Menu
What's new
By:
Filters Better Search

Asus Router Security Discussion

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

N

NismoZ

Occasional Visitor
Folks, let me start out by saying that I do not own an Asus router, but have wanted one for my next upgrade. The purpose of this is not to flame anything about Asus products, it's just to serve as a discussion and info page for security issues, and maybe some people will benefit from reading it. I have read through several threads about the latest attack in October and trying to gain some more knowledge of how these happen and what Asus owners can do to minimize future attack surfaces.

People that have had Asus routers over the last several years, how many of these hacks have you seen?
  • When these attacks happen, does it affect all models or only some of them on the currently support firmware versions?
  • Do the attacks happen from infected Asus SaaS offerings that the routers use, or does code get installed onto the routers and launches from there?
  • If one does these things, does that shut off access to the outside for attacks and can these attacks be prevented? Disable Asus AICloud, Use only local IPs for router mgmt and not the Asus web link, Do not use WEP/WPA1 and only use WPA2/3, Disable Remote Admin, Telnet, SSH, DMZ and others.
Any other info that can help prevent future attacks for anyone reading?
 
Last edited:
First, if you haven't done so already, use the forum search feature to find a number of past discussions covering malware on Asus routers. There have been a number of recent malware infections over the past few years.

See the Asus Product Security Advisory page if you haven't already, some updates there about some of the past intrusions/malware hacks:

ASUS Product Security Advisory | ASUS Global

www.asus.com www.asus.com
In particular see this entry from last September:
09/06/2024 Guidance on enhancing router security
We recommend regularly checking your equipment and security measures for enhanced safety. If you use an ASUS router, follow these steps:
• Update your router with the newest firmware. We encourage you to do this when new firmware becomes available. You can find the newest firmware on the ASUS support page at
https://www.asus.com/support/ or the relevant product page at
https://www.asus.com/Networking/. ASUS has provided a link to new firmware for some routers at the end of this notice.
• Use different passwords for your wireless network and router-administration page. Use passwords that have at least 10 characters, with a mix of capital letters, numbers and symbols. Do not use the same password for more than one device or service.

Please ensure that your login and WiFi passwords are secure if you cannot upgrade the firmware promptly. "
For further help with router setup and an introduction to network security, please visit
https://www.asus.com/support/FAQ/1008000
https://www.asus.com/support/FAQ/1039292
Please update the firmware for the models listed to the version specified in the table.
If your router is listed below, follow these steps to secure it:
  • Reset the router to default settings.
  • Disable remote access services such as WAN access, AiDisk, AiCloud, FTP, Download Master, VPN, Port Forwarding.
Click to expand...
Generally, this goes for most consumer grade routers, you can limit the intrusions by not opening up any ports or services to the internet on the router (or to clients behind the router via port forwarding). This includes disabling WAN admin access among other things.

Understand that no matter how much you harden the router, if your clients on the local network become infected the router itself can become compromised or infected. This is why good security is a layered approach. Not only do you harden the router, you also need to harden the computers and devices on the local network. More often then not it is the human inside the network that compromises their network or router either by clicking on malware, visiting malware sites, opening an infected email/file, or simply opening up the router to external access through router internet facing services/features.
 
You have 2 options. Buy something that works out of the box or build our own and secure it.

The wifi settings only matter locally and within RF range for anything to be impacted.

The problem with most consumer routers is you don't know what's running in the background most of the time and sometimes can't even control it if the firmware is closed sourced. When you have things running in the background they will pinhole the security to get out to the internet.

I went DIY about 10 years ago now and my motivation was to get away from over priced cheap boxes with crappy updates. I've upgrade/rebuilt the setup a few time over the years for other tasks the box is performing but, the router function remains the same from one version to another and is quick to port from one system to the next. The only downside is WIFI not having as many options to internalize within the box as things progress. For AC I was able to use an internal card for the AP portion but, AX/E was dominated by Intel and that doesn't work well as an AP. BE has some promise though with a few Qualcomm options for about $35 M2. Right now it's just a matter of waiting on the devs to release the pieces of code to bring it up into operation.

