PSA: New Firmware Updates from ASUS Address Serious Security Flaws
If you are in the market for a high-end router, it is hard to ignore ASUS. They make some of the finest routers today, and their latest flagship - the RT-AC68U - is one of the fastest we have ever tested. However, it has just been revealed that many ASUS routers have a security flaw that could leave users vulnerable to hackers.
According to security researcher Kyle Lovett, a flaw in ASUS' routers make it possible for hackers to access drives connected to the router by using the routers' AiCloud feature. Enabling other cloud features and services such as "Cloud Disk", "Smart Access" and "Smart Sync" also seem to trigger this vulnerability. You can find more technical details of this vulnerability here.
ASUS has since released firmware updates for the affected routers, which can be downloaded here, which according to ASUS will completely rid the router of this flaw. Clear instructions are also provided to help users upgrade their firmware smoothly. Additionally, ASUS also recommends users to change their routers' passwords.
With regards to this security flaw, this is the official statement from ASUS:
Regarding recent discussions about the default security settings of the AiCloud and FTP features in some ASUS routers, updated firmware that modifies these settings has been available on the ASUS website for some time. We have also added information to the ASUS website notifying customers about this update and are informing registered VIP owners of affected ASUS routers directly. We value customer feedback and strive to consistently improve our products and firmware to provide fast, stable and easy-to-use networking solutions. We encourage users of ASUS routers to regularly check for and install available updates to further improve usability and security.
Additionally, a new user update will be released later this month that will 1) check the status of security settings within the router and 2) check for updates, and add alerts/reminder notes to the router home-screen to directly alert users.