A newly discovered data leak in the AsusWRT, a web-based GUI app from Asus that allows users to manage their wifi network. AsusWRT becomes a centralized access point for all internet devices such as phones, tablets, or laptops connected to the network, and for smart devices and Amazon Alexa products. Researchers discovered that hackers could access AsusWRT users’ IP Address, name, device name, usage information, location and other data, and Alexa user behavioral data.

Subscribe
Notify of
guest
2 Expert Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
Jelle Wieringa
Jelle Wieringa , Technical Evangelist
InfoSec Expert
November 6, 2019 11:18 am

It was only a matter of time for something like this to happen. The router plays a central role in most home networks, and if this gets compromised, we shouldn\’t be surprised that a connected smart device like an Amazon Alexa is a good target.

With all these connected and smart devices in the home today, we need to be even more vigilant when it comes to our security. Understand that everything you do in your home might be recorded.

Last edited 3 years ago by Jelle Wieringa
James McQuiggan
James McQuiggan , Security Awareness Advocate
InfoSec Expert
November 6, 2019 11:16 am

The ASUSWRT application is used by Asus routers to manage private wifi networks of the user. Alexa products are impacted if they have one connected to the Asus router along with any other computers or IoT (internet of things) devices like smart door locks or smart TVs. This is concerning, as it is unknown if this has been used by bad actors and if they\\\’ve stolen the databases which contains IP address, device names (i.e. John\\\’s phone), GPS locations, location information and logging information from the attached devices. Using internet scanning tools, the hackers can search for the ASUS routers and exploit them to steal the information. The bad actors could also use the information to access the private network and take control of the computers, the smart TV\\\’s or smart door locks. Additionally, the information can be used to craft spearphishing emails to the consumers and get them to click on a link or open an attachment to download malware and infect their home computers.

Consumers who use this ASUSWRT application need to be aware that their information has been exposed and they should take mitigating steps to protect themselves from spearphishing attacks. Consumers should check the manufacturer\\\’s website for a software update that patches the system and disable the ASUSWRT in the meantime.

Last edited 3 years ago by James McQuiggan
2
0
Would love your thoughts, please comment.x
()
x