Asus Router app and "unintentional" activation of remote access to router

[JOE.G]

Reading above It seems that it will force teh changes or wont work if you don't accept it
Unless I read it wrong.

 

[ColinTaylor]

Reading above It seems that it will force teh changes or wont work if you don't accept it
Unless I read it wrong.

That's my assumption as well, which is why I said to try it and find out.

 

[JOE.G]

Yeah i just don't want to have to do a factory reset again.

 

[ColinTaylor]

Yeah i just don't want to have to do a factory reset again.

Log into the router and go to Administration > Restore/Save/Upload Setting. Then do a "Save setting".

If after you try using the app you are concerned about the changes it has made you can restore your previous configuration from that file.

 

[JOE.G]

Got it thanks

 

[MarkyPancake]

I haven't used the app for a while, but from what I can remember, it only enables remote management and DDNS to be able to work and doesn't automatically change any other settings.

I'm also pretty sure the Android version warns about enabling these features and if don't accept it, then the app will not work with your router until you do and these features are enabled.

 

[necromancyr]

Just installed the app (Android). Got the warning, declined the remote access feature, and it didn't turn on access via WAN - at least not visibly through the GUI. This is on stock firmware (3.0.0.4.384_21140) and app version 1.0.0.3.46. Also, when I disconnect from WiFi on my phone, the app says 'unable to reach' router. So, seems to be working more securely.

I do have DDNS setup, however, for a VPN.

 

[umarmung]

Just installed the app (Android). Got the warning, declined the remote access feature, and it didn't turn on access via WAN - at least not visibly through the GUI. This is on stock firmware (3.0.0.4.384_21140) and app version 1.0.0.3.46. Also, when I disconnect from WiFi on my phone, the app says 'unable to reach' router. So, seems to be working more securely.

I do have DDNS setup, however, for a VPN.

You cannot rely on the app's GUI for verification, since that was part of the problem before. The best way to actually verify is to check the router's web management page directly for changes.

 

[necromancyr]

Hrm. So directly attempt access from a web browser? Any special way to do so? Want to confirm it's secure. To be clear, on the configuration page Access GUI via WAN was off on mine and the app wouldn't connect if on a remote (i.e., mobile) network.

 

[umarmung]

Hrm. So directly attempt access from a web browser? Any special way to do so? Want to confirm it's secure. To be clear, on the configuration page Access GUI via WAN was off on mine and the app wouldn't connect if on a remote (i.e., mobile) network.

If you are checking from the wired local network, then you login the same way you would if you did not have any apps, i.e. https://192.168.1.1 or http://192.168.1.1 or substitute whatever your router IP is. Then log in.

If checking the public IP, as if you are a remote stranger, then the same thing but with your public IP. You do not need to log in. If you see any response/login page at all, then remote access is enabled on your WAN which is a security disaster.

 

[necromancyr]

Ok. In that case, no it's definitely not available. Wasn't sure if I needed a special port included or anything to access. So...it seems to be working "securely" now but...who knows. Once I get everything setup (just installed the router yesterday) I'll prob. delete the app to make sure something like this doesn't happen anyway.

 

[Zonkd]

This is getting ridiculous. AiCloud is a disaster hurting customers. Blast from the past: https://arstechnica.com/information...e-been-pwned-thanks-to-easily-exploited-flaw/ They haven't learned a thing since then. Max password length is 16 characters. And people always use weak passwords because it's assumed that routers can only be accessed by LAN devices (which are usually trusted). So irresponsible enabling all this bloatware crap by default. More often get reports of people being hacked, some of them are unexplained. ASUS seem so incompetent I don't even trust their implementation of VPN servers anymore.

 

[arthurlien]

This is getting ridiculous. AiCloud is a disaster hurting customers. Blast from the past: https://arstechnica.com/information...e-been-pwned-thanks-to-easily-exploited-flaw/ They haven't learned a thing since then. Max password length is 16 characters. And people always use weak passwords because it's assumed that routers can only be accessed by LAN devices (which are usually trusted). So irresponsible enabling all this bloatware crap by default. More often get reports of people being hacked, some of them are unexplained. ASUS seem so incompetent I don't even trust their implementation of VPN servers anymore.

Could you let me know what security issue you met?

 

[Zonkd]

Could you let me know what security issue you met?

Simply annoyed that ASUS make it too easy for users to enable AiCloud and remote access features. The unintentional activation through the app is stupid. And it's not hard for an attacker to find all these vulnerable routers with them all using ASUS DDNS. They're making it too easy for a mass exploit.

 

[arthurlien]

Simply annoyed that ASUS make it too easy for users to enable AiCloud and remote access features. The unintentional activation through the app is stupid. And it's not hard for an attacker to find all these vulnerable routers with them all using ASUS DDNS. They're making it too easy for a mass exploit.

Could you tell me some example about "too easy to enable AiCloud and remote access" as you said?

 

[necromancyr]

So, after having the app on I've run a few port scans to check and it appears that remote access hasn't been enabled (as far as I can tell). One thing that WAS interesting to me that I didn't realize when setting things up is turning on SSH defaults to SSH accessible via the WAN - and there is another option for LAN only below "yes". Somehow I missed that and my router had SSH up for a good 12 hours. I believe that's just my fault, but definitely something that I didn't even consider would be possible that easily and didn't show up on the 'Ai Protect' page I don't believe.

 

[JOE.G]

SSH? Sorry not up on all these things.

 

[OzarkEdge]

So, after having the app on I've run a few port scans to check and it appears that remote access hasn't been enabled (as far as I can tell). One thing that WAS interesting to me that I didn't realize when setting things up is turning on SSH defaults to SSH accessible via the WAN - and there is another option for LAN only below "yes". Somehow I missed that and my router had SSH up for a good 12 hours. I believe that's just my fault, but definitely something that I didn't even consider would be possible that easily and didn't show up on the 'Ai Protect' page I don't believe.

I believe ASUS fixed the app enabling remote access, BUT... I hold that the swipe interface is inherently prone to unintentional actions that can too easily disrupt/compromise an AiMesh.

OE

 

[Gar]

I turned off access in 56u and it appears on/off switch in app is gone now, at least I can’t find it...don’t remember where it was but looked carefully. Have latest app version and some features now disabled, wont show b/w data amounts.

 

[dda]

Hello - this is an old thread, but I just accidentally hit the enable remote access on the app and am wondering which settings I need to disable in my router to disable this. I turned it back off in the app, but I saw in the first post that I need to disable something about AICloud, DDNS, and remote web access but am having trouble finding these in the web router interface. (specifically when I click Advanced settings -> Administration -> Administration System - I see only two things relevant to remote access... "enable web access from WAN" and "enable access restrictions," both of which are now off. I don't see anywhere else to disable AICloud, DDNS, and to prevent public access to the login page of my router? Thanks for your help.