welcome to TECHNO WORLD

Tuesday 14 January 2014

ASUS Wireless router leaves USB Storage Devices vulnerable to remote attackers


In this era of Computers and Smartphones, where we are connected to the Internet every second and use it almost for everything. For an Internet connection, one has to plug a device called Router between the ISP (Internet Service Provider) and device. Some Routers are available with USB option, where you can attach an external Hard Disk that allows files to be stored and retrieved across a computer network.

Asus one of the largest IT hardware manufacturer providing these kind of devices by which you can connect to the internet and make your external hard disk available on the Internet as FTP server just by configuring AiDisk utility from the router’s administrator panel.  


Many ASUS Routers have this feature available, including models: RT-N66U, RT-N56U, RT-N15U, RT-N65U, RT-AC66U, DSL-N55U and RT-N16. Recently a vulnerability has been noticed by some Sweden users in the ASUS Routers, that allows an attacker to access your Hard Disk remotely from any part of the world, could result in complete system compromise, exposing your private pictures and files.

 In my opinion, it is not a vulnerability, but a lethargic behavior of administrator to keep the device in the default configuration and providing their storage device on  public IP by which any malware can be intruded to your system hence inviting trouble for himself and its end users. 

Enabling the AiDisk utility from Router makes the device available for using it through the public Internet, this feature comes with a problem if kept in default configuration which is giving Limitless access to your storage device.



  If you have some movies or cracked softwares downloaded from Torrents, by this you might become a criminal by delivering Pirated Content over the Internet and even you don’t have any such information.

Using SHODAN search, I have found more than thousands of Storage Disk using Asus Routers are available on the Internet, either with no password or having default settings. You can access these IP addresses using FTP protocol i.e. ftp://ipaddress/. ASUS Company is now aware of the issue and they intend to release an update, to warn their users with recommendation to choose a strong password for device storage and Router Administrative panel. source by hackernews








0 comments :

Post a Comment

Thanx for all your Feedback .... and don't post to promote your site's ...

I kept the option as Comment moderation mode. So if you try to promote your site from here.. I do delete your comment's ..