Skip to main content

Asus settles FTC lawsuit over flawed router file security

asus ftc settlement asusgate router
Image used with permission by copyright holder
Two years after thousands of Asus router owners were revealed to be so totally and utterly compromised that users’ files were available online to the world to peruse, Asus is settling with the FTC.

Asus is going to “establish and maintain a comprehensive security program subject to independent audits for the next 20 years” as part of the settlement, according to an FTC statement.

Security on Asus routers was so bad in 2014 that hackers felt sorry for the company’s customers, and left messages on thousands of computers warning them about the exploit.

“This is an automated message being sent out to everyone effected,” the message read. “Your Asus router (and your documents) can be accessed by anyone in the world with an Internet connection.”

And that wasn’t the only problem. To list just a few things:

  • Hackers could access and change the router’s configuration page without much effort.
  • Every device had the same login credentials, by default: username “admin” and password “admin,” and little was done to get users to change these.
  • In many cases accessing all files shared on a network was as simple as typing the external IP into a browser. Nothing was encrypted.

The FTC’s statement about this case makes it clear that every company making products accessible over the Internet will be held responsible for securing those products.

“The Internet of Things is growing by leaps and bounds, with millions of consumers connecting smart devices to their home networks,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “Routers play a key role in securing those home networks, so it’s critical that companies like Asus put reasonable security in place to protect consumers and their personal information.”

The FTC seems to be going out of its way to talk about Internet of Things security lately. In January, it issued a report stating that connected devices should limit how long they store information as a security precaution. Mentioning these concerns again as part of this settlement means the government agency is watching companies closely, and will hold them accountable for any bugs.

Editors' Recommendations

Justin Pot
Former Digital Trends Contributor
Justin's always had a passion for trying out new software, asking questions, and explaining things – tech journalism is the…
How to buy a Wi-Fi router
wireless router buying guide version 1404090000 header image

Wireless routers are everywhere. Nearly every house, apartment, business, and sketchy van parked down by the river has one. A functional wireless router allows you to easily connect your computer to a broadband internet service so you can share data files and stream media between mobile/Wi-Fi devices.

Although you could opt for a wired router, we suggest a wireless model so you can avoid stringing Ethernet cable around your home. Besides, a wireless router is the best way to access the internet using your smartphone or tablet. And if you ever discover you absolutely must have a wired connection, the router will have a built-in switch to handle it. While you're at it, check out the best routers currently on the market, along with our guide on how to secure your wireless network.
Choosing the right Wi-Fi standard
Digital Trends Wi-Fi router guide

Read more
Give your router new superpowers by installing DD-WRT
report advises governments to avoid encryption backdoors internet router

Frustrated by the software limitations of your router? Replacing it with the Linux-powered DD-WRT firmware can be a big upgrade. Maybe you want to use an old router as a second access point for your home network or as a Wi-Fi extender. Maybe you want more precise control over how your bandwidth is used so you can prioritize bandwidth for your gaming sessions, or perhaps you hate the firmware that came with your router and prefer something with more features.

Whatever you want your router to do, the odds are that DD-WRT can do it. Installing DD-WRT can be complicated, but the most common method includes using the "upgrade firmware" functionality built into your router's default firmware.

Read more
How to find the IP address of your router for customization and security

Tired of being the only wireless network in your apartment building without a clever name like "Wu-tang LAN" or "Bill Wi the Science Fi"? Or maybe you want to make your network password more secure so that it prevents your neighbors from mooching off your internet connection.

To make these changes, you need to know your router's IP address. Why? Most routers provide a control panel that's only accessible through a web browser. You must enter the router's IP address into the browser's address bar to access that panel.

Read more