most restless member of the Bitdefender writer team and he covers mobile malware and security topics with fervor and a twist. His passions revolve around gadgets and technology, and he's always ready to write about what's hot and trendy out there in geek universe.

Add Comment

Click here to post a comment

Your email address will not be published. Required fields are marked *