Hackers manage to exploit an eight-month-old flaw in Asus routers

Two weeks ago, a group posted almost 13,000 IP addresses its members said hosted vulnerable Asus routers. They also published a torrent link containing more than 10,000 complete or partial lists of files stored on the Asus-connected hard drives. The guerilla-style hacking disclosure comes eight months after a security researcher publicly disclosed the underlying vulnerability that exposed the hard drives of Jerry and so many other Asus router users. 

Hackers have exploited an eight-month-old flaw in Asus routers, giving anyone access to data stored on drives connected directly through the USB port on the back. Some affected users have found text files on their connected drives informing them they’ve been hacked, with instructions on how to protect themselves. “This is an automated message being sent out to everyone effected. Your Asus router (and your documents) can be accessed by anyone in the world with an Internet connection,” the message reads. Finding this message on their connected drive has alarmed some users, who believed that the drive was only accessible through their local network.

Read full article