Asus router flaw leaves users' entire hard drives open to anyone on the Internet

Advertisement
By Jamshed Avari | Updated: 14 January 2014 16:58 IST
Asus router flaw leaves users' entire hard drives open to anyone on the Internet
Convenience often comes at the cost of security, as demonstrated by Asus routers that come with a feature designed to allow users to access their hard drives' contents from anywhere in the world, but actually leave those drives open to anyone with an Internet connection. First reported by Sweden's IDG.se, the vulnerability has exposed how easy it is for users to unknowingly leave themselves open to malicious attacks, identity theft, piracy, and other security risks. The problem is the direct result of Asus consciously designing its default router configuration to favour convenience over security by not requiring a strong password.

The feature in question, called AiDisk, is designed to give users access to a hard drive plugged directly into a router's USB port. The feature is supported on a number of Asus router models, some of which have been on the market for over a year. All router manufacturers offer similar functionality on certain models.

Users who choose to plug a hard drive into their router might not be aware that Asus uses standard FTP (File Transfer Protocol) to make the drive function as a server, using your router's uniquely identifiable IP address. Such servers can be detected and accessed by anyone with an Internet connection, with very little effort. The routers also broadcast their model numbers by default, further inviting anyone who is familiar with the flaw. Visitors might have a casual interest in your server's contents, or they might have malicious intent-it's only a strong password that can keep them out. Unfortunately, in an effort to make FTP sharing completely transparent to users, Asus selected a default configuration option that does not require a password at all.

News site Thehackernews.com reports that Asus has acknowledged the problem and has committed to releasing a firmware patch for the affected models that will prompt users to configure a suitable password upon activating the feature. However it's impossible to estimate what percentage of affected users will install the patch or even be aware that it exists.

 

For the latest tech news and reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.

Advertisement

Related Stories

Popular Mobile Brands
  1. Retro OTT Release Reportedly Revealed: When and Where to Watch it Online?
  2. HP Launches OmniStudio X All-in-One PC With Intel Core Ultra 7 CPU
  3. Infinix GT 30 Pro 5G With MediaTek Dimensity 8350 Ultimate SoC Launched
  4. Google I/O 2025: Here Are All the Major AI Announcements
  5. Oppo Reno 14 Series to Arrive With Integrated Google Gemini Features
  1. Cyberpunk 2077 Sequel Will Feature a Second City in Addition to Night City, Says Series Creator
  2. Trump Memecoin Holders Set to Dine With US President, Tron Founder Justin Sun Confirms Attendance 
  3. Amazon Working on Large Foldable Device Similar to Huawei MateBook Fold Ultimate: Ming-Chi Kuo
  4. Infinix GT 30 Pro 5G With MediaTek Dimensity 8350 Ultimate SoC, 5,500mAh Battery Launched: Price, Features
  5. Google Announces SynthID Detector That Can Identify Gemini-Generated Content at Google I/O 2025
  6. Realme Buds Air 7 Pro Global Launch Set for May 27; Colours, Key Features Revealed
  7. iQOO Watch 5 With 1.43-Inch AMOLED Display and TWS Air 3 With Up to 45 Hours of Total Battery Life Launched
  8. Google Outlines Vision for Universal AI Assistant, Expands Project Astra and Project Mariner
  9. Xiaomi to Equip Premium Smartphones With Snapdragon 8-Series Chips as Part of Multi-Year Agreement
  10. Hong Kong Passes stablecoin Bill, One Step Closer to Issuance
Gadgets 360 is available in
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2025. All rights reserved.