FTC Settles with Asus for Failure to Properly Protect Consumers…
On Tuesday, the U.S. Federal Trade Commission settled charges against Asus for failure to protect their consumers, which against federal law. According to Ars Technica, the settlement requires Asus to maintain a comprehensive security program. Any time within the next two decades, this program can be subject to independent audits to ensure it is functioning properly.
In February of 2014, a major security hole was found in Asus routers. This hole allowed external parties access to consumer data and files, as well as provided the ability to change security settings. The files were accessible through the AiDisk and AiCloud functions. These functions are similar to any file sharing capabilities that may be found today. However, these programs did not encrypt the files as they were being transferred.
This security gap was a result of Asus failing to perform penetration tests to assess any vulnerability issues. In February of 2014, there were 12,900 Asus routers which experienced unauthorized access issues.
Bringing this issue to light is imperative with all of the new Internet of Things (IoT) that are being created today. These IoT are items that have Bluetooth and/or WiFi capabilities. Making certain IoT’s are properly secured to minimize the risk of security gaps is imperative.
Hopefully this settlement will reinforce the importance of proper penetration testing on all products; as well as reiterate the importance of consumer security.