- cross-posted to:
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
cross-posted from: https://rss.ponder.cat/post/193175
Thousands of home and small office routers manufactured by Asus are being infected with a stealthy backdoor that can survive reboots and firmware updates in an attack by a nation-state or another well-resourced threat actor, researchers said.
The unknown attackers gain access to the devices by exploiting now-patched vulnerabilities, some of which have never been tracked through the internationally recognized CVE system. After gaining unauthorized administrative control of the devices, the threat actor installs a public encryption key for access to the device through SSH. From then on, anyone with the private key can automatically log in to the device with administrative system rights.
Durable control
“The attacker’s access survives both reboots and firmware updates, giving them durable control over affected devices,” researchers from security firm GreyNoise reported Wednesday. “The attacker maintains long-term access without dropping malware or leaving obvious traces by chaining authentication bypasses, exploiting a known vulnerability, and abusing legitimate configuration features.”
From Ars Technica - All content via this RSS feed
I didn’t read the article, but how does one know if they have the infection?
My router is updated.
Edit: i see in the article now. Had time to read it today. 👍 I also verified i never has SSH or remote admin enabled. So i should be ok.
I skimmed a different article that mentioned it disables the Trend Micro stuff - which is the whole reason I buy Asus routers (can’t tell you how many stupid things children have downloaded or bad phishing/malicious/anna kournakova naked links they’ve clicked and it has stopped!) so I’m taking the fact that it is still enabled and doing the good things to mean I’m good.
Cool, i don’t know if my system has any trend micro stuff. Which features does this enable?
Edit: i see it listed as AI protection. Hmm…
Yeah, two way IPS, malicious site blocking, and “infected device prevention and blocking” which stops compromised hosts from talking to C&C servers. I’ve had the last one show me one of the children’s computers/phones was infected and needed to be cleansed with fire, at least twice. All in all incredible protection against “users” and their careless behaviour!
I turned it on and ill see what it reports after a week or so. Thanks for the info. 👍✌️