A Screw Up By ASUS Knocked A Bunch Of Their Routers Offline For A Couple Of Days

Earlier this week there were reports of ASUS routers being knocked offline. The reports started to come in on May 16, 2023 and if you were affected by this (I own an ASUS router and I wasn’t affected, though I should have been. More on that shortly), your issues might have lasted a couple of days. Unless you factory reset your router to get back online.

Now the company was pretty silent about what was going on. In fact people complained about the lack of communication from ASUS. But the mystery was solved via this story from ARS Technica which a reader pointed me to:

Two days later, the Taiwan-based hardware maker has finally answered the calls for help. The mass outage, the company said, was the result of “an error in the configuration of our server settings file.” After fixing the glitch, most users needed to only reboot their devices. In the event that didn’t fix the problem, the company’s support team advised users to save their current configuration settings and perform a factory reset. The company also apologized.

Here’s the root cause in detail:

Asus still hasn’t provided details about the configuration error. Various users have offered explanations online that appear to be correct.

“On the 16th, Asus pushed a corrupted definition file for ASD, a built-in security daemon present in a wide range of their routers,” one person wrote. “As routers automatically updated and fetched the corrupted definition file, they started running out of filesystem space and memory and crashing.”

The explanation answered the question of what was causing routers to crash, but it raised a new one: Why were routers affected even when they had been configured to not automatically update and no manual update had been performed? Asus has yet to address this, but the likely answer is that the definitions file for ASD, which resides in memory and scans devices for security threats, gets updated whether or not automatic updates are enabled.

I might be able to answer some of this.

ASD is the AIProtection functionality that is built into many ASUS routers which is made by anti-virus vendor Trend Micro. What this does is block access to questionable websites, protecting users from spyware, malware, and other unwanted applications while preventing potential distributed denial of service (DDOS) attacks and other security incidents. It relies on definition files to update itself. And the downloading of those definition files are completely independent of the downloading of firmware updates for the routers. That’s why users got this update even if firmware updates were turned off. In fact doing some experiments on my ZenWiFi XT8 indicate that the only way to turn off the updates for AIProtection is to turn off AIProtection. The other thing that AIProtection does is send your browsing history to Trend Micro. Presumably to help to improve AIProtection. But I can see that some people would be bothered by this as it makes you the product seeing as AIProtection is free.

Now this incident highlights the risks of having this sort of functionality built into your router. And if you’re someone who is concerned about this and want another option, I’ll give you two. There’s CIRA Canadian Shield which is a DNS service that offers a lot of this sort of functionality. Along with that is HYAS Protect At Home which is the same sort of product, but it’s a lot more advanced as it is based on their corporate security tech.

A final word about this. ASUS has a bit of a history of finding themselves in bad situations, and screwing the attempts to diffuse the situation in question. This incident is an example of that. It should not have taken ASUS two days to say anything about this issue. And their apology is pretty lame. ASUS really need to learn how to do a better job of managing a crisis situation that affected a large number of their customers. Otherwise, they will not have any customers.

Leave a Reply