Asus router vulnerabilities go unfixed despite reports

Despite a few quirks, the Asus RT-N66U makes an excellent N900 router for homes and small offices alike.

(Credit: Josh Martin/CNET)

It may be news to you that some Asus wireless routers leave your computer and networked drives open to hackers, but Asus has known about the problems for months, reports indicate.
The vulnerabilities make it possible for hackers to access directories on networked drives using Asus' proprietary AiCloud option. Enabling features such as "Cloud Disk," "Smart Access," and "Smart Sync" appear to enable the vulnerability, security researcher Kyle Lovett told Ars Technica.

Enabling the file-sharing tool Samba in the router also exposes the vulnerability to hackers.
Lovett told CNET that following his report of a related vulnerability in June that exposes hard drives of computers connected to the affected Asus routers, he reported to Asus representative Nick Mijuskovic the newer flaw to Asus in both September and November to no avail.
"I only received a reply of we'll look into it," Lovett wrote in an e-mail.
Asus did not immediately respond when asked for comment. CNET will update the story when we hear back from the company.
Two weeks ago, suspected hackers posted a list of more than 13,000 IP addresses gleaned from vulnerable Asus routers.
The vulnerability affects nearly a dozen Asus routers, including the RT-AC66R, RT-AC66U, RT-N66R, RT-N66U, RT-AC56U, RT-N56R, RT-N56U, RT-N14U, RT-N16, and RT-N16R. Apparently, Asus has released a firmware update that patches the vulnerabilities, but owners of those routers will have to manually install the update by going to the Asus site and following their instructions.
Jacob Holcomb, a security researcher at Independent Security Evaluators who uncovered widespread Wi-Fi router vulnerabilities first reported by CNET last year, said that the prevention of these kinds of attacks depends on the router vendor, and not the end user.
"These types of attacks could be prevented if security was a higher priority in the router manufacturers software development life cycle," Holcomb said. "At the end of the day, this is just the tip of the iceberg; with the amount of vulnerable network hardware comprising the internet infrastructure, people should count on more large scale attacks."
Both Holcomb and Lovett pointed to ongoing problems with routers. Linksys, for example, has struggled with vulnerabilities beyond the self-replicating malware afflicting some of its Wi-Fi routers.
Since last year, Wi-Fi routers have found themselves in the cross-hairs of researchers becoming increasingly aware of their inherent weaknesses.
These security problems with home wireless routers -- devices specifically designed to connect the Internet to your phone, tablet, and computer -- underscore the difficulty that makers of devices just now gaining Internet connectivity will face in keeping hackers out of their connected home products in the years ahead.