ASUS Automatic Updates Compromised by Hackers
PC and laptop manufacturer ASUS unwittingly installed malware on its customers' laptops, according to a cyber security company. The malware went out to around a million people, yet appears to have been a highly targeted attack.
The claims come from Kaspersky Lab, with rival firm Symantec confirming it has found similar evidence of the attack. At the time of writing, ASUS has yet to comment publicly on the claims. (Source: kaspersky.com)
According to Kaspersky Lab, the hackers took advantage of ASUS Live Update Utility. That's a tool by which ASUS automatically updates software on laptops, including key system files that run before Windows first loads.
Rogue Files Well-Disguised
The problem here is that hackers were able to breach ASUS's systems and add rogue files to the update tool in place of a real update. To do so, they found a way to use a genuine security certificate to "prove" the rogue files were legitimate. Hackers went as far as making sure the modified files were the same size as the original update in order to cover their tracks.
Kaspersky estimates that the update went out to around a million people and has been installed by more than 57,000 users. Though these numbers are estimates, it's possible that the rogue update only went out to specific laptop models. Even so, anti-malware tools may have blocked the rogue update, though if that were the case it would have likely made headlines a lot sooner.
Attack Highly Targeted
Either way, it's a very serious breach as both users and automated security tools will often naturally assume an update from a device manufacturer is genuine. To make things worse, Kaspersky says the same tactic has been used in attempted attacks against three other manufacturers.
Despite the rogue attack, there is some good news.
Even if hackers were successful in gaining access to machines, Kaspersky estimates that they would have only exploited around 600 cases. That's because the second part of the attack was highly targeted; in this case, the attack sought out specific MAC addresses, which are similar to unique serial numbers on individual wired network cards or wireless adaptors. (Source: vice.com)
What's Your Opinion?
Are you surprised ASUS hasn't contacted customers about this reported breach? Do you use automated update tools from your laptop's manufacturer? Would you normally trust such tools to be secure?
My name is Dennis Faas and I am a senior systems administrator and IT technical analyst specializing in cyber crimes (sextortion / blackmail / tech support scams) with over 30 years experience; I also run this website! If you need technical assistance , I can help. Click here to email me now; optionally, you can review my resume here. You can also read how I can fix your computer over the Internet (also includes user reviews).
We are BBB Accredited
We are BBB accredited (A+ rating), celebrating 21 years of excellence! Click to view our rating on the BBB.
Comments
Automated updates
I had just finished downloading an automated update from Dell to my laptop. It is the first time I've done this, so it shook me a bit to see this article. The auto update also included a BIOS update, which is why I ran the update in the first place. It showed up as a message in the sidebar after I started Windows 10. In answer to the question above, yes, I would normally trust these tools to be secure. But apparently they are not.