Asus simplifies router configuration to protect external hard drives

The company is updating unsecure default settings that left files accessible over the Internet

Asus is now distributing a firmware update that will change the default security settings on its broadband routers after files on thousands of external hard drives were found easily accessible over the Internet.

The problem was reported last week and stems from how Asus' routers are configured. Access to an external hard drive that's been attached to a router's USB port via FTP can be activated manually or by using a wizard, but both leave the router open by default.

As a result, the files of users in Europe and the U.S. were found accessible via the Internet, according to industry experts and tests conducted by PC World Norway and TechWorld Sweden.

After being questioned about the problem, Asus decided to develop a firmware update to fix the issue, which is now being distributed via its website and the directly from the router user interface.

"The update changes the default security setting from unlimited to limited access rights when setting up a FTP server. This change will ensure that the end user doesn't leave their FTP server unprotected by mistake and also make it easier to understand the implications of the different security options," the company said in a statement.

There is now a warning that it's possible to access files via FTP without entering a password when a user has chosen the limitless access setting, according to Asus.

The update has already been released for the RT-AC68U router, and will this week also become available for the RT-AC56U, RT-AC66U, RT-N66U and RT-N16 routers. Remaining routers will be updated next week, Asus said.

Send news tips and comments to mikael_ricknas@idg.com

Tags networking hardwaresecurityNetworkingroutersAccess control and authenticationwirelessAsustek ComputerWLANs / Wi-Fi

Comments

Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Business Continuity Management Solutions

Automate business-continuity and disaster-recovery planning and enable crisis management in one solution.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.