Asus routers exploited, connected drives easily accessed

By on February 17, 2014, 6:45 PM

Hackers have exploited an eight-month-old flaw in Asus routers, giving anyone access to data stored on drives connected directly through the USB port on the back. Some affected users have found text files on their connected drives informing them they've been hacked, with instructions on how to protect themselves.

"This is an automated message being sent out to everyone effected [sic]. Your Asus router (and your documents) can be accessed by anyone in the world with an Internet connection," the message reads. Finding this message on their connected drive has alarmed some users, who believed that the drive was only accessible through their local network.

This particular router vulnerability was publicly uncovered by researcher Kyle Lovett back in June of 2013, after Asus insisted the behavior "was not an issue". In July, Lovett published technical details on how the drives can be accessed, which presumably was used by a hacker group to access data from many Asus router owners worldwide.

The hacker group in question posted nearly 13,000 IP addresses of people with vulnerable Asus routers two weeks ago, along with a torrent containing 10,000 complete or partial file lists detailing data on connected drives.

Affected Asus router models include the RT-AC66R, RT-AC66U, RT-N66R, RT-N66U, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16, and RT-N16R. Luckily, firmware updates for the routers that patch the exploit have been available since last week, however many potentially vulnerable users are yet to install the patch.

If you do have an Asus router, we strongly recommend you install the latest firmware updates, change the router's default password, and disable cloud and FTP options that could allow external access to your drives.




User Comments: 13

Got something to say? Post a comment
misor misor said:

What did asus say after "the non-issue" was proven to be false?

did asus issue an apology before the release of the firmware fix?

did kyle Lovett found the new asus firmware to fix the vulnerability he discovered?

tipstir tipstir, TS Ambassador, said:

Never use this brand for Routers. I stick with Network companies who know what they're doing. ASUS has way to many unfinished firmware.

Guest said:

That screenshot is from elementary os :)

use firmware other than the one supplied by the manufacturer, and you should be safe.

3 people like this | TomSEA TomSEA, TechSpot Chancellor, said:

Never use this brand for Routers. I stick with Network companies who know what they're doing. ASUS has way to many unfinished firmware.

I've been using the Asus RT-AC66U for over a year now and it's been rock solid in its performance. Prior to that I had a Linksys was turned out to be a piece of crap and prior to that a NetGear which gave me inconsistent performance.

Until something changes, I'll continue to use ASUS routers.

Guest said:

Recently purchased an RT-N16 to replace my aging and sadly modern-day underpowered WRT54GSv1 and the first thing I did was install Tomato Toastman on it because the stock firmware is absolute crap, just like linksys' stock firmware is/was.

anyone who doesnt know this deserves to get hacked imo.

Capaill said:

Wow, thanks for this TS. I've been a happy owner of an RT-N66U for a year and had no idea. Thankfully I have nothing plugged into the USB ports. I thought disabling WPS would make it secure enough! Any other network hardening tips?

bexwhitt said:

The one I got for a local business as external access set to specific ip's and the password has been changed

1 person liked this | customcarvin customcarvin said:

Recently purchased an RT-N16 to replace my aging and sadly modern-day underpowered WRT54GSv1 and the first thing I did was install Tomato Toastman on it because the stock firmware is absolute crap, just like linksys' stock firmware is/was.

anyone who doesnt know this deserves to get hacked imo.

Wow congratulations, you read about flashing firmware onto a router that someone else coded and compiled for you... you should feel superior to everyone else.I think you might even be borderline genius...

I also use a Tomato build (Shibby) on my ASUS routers, but saying a person - especially the average consumer - "deserves to get hacked," because they use stock firmware, or they don't know about a vulnerability in their routers current firmware, is just plain freaking stupid. I'm pretty sure you're just trolling, but I decided to call you out on it anyway... stupid.

1 person liked this | ddg4005 ddg4005 said:

Well, I'm using the stock firmware that came with my RT-AC68R but I did update it recently so I'm not worried (I also don't use any external drives with the USB ports). Calling people stupid because they use stock firmware with their routers is just a weak man's attempt to sound strong and knowledgeable.

1 person liked this | Guest said:

And to add to retorts towards said trolling guest that people who don't know... deserve what they get.

So you know about flashing firmware files... yay.

Do you know about code ? Do you know what you just flashed ? Did you do the md5 checksum? Are you 100% sure that the people making these CFW for your appliances are not putting little backdoors in ?

Are you sure you are safe ?

I mean if someone wants in, and they know what they are doing, they will get in. Your firmware flashing may fix this exploit, and you may have closed a wide open door... but did you check your windows ? Is someone under your bed right now in your documents lolling?

tonylukac said:

Another router problem affecting Linksys:

[link]

Victim Victim said:

I own a RT-56U router that had a USB drive compromised. I check for updated firmware every month. Someone browsed personal photos and videos and left inappropriate messages on the drive for me to find. I blame ASUS and Kyle Lovett for this breach. ASUS makes a fine product, but really screwed up with the security oversight. Then they arrogantly ignored several warnings from the then well intentioned Mr. Lovett. However, I think Mr. Lovett is equally irresponsible for publishing the details on how to exploit the vulnerability. Is this a way for Mr. Lovett to get attention from ASUS and the world by throwing people under the bus? I equate that to discovering a national security flaw and then divulging exploitation details to the rest of the world, including terrorists, after efforts to notify the authorities are overlooked or ignored.

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.