https://motherboard.vice.com/en_us/arti ... -computers
New supply-chain attack/hack. This time ASUS' live update software has a backdoor, and was signed with ASUS' digital certificate. Estimated up to half a million compromised machines.
Named ShadowHammer, due to its similarities with the CCleaner (32 bit) supply-chain attack.
ASUS denied Kaspersky's inquiry two months ago, Symantec confirmed their findings Friday.
ASUS' live update software hacked, signed with ASUS digital certificate
-
donfairplay
- Posts: 249
- Joined: Mon Oct 06, 2008 8:16 pm
Re: ASUS' live update software hacked, signed with ASUS digital certificate
This is not good news for this brand, security nowadays must be at its finest to avoid hacking.
Re: ASUS' live update software hacked, signed with ASUS digital certificate
This issue is also being discussed on Reddit: Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers
-
fourwheelcycle
- Posts: 1727
- Joined: Sun May 25, 2014 5:55 pm
Re: ASUS' live update software hacked, signed with ASUS digital certificate
Great. I did lots of research last November and ended up buying a new Asus router! I use it for our Macs, and we do not live in Russia, so maybe we will be OK. I have not seen any info on how to tell if you have the malware in your router or computers, or which specific updates from Asus were used to transmit the malware.
Re: ASUS' live update software hacked, signed with ASUS digital certificate
Kaspersky's site has a tool which purports to look for this vulnerability. Reporting suggests the attack is highly focused on a limited number of large enterprise users. That is, even though many consumer end-user machines may be infected, the infection will remain dormant on them.
-
Doom&Gloom
- Posts: 4978
- Joined: Thu May 08, 2014 3:36 pm
Re: ASUS' live update software hacked, signed with ASUS digital certificate
As I understand it, routers are unaffected. Only Asus Windows PCs & laptops.fourwheelcycle wrote: ↑Tue Mar 26, 2019 6:46 am Great. I did lots of research last November and ended up buying a new Asus router! I use it for our Macs, and we do not live in Russia, so maybe we will be OK. I have not seen any info on how to tell if you have the malware in your router or computers, or which specific updates from Asus were used to transmit the malware.
Re: ASUS' live update software hacked, signed with ASUS digital certificate
On this page ASUS provides a link to a diagnostic tool to check if your computer has been compromised:
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
Also, from Reddit:
https://www.asus.com/News/hqfgVUyZ6uyAyJe1
Also, from Reddit:
This only affects ASUS machines running Live Update that was downloaded between June and November of 2018. That puts approximately 3-4 million machines sold by ASUS in that time frame, in addition to downloads from the web. It's likely that this malware is on your machine, but is dormant because only 600 specific MAC addresses would trigger the next stage of the malware. As of now, even if you have the malware it's likely not doing anything. Instead, this exposes a huge security oversight and example of attacking at the vendor/source level.