After a long fought legal battle, Asus was found guilty of a major security flaw found on its routers. The issue was first found back in 2014, when a plethora of Asus router owners saw a text file being saved into their devices without permission.
Upon opening the text file, Asus router owners were greeted with a chilling message saying that their Asus router – and documents – can be accessed by anyone in the world with an Internet connection. Attached together with the message was a URL that redirects users to a website that explains Asus’ router vulnerabilities.
Just recently, the FTC (US Federal Trade Commission) stated that Asus did not sufficiently tested its routers for vulnerabilities. Therefore, the commission decided to conclude the case and has put Asus under an independent audit for 20 years. In addition to that, the FTC urges Asus to maintain a “comprehensive security program” throughout the 20 years of supervision.
On a side note, prior to FTC’s decision, it was found that the vulnerability isn’t exclusive to Asus’ routers only. In fact, researches found that 300,000 home and small-office routers were also facing similar security flaws. Manufacturers that were involved include D-Link, Micronet, Tenda, TP-Link and a few others.
It seems fitting that the FTC has ordered Asus to be under supervision for 20 years. In a highly connected world that we currently live in, these kind of security flaws shouldn’t be overlooked – especially by companies that manufacture routers.
(Source: Ars Technica)