Attackers Send Alert for Weak Routers

Tuesday, February 18, 2014 @ 04:02 PM gHale


Asus released firmware updates for quite a few of their routers, but it turns out attackers are leveraging security holes fixed with the new firmware to send out a text file warning users of the risks.

One user found a mysterious text file on his external hard drive, according to Ars Technica. The file contained a message that read, “This is an automated message being sent out to everyone effected. Your Asus router (and your documents) can be accessed by anyone in the world with an Internet connection.”

RELATED STORIES
Router Fixed after Holes Found
Mobile Woes: Modems Expose Control Panels
Wireless Camera Allows Remote Attacks
Working a Smartphone Against Itself

The individuals responsible for sending out the files also instruct users to read an article that contains information on how to protect themselves against attacks that leverage a vulnerability in their routers.

On February 4, a list of close to 13,000 IP addresses ended up published associated with vulnerable Asus routers. Lists containing the names of files stored on the hard drives of impacted users have also published online.

Security researcher Kyle Lovett discovered the vulnerability in June 2013. However, he did not make his findings public until Asus told him “it was not an issue.”

Later, Asus promised to address the problem, but since the company failed to warn customers, Lovett published additional technical details, along with ways to mitigate potential attacks.

The list of affected routers includes RT-N66R, RT-N66U, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16, RT-N16R, RT-AC66R and RT-AC66U. Owners of these models should update their firmware as soon as possible since this is clearly a critical vulnerability. Asus released firmware updates for all of the impacted models.



Leave a Reply

You must be logged in to post a comment.