What's new

Asus Router Security Discussion

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

NismoZ

Occasional Visitor
Folks, let me start out by saying that I do not own an Asus router, but have wanted one for my next upgrade. The purpose of this is not to flame anything about Asus products, it's just to serve as a discussion and info page for security issues, and maybe some people will benefit from reading it. I have read through several threads about the latest attack in October and trying to gain some more knowledge of how these happen and what Asus owners can do to minimize future attack surfaces.

People that have had Asus routers over the last several years, how many of these hacks have you seen?
  • When these attacks happen, does it affect all models or only some of them on the currently support firmware versions?
  • Do the attacks happen from infected Asus SaaS offerings that the routers use, or does code get installed onto the routers and launches from there?
  • If one does these things, does that shut off access to the outside for attacks and can these attacks be prevented? Disable Asus AICloud, Use only local IPs for router mgmt and not the Asus web link, Do not use WEP/WPA1 and only use WPA2/3, Disable Remote Admin, Telnet, SSH, DMZ and others.
Any other info that can help prevent future attacks for anyone reading?
 
Last edited:
First, if you haven't done so already, use the forum search feature to find a number of past discussions covering malware on Asus routers. There have been a number of recent malware infections over the past few years.

See the Asus Product Security Advisory page if you haven't already, some updates there about some of the past intrusions/malware hacks:
In particular see this entry from last September:
09/06/2024 Guidance on enhancing router security
We recommend regularly checking your equipment and security measures for enhanced safety. If you use an ASUS router, follow these steps:
• Update your router with the newest firmware. We encourage you to do this when new firmware becomes available. You can find the newest firmware on the ASUS support page at
https://www.asus.com/support/ or the relevant product page at
https://www.asus.com/Networking/. ASUS has provided a link to new firmware for some routers at the end of this notice.
• Use different passwords for your wireless network and router-administration page. Use passwords that have at least 10 characters, with a mix of capital letters, numbers and symbols. Do not use the same password for more than one device or service.

Please ensure that your login and WiFi passwords are secure if you cannot upgrade the firmware promptly. "
For further help with router setup and an introduction to network security, please visit
https://www.asus.com/support/FAQ/1008000
https://www.asus.com/support/FAQ/1039292
Please update the firmware for the models listed to the version specified in the table.
If your router is listed below, follow these steps to secure it:
  • Reset the router to default settings.
  • Disable remote access services such as WAN access, AiDisk, AiCloud, FTP, Download Master, VPN, Port Forwarding.
Generally, this goes for most consumer grade routers, you can limit the intrusions by not opening up any ports or services to the internet on the router (or to clients behind the router via port forwarding). This includes disabling WAN admin access among other things.

Understand that no matter how much you harden the router, if your clients on the local network become infected the router itself can become compromised or infected. This is why good security is a layered approach. Not only do you harden the router, you also need to harden the computers and devices on the local network. More often then not it is the human inside the network that compromises their network or router either by clicking on malware, visiting malware sites, opening an infected email/file, or simply opening up the router to external access through router internet facing services/features.
 
You have 2 options. Buy something that works out of the box or build our own and secure it.

The wifi settings only matter locally and within RF range for anything to be impacted.

The problem with most consumer routers is you don't know what's running in the background most of the time and sometimes can't even control it if the firmware is closed sourced. When you have things running in the background they will pinhole the security to get out to the internet.

I went DIY about 10 years ago now and my motivation was to get away from over priced cheap boxes with crappy updates. I've upgrade/rebuilt the setup a few time over the years for other tasks the box is performing but, the router function remains the same from one version to another and is quick to port from one system to the next. The only downside is WIFI not having as many options to internalize within the box as things progress. For AC I was able to use an internal card for the AP portion but, AX/E was dominated by Intel and that doesn't work well as an AP. BE has some promise though with a few Qualcomm options for about $35 M2. Right now it's just a matter of waiting on the devs to release the pieces of code to bring it up into operation.

Besides all of this running a DIY configuration allows you to manage things how you want. If you want more security monitoring you just install the SW. If you just want something simple to monitor things then just install it. If you start out with 1GE ports and decide you need to upgrade or add 2.5GE for an AP then you just get a NIC instead of a new router. When I was running spinner disks for the "NAS" portion I tested the speeds and found that 5GE would be sufficient to max them out over the network which prompted adding a 5GE NIC. I swapped out the disks though last year for a NVME U.3 drive that does 6.5GB/s which means the need for more speed. I pondered 10GE as one device is a laptop and that's the most you can get over the USB/TB port for a dongle. Instead for the rare need to connect for a large data copy I just use the TB cable between them and sync at 20gbps and saved some money on more HW.

For protecting the system you also have the ability to update the kernel weekly which applies the patches to the system for new CVE's as they come along instead of relying on a router OEM to release a patch based on a kernel that's over 5 years old. Besides this though if you setup the firewall rules to protect traffic it really shouldn't be an issue unless a client triggers opening a flood of ports or is infected and sends your data out without permission. Using something like pihole to block traffic based on the DNS also helps squash some of the threats or privacy issues.

Basically you have options by DIY that you don't with a prepackaged box. Put it to work for more than just internet as the router impact is very little.
 
On this latest round of Asus malware, how did the code get into the router? Was it through something launched in clients internally or did it come through for only people who had certain services open external?

Are there online security sites that can scan against your router from the outside to determine if there are any holes?
 
On this latest round of Asus malware, how did the code get into the router? Was it through something launched in clients internally or did it come through for only people who had certain services open external?
Not sure it's been determined definitvely yet exactly what the attack vector is. Speculation seems to center around AiCloud services (AiCloud and or AiDisk) being the target since disabling them seems to fix some people's issues. Not clear if the vector is coming through the external open AiCloud/AiDisk service or coming from internal vector (compromised machine or human clicking malware). Eventually people will figure out what the specific attack vector is/was.
 
When setting up Asus routers, if you use the app like they say to do, can you do that without creating any Asus online accounts? Or do you need to do it the old fashioned way of plugging in a wired NIC on the same subnet and logging into the router in order to forgo the online Asus account?
 
Asus account is not required with both App or WebUI setup.
Data sharing to Asus is required for Firmware Updates, Asus App, Asus DDNS, Remote Connection, AiCloud, AiDisk.

Data sharing to Trend Micro is required for popular firmware features. Without it the following will not work:
AiProtection, Traffic Analyzer, Apps Analyzer, Web & Apps Filters (Parental Controls), Adaptive QoS, Game Boost, Web History.
 

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top