March 23, 2016 1:55 am
Recently, the Taiwan-based computer hardware maker ASUSTeK Computer, Inc. agreed to settle Federal Trade Commission (FTC) charges that critical security flaws in its routers put the home networks of hundreds of thousands of consumers at risk.
The administrative complaint also charges that the routers’ insecure cloud services led to the compromise of thousands of consumers’ connected storage devices, exposing their sensitive personal information on the Internet.
The proposed consent order will require ASUS to establish and maintain a comprehensive security program subject to independent audits for the next 20 years.
With millions of consumers connecting smart devices to their home networks, Jessica Rich, director of the FTC’s Bureau of Consumer Protection, says routers play a key role in securing home networks.
ASUS marketed its routers as including numerous security features that the company claimed could “protect computers from any unauthorized access, hacking, and virus attacks” and “protect [the] local network against attacks from hackers.” Despite these claims, the FTC’s complaint alleges that ASUS didn’t take reasonable steps to secure the software on its routers.
An FTC release states that in 2014, hackers used readily available tools to locate vulnerable ASUS routers and exploited these security flaws to gain unauthorized access to over 12,900 consumers’ connected storage devices. According to the complaint, hackers could exploit pervasive security bugs in the router’s Web-based control panel to change any of the router’s security settings without the consumer’s knowledge.
In addition, ASUS’ routers also featured services called AiCloud and AiDisk that allowed consumers to plug a USB hard drive into the router to create their own cloud storage accessible from any of their devices. While ASUS advertised these services as a “private personal cloud for selective file sharing” and a way to “safely secure and access your treasured data through your router,” the FTC’s complaint alleges that the services had serious security flaws.
Keep up to date on loads of important consumer topics right here and at consumer.ftc.gov.
Published with permission from RISMedia.