Menu
Asus settles charges over insecure routers and cloud services

Asus settles charges over insecure routers and cloud services

The company failed to quickly fix security flaws and notify customers, the FTC says

Critical security flaws in routers and cloud computing services offered by Asus put hundreds of thousands of customers at risk, the U.S. Federal Trade Commission has charged.

Taiwan-based Asus has agreed to settle an FTC complaint that it failed to take reasonable steps to secure the software on its routers, the agency said Tuesday. 

In addition to well-documented vulnerabilities in the routers, its cloud services led to thousands of customers' storage devices being compromised and exposed their personal information, the agency said.

The proposed settlement would require Asus to establish and maintain a comprehensive security program subject to independent audits for the next 20 years. The company didn't immediately respond to a request for a comment.

Millions of consumers are connecting new Internet of Things smart devices to their home networks, and router security is important, Jessica Rich, director of the FTC's Bureau of Consumer Protection, said in a statement. "It's critical that companies like Asus put reasonable security in place to protect consumers," she said.

Asus marketed its routers as including security features that could "protect computers from any unauthorized access, hacking, and virus attacks." But the company failed to address security flaws quickly and did not notify customers of the risks, the FTC charged.

Hackers were able to exploit "pervasive security bugs" in the routers' Web-based control panel to change security settings without the owners' knowledge, the FTC said. Among other design flaws, the company set -- and users were allowed to retain -- the same default login credentials on every router: username "admin" and password "admin."

The company's routers also featured the services AiCloud and AiDisk that allowed users to plug a USB hard drive into the router to create their own cloud storage service accessible from any of their other devices. Those services contained serious security flaws, including the ability for hackers to bypass the AiCloud login screen and gain access to a user's connected storage without any credentials, the FTC said.

In February 2014, hackers used readily available tools to locate vulnerable Asus routers and gain access to more than 12,900 connected storage devices, the FTC said.

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Featured

Slideshows

Educating from the epicentre - Why distributors are the pulse checkers of the channel

Educating from the epicentre - Why distributors are the pulse checkers of the channel

​As the channel changes and industry voices deepen, the need for clarity and insight heightens. Market misconceptions talk of an “under pressure” distribution space, with competitors in that fateful “race for relevance” across New Zealand. Amidst the cliched assumptions however, distribution is once again showing its strength, as a force to be listened to, rather than questioned. Traditionally, the role was born out of a need for vendors and resellers to find one another, acting as a bridge between the testing lab and the marketplace. Yet despite new technologies and business approaches shaking the channel to its very core, distributors remain tied to the epicentre - providing the voice of reason amidst a seismic industry shift. In looking across both sides of the vendor and partner fences, the middle concept of the three-tier chain remains centrally placed to understand the metrics of two differing worlds, as the continual pulse checkers of the local channel. This exclusive Reseller News Roundtable, in association with Dicker Data and rhipe, examined the pivotal role of distribution in understanding the health of the channel, educating from the epicentre as the market transforms at a rapid rate.

Educating from the epicentre - Why distributors are the pulse checkers of the channel
Kiwi channel reunites as After Hours kicks off 2017

Kiwi channel reunites as After Hours kicks off 2017

After Hours made a welcome return to the channel social calendar last night, with a bumper crowd of distributors, vendors and resellers descending on The Jefferson in Auckland to kickstart 2017. Photos by Maria Stefina.

Kiwi channel reunites as After Hours kicks off 2017
Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow exclusively introduces Tenable Network Security to A/NZ channel

Arrow Electronics introduced Tenable Network Security to local resellers in Sydney last week, officially launching the distributor's latest security partnership across Australia and New Zealand. Representing the first direct distribution agreement locally for Tenable specifically, the deal sees Arrow deliver security solutions directly to mid-market and enterprise channel partners on both sides of the Tasman.

Arrow exclusively introduces Tenable Network Security to A/NZ channel
Show Comments