Home
 » ISP News » 
Sponsored Links

Asus Close External USB Storage Vulnerability on its Broadband Routers

Monday, Jan 13th, 2014 (6:04 pm) - Score 9,015
spying-on-uk-ISP-internet-traffic

Consumers who own an Asus RT-AC68U, RT-AC56U, RT-AC66U, RT-N66U or RT-N16 wireless broadband router would be well advised to keep an eye out for a new firmware update that adjusts the devices default security settings, which is designed to stop attached USB Storage drives from becoming accessible to the Internet.

According to an article on PC World, which has also been spotted by Thinkbroadband, consumers who attached and then activated (either manually or by using the built-in wizard) an external USB Flash / storage drive to one of the routers found that the contents of the device could then become accessible via the Internet using the File Transfer Protocol (FTP). Crucially remote users did not appear to need a password in order to gain access.

ASUS Statement

The update changes the default security setting from unlimited to limited access rights when setting up a FTP server. This change will ensure that the end user doesn’t leave their FTP server unprotected by mistake and also make it easier to understand the implications of the different security options.”

Admittedly most savvy Internet users would know to check such settings and could then adjust them to introduce a password or limit access, although clearly allowing open FTP access by default is certainly not desirable and mistakes could easily have been made.

The vulnerability itself is not fully explained but in theory all the hacker would have needed to gain access to your USB drive, once activated, is your connections IP address and the FTP port (usually port 21). At the time of writing Asus has already issued a new Firmware update for their high-end RT-AC68U model (here) and the other listed routers are due to follow.

ASUS RT-AC68U Firmware version 3.0.0.4.374.573
Modified:
1. Modified AiDisk setup wizard to prevent a potential security issue.
2. Modified USB LED behavior.
3. Improved openVPN performance.

Fixes:
1. Fixed some UI issues.
2. Fixed parental control schedule issues.
3. Fixed openVPN related issues.
4. Fixed CFE nvram check issue.

Additions:
1. Add support USB hub.
2. Add wireless watchdog.

Share with Twitter
Share with Linkedin
Share with Facebook
Share with Reddit
Share with Pinterest
Tags:
Mark-Jackson
By Mark Jackson
Mark is a professional technology writer, IT consultant and computer engineer from Dorset (England), he also founded ISPreview in 1999 and enjoys analysing the latest telecoms and broadband developments. Find me on X (Twitter), Mastodon, Facebook and .
Search ISP News
Search ISP Listings
Search ISP Reviews

Comments are closed

Cheap BIG ISPs for 100Mbps+
Community Fibre UK ISP Logo
150Mbps
Gift: None
NOW UK ISP Logo
NOW £25.00
100Mbps
Gift: None
Virgin Media UK ISP Logo
Virgin Media £26.00
132Mbps
Gift: None
Vodafone UK ISP Logo
Vodafone £26.50 - 27.00
150Mbps
Gift: None
Plusnet UK ISP Logo
Plusnet £27.99
145Mbps
Gift: None
Large Availability | View All
Cheapest ISPs for 100Mbps+
Gigaclear UK ISP Logo
Gigaclear £17.00
200Mbps
Gift: None
Community Fibre UK ISP Logo
150Mbps
Gift: None
BeFibre UK ISP Logo
BeFibre £19.00
150Mbps
Gift: None
YouFibre UK ISP Logo
YouFibre £22.99
150Mbps
Gift: None
Hey! Broadband UK ISP Logo
150Mbps
Gift: None
Large Availability | View All
The Top 15 Category Tags
  1. FTTP (5706)
  2. BT (3562)
  3. Politics (2595)
  4. Openreach (2340)
  5. Business (2316)
  6. Building Digital UK (2273)
  7. FTTC (2060)
  8. Mobile Broadband (2036)
  9. Statistics (1825)
  10. 4G (1722)
  11. Virgin Media (1671)
  12. Ofcom Regulation (1490)
  13. Fibre Optic (1422)
  14. Wireless Internet (1415)
  15. FTTH (1383)
Promotion
Sponsored

Copyright © 1999 to Present - ISPreview.co.uk - All Rights Reserved - Terms , Privacy and Cookie Policy , Links , Website Rules , Contact
Mastodon