HARDWARE FIRM ASUS has agreed terms with the US Federal Trade Commission (FTC) and settled the case of the compromised routers and resulting privacy problems.
This puts an end to a legal case that saw Asus in big trouble for shipping hundreds of thousands of routers (PDF) with a mile-wide security flaw.
This sort of stuff does not sit well with people or the authorities, and Asus has been taken to task and told what it needs to do to make things right. A vigilante has already had a go at sorting this out.
The FTC explained that Asus will have its hardware and cloud services regularly inspected for the next two decades. The FTC is not impressed with what went on, and criticised Asus for "critical security flaws in its routers [that] put the home networks of hundreds of thousands of consumers at risk".
"The Internet of Things is growing by leaps and bounds, with millions of consumers connecting smart devices to their home networks," said Jessica Rich, director of the FTC Bureau of Consumer Protection.
"Routers play a key role in securing those home networks, so it's critical that companies like Asus put reasonable security in place to protect consumers and their personal information."
The FTC said that Asus talks a good security game, but does not deliver on its promises. The leaky gear was marketed as having protective security features, but the firm had not taken "reasonable steps to secure the software on its routers", according to the FTC.
"Hackers could exploit pervasive security bugs in the router's web-based control panel to change any of the router's security settings without the consumer's knowledge," the FTC said.
"A malware researcher discovered an exploit campaign in April 2015 that abused these vulnerabilities to reconfigure vulnerable routers and commandeer consumers' web traffic.
"The complaint also highlights a number of other design flaws that exacerbated these vulnerabilities, including the fact that the company set - and allowed consumers to retain - the same default log-in credentials on every router: username ‘admin' and password ‘admin'."
It doesn't even end there. The FTC is not sure about Asus router features for cloud storage called AiCloud and AiDisk. These services were supposed to be secure and private, but had "serious security flaws".
We have asked Asus for its comment on the case. µ
Crapsicab firm says bug 'isn't particularly severe'
4.15 follows shortly
Lithium-metal batteries are lighter and hold more juice
Loved up... but weighed down with debt