Asus settles charges over insecure routers and cloud services

The company failed to quickly fix security flaws and notify customers, the FTC says

Critical security flaws in routers and cloud computing services offered by Asus put hundreds of thousands of customers at risk, the U.S. Federal Trade Commission has charged.

Taiwan-based Asus has agreed to settle an FTC complaint that it failed to take reasonable steps to secure the software on its routers, the agency said Tuesday. 

In addition to well-documented vulnerabilities in the routers, its cloud services led to thousands of customers' storage devices being compromised and exposed their personal information, the agency said.

The proposed settlement would require Asus to establish and maintain a comprehensive security program subject to independent audits for the next 20 years. The company didn't immediately respond to a request for a comment.

Millions of consumers are connecting new Internet of Things smart devices to their home networks, and router security is important, Jessica Rich, director of the FTC's Bureau of Consumer Protection, said in a statement. "It's critical that companies like Asus put reasonable security in place to protect consumers," she said.

Asus marketed its routers as including security features that could "protect computers from any unauthorized access, hacking, and virus attacks." But the company failed to address security flaws quickly and did not notify customers of the risks, the FTC charged.

Hackers were able to exploit "pervasive security bugs" in the routers' Web-based control panel to change security settings without the owners' knowledge, the FTC said. Among other design flaws, the company set -- and users were allowed to retain -- the same default login credentials on every router: username "admin" and password "admin."

The company's routers also featured the services AiCloud and AiDisk that allowed users to plug a USB hard drive into the router to create their own cloud storage service accessible from any of their other devices. Those services contained serious security flaws, including the ability for hackers to bypass the AiCloud login screen and gain access to a user's connected storage without any credentials, the FTC said.

In February 2014, hackers used readily available tools to locate vulnerable Asus routers and gain access to more than 12,900 connected storage devices, the FTC said.

Join the PC World newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Grant Gross

IDG News Service
Show Comments

Father’s Day Gift Guide

Most Popular Reviews

Best Deals on PC World

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Shopping.com

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?