If you have an Asus router, you need to know that an exploit has been discovered that gives a user inside your network full administrative control to the router. Which means that they can do pretty much anything they want. In effect, they would “pwn” you. This news comes via research conducted by security firm Accuvant and published on Github.
Here’s the non-nerdy explanation. All routers (or computers for that matter) have software on them run very specialized tasks in the background as part of the operating system. Those are called services and you don’t notice them most of the time. There’s a specific service on Asus routers that has the ability to run as the “root” user which is the user that can do anything and everything on the router (or computer as Macs, LINUX, and UNIX computers have the same user within them). This service contains a command that has a flaw where it doesn’t require any authentication. So some evil doer can leverage that command to “pwn” your router and you by extension. What’s worse is that Asus posted the source code on their support site which basically provides a “how to” guide for someone to “pwn” you.
#fail
Now there is no fix for this at the moment. So if you have an Asus router, you are at risk until one comes out. Hopefully, Asus acts on this quickly for the sake of those who use their routers which until today were very highly regarded.
Like this:
Like Loading...
Related
This entry was posted on January 9, 2015 at 1:41 pm and is filed under Commentary with tags Asus. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Asus WiFi Routers Can Be “Pwned” From Inside Your Network…. Yikes!
If you have an Asus router, you need to know that an exploit has been discovered that gives a user inside your network full administrative control to the router. Which means that they can do pretty much anything they want. In effect, they would “pwn” you. This news comes via research conducted by security firm Accuvant and published on Github.
Here’s the non-nerdy explanation. All routers (or computers for that matter) have software on them run very specialized tasks in the background as part of the operating system. Those are called services and you don’t notice them most of the time. There’s a specific service on Asus routers that has the ability to run as the “root” user which is the user that can do anything and everything on the router (or computer as Macs, LINUX, and UNIX computers have the same user within them). This service contains a command that has a flaw where it doesn’t require any authentication. So some evil doer can leverage that command to “pwn” your router and you by extension. What’s worse is that Asus posted the source code on their support site which basically provides a “how to” guide for someone to “pwn” you.
#fail
Now there is no fix for this at the moment. So if you have an Asus router, you are at risk until one comes out. Hopefully, Asus acts on this quickly for the sake of those who use their routers which until today were very highly regarded.
Share this:
Like this:
Related
This entry was posted on January 9, 2015 at 1:41 pm and is filed under Commentary with tags Asus. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.