Besides all of this running a DIY configuration allows you to manage things how you want. If you want more security monitoring you just install the SW. If you just want something simple to monitor things then just install it. If you start out with 1GE ports and decide you need to upgrade or add 2.5GE for an AP then you just get a NIC instead of a new router. When I was running spinner disks for the "NAS" portion I tested the speeds and found that 5GE would be sufficient to max them out over the network which prompted adding a 5GE NIC. I swapped out the disks though last year for a NVME U.3 drive that does 6.5GB/s which means the need for more speed. I pondered 10GE as one device is a laptop and that's the most you can get over the USB/TB port for a dongle. Instead for the rare need to connect for a large data copy I just use the TB cable between them and sync at 20gbps and saved some money on more HW.

For protecting the system you also have the ability to update the kernel weekly which applies the patches to the system for new CVE's as they come along instead of relying on a router OEM to release a patch based on a kernel that's over 5 years old. Besides this though if you setup the firewall rules to protect traffic it really shouldn't be an issue unless a client triggers opening a flood of ports or is infected and sends your data out without permission. Using something like pihole to block traffic based on the DNS also helps squash some of the threats or privacy issues.

Basically you have options by DIY that you don't with a prepackaged box. Put it to work for more than just internet as the router impact is very little.
 
On this latest round of Asus malware, how did the code get into the router? Was it through something launched in clients internally or did it come through for only people who had certain services open external?

Are there online security sites that can scan against your router from the outside to determine if there are any holes?
 
NismoZ said:
On this latest round of Asus malware, how did the code get into the router? Was it through something launched in clients internally or did it come through for only people who had certain services open external?
Click to expand...
Not sure it's been determined definitvely yet exactly what the attack vector is. Speculation seems to center around AiCloud services (AiCloud and or AiDisk) being the target since disabling them seems to fix some people's issues. Not clear if the vector is coming through the external open AiCloud/AiDisk service or coming from internal vector (compromised machine or human clicking malware). Eventually people will figure out what the specific attack vector is/was.
 
You must log in or register to reply here.

Similar threads

I
Latest CEVs regarding Asus routers, and what exactly is affected ?
Replies
7
Views
465
iFrogMac
I
D
Skynet Rapid Reset http2/http3 CVE-2023-44487
Replies
6
Views
1K
DJones
D
eibgrad
Clarification and Discussion on Recent 388.8 Changes
2
Replies
25
Views
2K
eibgrad
eibgrad
E
Questions related to Asus warranty return process & with AX router
Replies
7
Views
1K
L&LD
L&LD
PR3MIUM
New Asus GT-BE19000 and BE6500/BE3600 with KI
Replies
12
Views
4K
TheLostSwede
TheLostSwede
Similar threads
Thread starter Title Forum Replies Date
N ASUs router per device whitelist ASUS Wi-Fi 0
J Asus router reboots same time each night ASUS Wi-Fi 1
F Bought asus rt-ax86u pro router ASUS Wi-Fi 4
D Asus Router only reaching 300MBPS. ASUS Wi-Fi 19
T TX RX Asus router ASUS Wi-Fi 7
M Solved Asus router RT-88U SSD/HDD enclosure not recognised ASUS Wi-Fi 3
B Bought the Asus AX5700 Dual-band RT-AX86U Pro router.. Should I pay $50 more for the Asus AX6000 or AXE7800? ASUS Wi-Fi 3
W Blocking QUIC on an ASUS AX6000 Router ASUS Wi-Fi 27
Q Access device connected to Asus router remotely? ASUS Wi-Fi 3
N 12V ASUS router with the longest 2.4GHz WiFi range ASUS Wi-Fi 39

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 790 (members: 21, guests: 769)
Top