ASUS routers security warning

[Elixer]

For those of you running one of these ASUS routers, RT-AC66R, RT-AC66U, RT-N66R, RT-N66U, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16, and RT-N16R then you need to update the firmware pronto, if you have have enabled https Web service access via the AiCloud feature.

http://arstechnica.com/security/201...e-been-pwned-thanks-to-easily-exploited-flaw/

 

[MoInSTL]

Thanks for the heads up. Just got the RT-N66U on Saturday. Don't use AirCloud but it can't hurt. Firmware date 2/12/14.

"He went on to say that he thought his device was secure because he hadn't enabled any services that explicitly made hard drive contents available over the Internet. "It was my belief that I had all of these options turned off," he said. "I definitely have never used AICloud or had it enabled. In fact, the only thing I've ever enabled myself is the Samba share. However, the Asus menu is very unclear about what is being shared and with whom."

Bolding is mine.

 

[JackMDS]

Rule Number 1. Do not register online on any Entry Level Computer hardware.

The support is either None existing or worth Nothing, your email and other personal data are used to Spam and Harass you in few ways.

Rule Number 2. Never register to on live services of Entry Level hardware like Routers, Cameras, NAS' and the like.

It one thing using Online Services like Sky Drive, Box.Net, etc., were the size and the general responsibly of the organization provides some level of general and personal Security. It is another thing to it with small specific vendor that its main mission is to use you.

Linksys had similar issues last year, and Now Asus.

That said the Asus Wireless Router are very Good. If there is no way to get update firmwares without register then use DD-WRT.

 

[Elixer]

Tomato (shibby) is also pretty good.. that is the one I use on my Asus rotuer.

 

[Fayd]

Rule Number 1. Do not register online on any Entry Level Computer hardware.

The support is either None existing or worth Nothing, your email and other personal data are used to Spam and Harass you in few ways.

Rule Number 2. Never register to on live services of Entry Level hardware like Routers, Cameras, NAS' and the like.

It one thing using Online Services like Sky Drive, Box.Net, etc. were the size and the general responsibly of the organization provides some level of general and personal Security. It is another thing to it with small specific vendor that its main mission is to use you.

Linksys had similar thing last year and Now Asus.

That said the Asus Wireless Router are very Good. If there is no way to get update firmwares without register then use DD-WRT.

I will never understand why people might think "Cloud based router config" would be in any way, shape, or form a good idea. It's all sorts of fail wrapped together.

 

[JackMDS]

I will never understand why people might think "Cloud based router config" would be in any way, shape, or form a good idea. It's all sorts of fail wrapped together.

You probably are Not aware that Cloud is Magic, :hmm: - - - :biggrin:.

Snake Oil was doing very well for long time in 18-19 Centuries.

At least in our days the Snakes Oils come and go every few Months cycles.

 

[Mushkins]

The article doesn't really explain clearly *what* the attacker can access. It looks like it's only if you have a USB hard drive attached directly to the router and are using it as a NAS or cloud storage via AiCloud? Or does this somehow make all network shares on your network vulnerable?