Looking for feedback: Anyone considering AiCloud important to them?

[kuchkovsky]

Do you really mean this?

A router is a device that connects computer networks to each other. All other features, like SMB, are more suited to dedicated servers. These features are included in routers mostly for marketing reasons - they work fine for basic use cases but fall short for advanced needs. For example, if you require high-performance SMB, using a router is not a viable option.

From a practical standpoint, there isn’t much value in directly exposing the admin panel of a router to the internet. A router is typically a set-and-forget device, so once it’s configured, there shouldn’t be many reasons to regularly access its admin panel. For occasional remote troubleshooting, a VPN is sufficient.

making one universal and well-protected login page is not that difficult

Keeping a web server secure isn’t easy. Web servers must regularly update their entire software stack to stay secure. Vulnerabilities can exist anywhere - in the HTTP server, user-space tooling, or even the kernel itself. So why would you risk potentially compromising your router by exposing it 24/7 to the entire internet for a feature that’s only needed in rare cases?

 

[kryptto]

Dump It.

 

[rotareneg]

I use a script that monitors remote accesses to a router running AiCloud to generate random numbers. Removing it would break my workflow so I vote no.

 

[eastavin]

I thought some of the AI Cloud features looked interesting when I first got into Asus. However after reading up on security issues here soon after I gave up on the idea. Years go by... now I just use an openVPN if I need remote access, and an ethernet attached private NAS for file storage. Integration with a cloud service was an idea years ago but now I just view it as another headache I am not interested in view of the Asus security issues. Lots of other ways to achieve similiar results without security issues. I do use the 3G/4G USB for backup but I dont think that falls under AI Cloud.

 

[DJones]

I do use the 3G/4G USB for backup but I dont think that falls under AI Cloud.

@eastavin Not to worry that doesn’t fall under AiCloud.

 

[DJones]

Why can I securely log into my bank and many other sites, but not into my router? Can't Asus even do something this simple?

I use VPN now, but if it were not necessary, it would be easier for me and other regular users.

If you host an actual server you have the same risks. Except hopefully you have a experienced IT guy who is using a much newer kernel and is receiving frequent updates and patches. ASUS only does updates with its routers maybe 2-3 times a year and they certainly don’t update the kernel except for backports. Which is terrible. Software in routers tend to be old.

I said as much here banks have teams of people who are in IT and Cybersecurity that are paid big money to keep bank servers secure. You and your router are simply not important enough for that level of financial commitment by ASUS or any router manufacturer. There are easier solutions to protect yourself than exposing your router. If you want frequent patches on the level of an actual server then you need to look into x86_64 based servers running something like OPNsense or PFsense. Even then the risk is completely at your discretion and if it gets infected that isn’t anyone’s fault, but your own. Vulnerabilities will always exist known or not yet discovered. Mitigation is the best you can do if your able.

 

[charlesb224]

I don't use AiCloud on my AX92u and In the same way I avoided deadbolt ransomware on my Asustor Nas 2 years ago because I don't use or trust these types of services, but I understand that some do.

I'm very grateful that @GNUton is keeping this still capable router going.

However the work involved in removing it would add significant workload to maintaining this firmware. With this recent issue, Asus might make more changes to either replace it with something else or change other parts of their code that may break other stuff.
Keeping this thing disabled / hidden would become a major effort for each new firmware when the code is updated by Asus.

So my vote is to retain it for simplicity but ensure it's 'off' (which is the default anyway I believe)

 

[KGB7]

Not once since it was introduced many years ago.

 

[RMerlin]

I don't use AiCloud on my AX92u and In the same way I avoided deadbolt ransomware on my Asustor Nas 2 years ago because I don't use or trust these types of services, but I understand that some do.

I'm very grateful that @GNUton is keeping this still capable router going.

However the work involved in removing it would add significant workload to maintaining this firmware. With this recent issue, Asus might make more changes to either replace it with something else or change other parts of their code that may break other stuff.
Keeping this thing disabled / hidden would become a major effort for each new firmware when the code is updated by Asus.

So my vote is to retain it for simplicity but ensure it's 'off' (which is the default anyway I believe)

Disabling AiCloud is just a single change in a config file to turn it off at compile time.

 

[charlesb224]

Disabling AiCloud is just a single change in a config file to turn it off at compile time.

Understood, which makes it a more complex decision to disable it by default. As many others have indicated, people using your excellent firmware or Gnutons fork are likely more savvy in setting up the router. It makes zero difference to me, but maybe to others who do want to use this functionality.

 

[laracroftonline]

I wouldn’t miss it. Lots of other options like running nextcloud or something

 

[swejuggalo]

I guess the combination of wanting both Merlin firmware AND AiCloud is a very rare combo. Because if wanting Merlin you most likely have a other priority anyway.

 

[sfx2000]

Disabling AiCloud is just a single change in a config file to turn it off at compile time.

For the Features that AICloud offers, are there alternatives for the feature?

Within the AICloud Feature Set itself - which features are important?

I'm all for disabling AICloud itself, but open to alternatives that could be implemented either directly, or in the DMZ or NAT'ed device/jump box...

Some of these might be solved by other vendors/platforms - e.g. OneDrive/iCloud, TailScale, QNAP/Syno applications for NAS...

And some of those features in the AIClould app might not be useful these days - AICloud was interesting 10 years ago, but things have changed - user traffic is very different, services and apps have changed - heck in the last 10 years, look at where things are with mobile handsets - capabilities there have expanded on an logarithmic basis...

 

[Mutzli]

I have never used it, and I never will.

 

[RMerlin]

For the Features that AICloud offers, are there alternatives for the feature?

Use a VPN to directly access the network share.

 

[visortgw]

Use a VPN to directly access the network share.

... as well as anything else in your LAN that you need remote access to!

 

[Ripshod]

... as well as anything else n your LAN that you need remote access to!

........ that means everything. You're effectively connected directly to your home network, so you'll be able to access everything as if you were home.

 

[Analog-1]

I use a script that monitors remote accesses to a router running AiCloud to generate random numbers. Removing it would break my workflow so I vote no.

OVER RULED. Dump it.

 

[visortgw]

........ that means everything. You're effectively connected directly to your home network, so you'll be able to access everything as if you were home.

Yes, with a secure, encrypted connection...

 

[ProvableEnd]

Looks like it's time to throw this Asus piece of junk out the door and move on to something more solidly built. ;-)

I can see both sides and wish Asus would just stay on top of this and fix this security issue from their end. It seems they're just patching as they go! Either way I don't use this feature but hope Asus would just permanently fix it. That way it's an option for all to decide what's best for their on setup!

@virus_59

Removing this feature is probably a good thing for you. Didn't you say you were already hacked before?