The FTC is trying to make sure that companies secure the software and devices that they provide to consumers, and a settlement with Taiwan-based hardware maker Asus is one step towards that goal. The complaint was raised after “white hat” hackers exploited a weakness on Asus routers and left note on victims’ drives notifying them that they had been “pwned.” According to the settlement, the company will have to establish and maintain a comprehensive security program subject to independent audits for the next 20 years after finding that the following was true:
The FTC complaint alleges that ASUS:
- Didn’t take reasonable steps to secure the software on its routers
- Incorporated design flaws that compounded the effect or vulnerabilities (e.g. they allowed consumers to retain default login credentials on the router)
- Advertised its AiCloud and AiDisk as secure cloud storage even though they sported vulnerabilities that made them patently insecure (poor default privacy settings, lack of encryption of files in transit, etc.)
- Did not address security flaws in a timely manner and did not notify consumers about the risks posed by the vulnerable routers or about the availability of security updates.
On top of slapping Asus, the FTC also has advice for owners of their routers:
Along with the details of the settlement, the FTC has also published a set of recommendations for Asus router owners, to help them to secure their devices. US-CERT has also some good security tips on how to secure home routers.
“The Internet of Things is growing by leaps and bounds, with millions of consumers connecting smart devices to their home networks,” commented Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “Routers play a key role in securing those home networks, so it’s critical that companies like ASUS put reasonable security in place to protect consumers and their personal information.”
I’m pretty sure you’re going to see more of this. But let’s hope that hardware and software companies take the hint and improve their security so that they don’t have to get slapped by the FTC before they make changes that make consumers safer.
Like this:
Like Loading...
Related
This entry was posted on February 24, 2016 at 12:36 pm and is filed under Commentary with tags Asus. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Asus Gets Slapped By The FTC Over Router Security
The FTC is trying to make sure that companies secure the software and devices that they provide to consumers, and a settlement with Taiwan-based hardware maker Asus is one step towards that goal. The complaint was raised after “white hat” hackers exploited a weakness on Asus routers and left note on victims’ drives notifying them that they had been “pwned.” According to the settlement, the company will have to establish and maintain a comprehensive security program subject to independent audits for the next 20 years after finding that the following was true:
The FTC complaint alleges that ASUS:
On top of slapping Asus, the FTC also has advice for owners of their routers:
Along with the details of the settlement, the FTC has also published a set of recommendations for Asus router owners, to help them to secure their devices. US-CERT has also some good security tips on how to secure home routers.
“The Internet of Things is growing by leaps and bounds, with millions of consumers connecting smart devices to their home networks,” commented Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “Routers play a key role in securing those home networks, so it’s critical that companies like ASUS put reasonable security in place to protect consumers and their personal information.”
I’m pretty sure you’re going to see more of this. But let’s hope that hardware and software companies take the hint and improve their security so that they don’t have to get slapped by the FTC before they make changes that make consumers safer.
Share this:
Like this:
Related
This entry was posted on February 24, 2016 at 12:36 pm and is filed under Commentary with tags Asus. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.