CHINA TOPIX

11/05/2024 08:37:22 am

Make CT Your Homepage

ASUS Agrees to 20-Year Security Audit Plan for Routers

ASUS

(Photo : Facebook) U.S. regulators have devised a 20-year plan to assess ASUS' routers to fish out security loopholes.

As part of the ongoing effort to reduce cases of hacking and online identity theft, U.S. regulators have imposed a 20-year audit plan for all ASUS routers, a decision which was gladly accpeted by the Taiwanese tech company.

Like Us on Facebook

Over the span of the next two decades, ASUS routers, along with their respective firmware, will undergo an independent security audit once every two years. The plan was announced by the U.S. Federal Telecommunications Commission following a revelation that some of ASUS' routers had critical security loopholes which can be exploited by hackers.

Investigations reveal that bugs discovered on ASUS routers can be easily exploited by hackers to gain direct access to a user's web-based control panel where they can make changes to security settings.

Experts claim that the loophole is so easy to exploit that hackers do not even have to hack the router. It appears that ASUS has universal log-in credentials on most of its routers. The username and password are both "admin."

ASUS' AiCloud and AiDisk services were also discovered to be seriously flawed. AiCloud allows users to connect a USB hard drive to their routers and use it as a cloud service. On the other hand, AiDisk allows users to connect to those USB drives via FTP.

Both AiCloud and AiDisk were thought to employ high-end security protocols to make sure that user data is secure. Unfortunately, in February 2014, hackers were able to exploit hidden flaws on these services and managed to access 12,900 customers' storage devices. Moreover, a major bug in ASUS' system prevented these customers' devices from detecting and installing the firmware update which was intended to fix the problem.

As part of the 20-year security audit, ASUS promised that it will regularly notify users whenever a new update is available. The company is also required to send users instructions on how to further protect sensitive data.

Real Time Analytics