The Hacker News Logo
Subscribe to Newsletter

ASUS Wireless router leaves USB Storage Devices vulnerable to remote attackers

ASUS Wireless router leaves USB Storage Devices vulnerable to remote attackers
In this era of Computers and Smartphones, where we are connected to the Internet every second and use it almost for everything.

For an Internet connection, one has to plug a device called Router between the ISP (Internet Service Provider) and device. Some Routers are available with USB option, where you can attach an external Hard Disk that allows files to be stored and retrieved across a computer network.
Asus one of the largest IT hardware manufacturer providing these kind of devices by which you can connect to the internet and make your external hard disk available on the Internet as FTP server just by configuring AiDisk utility from the router’s administrator panel. 

Many ASUS Routers have this feature available, including models: RT-N66U, RT-N56U, RT-N15U, RT-N65U, RT-AC66U, DSL-N55U and RT-N16.

Recently a vulnerability has been noticed by some Sweden users in the ASUS Routers, that allows an attacker to access your Hard Disk remotely from any part of the world, could result in complete system compromise, exposing your private pictures and files.

In my opinion, it is not a vulnerability, but a lethargic behavior of administrator to keep the device in the default configuration and providing their storage device on  public IP by which any malware can be intruded to your system hence inviting trouble for himself and its end users.

Enabling the AiDisk utility from Router makes the device available for using it through the public Internet, this feature comes with a problem if kept in default configuration which is giving Limitless access to your storage device. 

If you have some movies or cracked softwares downloaded from Torrents, by this you might become a criminal by delivering Pirated Content over the Internet and even you don’t have any such information.
ASUS Wireless router leaves USB Storage Devices vulnerable to remote attackers
Using SHODAN search, I have found more than thousands of Storage Disk using Asus Routers are available on the Internet, either with no password or having default settings. You can access these IP addresses using FTP protocol i.e. ftp://ipaddress/.

ASUS Company is now aware of the issue and they intend to release an update, to warn their users with recommendation to choose a strong password for device storage and Router Administrative panel.

Update: Someone posted a list of more than 13,000 Asus Router's IP ADDRESSES that are vulnerable to hackers.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.