Options
ASUS agrees to 20 years of audits for router security issue
Something similar happened to HTC a few years ago, hopefully this continues so that companies become more proactive with security.
By agreeing, the Taiwanese manufacturer has settled FTC's charges.
By agreeing, the Taiwanese manufacturer has settled FTC's charges.
Over the next two decades, ASUS' routers and their firmware will undergo an independent security audit once every two years. That's one of the conditions FTC set that ASUS had to agree to in order to settle the commission's charges. See, the FTC found that the Taiwanese manufacturer's routers had critical security flaws despite its promise to consumers that the devices can "protect computers from any unauthorized access, hacking and virus attacks."
Hackers could easily exploit one of those bugs to access users' web-based control panels and change their security settings. If the user isn't exactly tech-savvy, someone with malicious intentions doesn't even have to hack the device. He simply has to use ASUS' default log-in credentials: username "admin" and password "admin."
ASUS' AiCloud and AiDisk services also suffered from critical security vulnerabilities. AiCloud allows people to attach a USB hard drive to their routers and use it as a cloud service, while AiDisk gives users a way to connect to those USB drives via FTP. They're both supposed to keep a user's data secure, but in February 2014, hackers exploited their flaws to gain access to 12,900 customers' storage devices. Further, a bug in ASUS' system prevented customers' devices from detecting and accessing the latest firmware that had patches to fix those issues.
That's why (besides having to subject itself to audits for the next 20 years) ASUS also had to promise to notify users of the latest updates and to send them instructions on how they can protect themselves. The company can't make misleading promises about its products' security, as well. ASUS has to pay $16,000 for every violation -- it's not that big for a multinational corporation, but we hope it's big enough to make the company keep its promises.