ASUS RT Wireless Routers Easy to Hack, Easy to Patch
An inventive hack could hijack your entire Internet experience if you don't update your ASUS RT router quickly and carefully.
Protecting your computer is a fairly straightforward process, but when was the last time you paid any attention to your wireless router? Routers are surprisingly vulnerable to sophisticated hacks, and ASUS' RT line of wireless routers is no different. An inventive hack could hijack your entire Internet experience if you don't update quickly and carefully.
Security researcher David Longenecker described the flaw on his blog. The current vulnerability is the latest in a long list of ASUS router flubs, and affects the RT-AC68U, RT-AC68U, RT-AC66R, RT-AC66U, RT-AC56R, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U models, with possible ramifications for the RT-N53, RT-N14U, RT-N16, and RT-N16R versions as well.
MORE: Your Router's Security Stinks: Here's How to Fix It
The actual vulnerability is quite complicated, so check out Longenecker's blog to learn the exact details, but it boils down to the way the routers process firmware updates. Firmware updates on ASUS RT routers require a verification on both ends, but do not require this verification to go through a secure HTTPS server. This could allow an inventive hacker to create and supply his or her own bogus update.
Providing phony firmware might not seem like a big threat, but consider that your router is your gateway to the rest of the Internet. Malicious commands in an update script could redirect you to bogus versions of important sites, such as Gmail or a banking website. Logging on to fraudulent sites would send your authentication credentials to a malefactor rather than to a trusted source. Running programs to spread adware or malware would also not be difficult.
The good news is that ASUS has been alerted to this problem and has added an undocumented fix to the latest version of the firmware for each affected router. The bad news, of course, is that the very flaw ASUS is trying to patch makes it dangerous to download the updated firmware.
Longenecker recommends downloading firmware directly from ASUS, which should mitigate any risks, although the ASUS website does not itself use HTTPS — which means anyone whose router has already been hacked could end up being redirected to a bogus ASUS site.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
To be certain you're getting the real thing, first find a friend with a different brand of router. Then use one of her computers to browse to the ASUS website and find the support page for your model of ASUS router. Download the ZIP compressed archive of the latest firmware, making sure you get the version that matches your version of Windows.
Don't extract the files from the archive right away. Instead, copy the archive to a flash drive, take it to your main Windows computer and extract the archive there. Then open the ASUS router administrative software on your computer, click Advanced Setting, click Firmware Upgrade, browse to the extracted files from the flash drive and hit Upload.
- Best PC Antivirus Software 2014
- Scariest Security Threats Headed Your Way: Special Report
- 10 Facebook Privacy and Security Settings to Lock Down
Marshall Honorof is a Staff Writer for Tom's Guide. Contact him at mhonorof@tomsguide.com. Follow him @marshallhonorof and on Google+. Follow us @tomsguide, on Facebook and on Google+.
Marshall Honorof is a senior editor for Tom's Guide, overseeing the site's coverage of gaming hardware and software. He comes from a science writing background, having studied paleomammalogy, biological anthropology, and the history of science and technology. After hours, you can find him practicing taekwondo or doing deep dives on classic sci-fi.