Asus update tool hacked, allowed access to millions of computers

posted Sunday Mar 31, 2019 by Scott Ertz

Computer manufacturers and users are definitely getting more sophisticated. Manufacturers, as well as Microsoft and Apple themselves, continue to produce more sophisticated tools to prevent hackers from gaining access to your computer. Users are getting smarter about which sites and emails they interact with, preventing attacks. With a more sophisticated computer user must come a more sophisticated hacker, and we have definitely seen a growth in that area. This week, Asus was the target of an incredibly advanced attack, putting computer owners at risk.

According to Russian security firm Kaspersky, a supply chain attack had been carried out using the ASUS Live Update Utility. Using a flaw in the utility, hackers opened a back door into any computer that had downloaded the tool. Kaspersky said that 57,000 of their users have downloaded the compromised tool, but that represented only a small portion of the Asus customer-base. They believe that as many as a million computers may have this backdoor installed.

ShadowHammer, as the attack has been called, is certainly a sophisticated one. The software was able to bypass initial detection because it was signed using an official Asus security certificate. For most, that would be enough to believe it is legitimate. In addition, the hackers managed to make the file exactly the same size as the original file which it replaced.

While many computers are likely compromised, it would appear that the actual usage of the exploit was incredibly targeted. It appears that only 583 MAC addresses were targeted, representing computers within large organizations. The affected computers are almost exclusively owned by ASUSTek, Intel, and AzureWave Technologies, with only 70 affected computers being owned by anyone else. That does not mean that users should not be concerned about this hack. This is not the first time that a company's update utility had been compromised, and it will not be the last.

F5 Live: Refreshing Technology

March 31, 2019 - Episode 524

Sunday Mar 31, 2019 (01:21:25)

Description

This week, Asus customers are under attack, Google customers are under surveillance, and Apple customers are under pressure to subscribe.

Participants

Scott Ertz

Host

Scott is a developer who has worked on projects of varying sizes, including all of the PLUGHITZ Corporation properties. He is also known in the gaming world for his time supporting the rhythm game community, through DDRLover and hosting tournaments throughout the Tampa Bay Area. Currently, when he is not working on software projects or hosting F5 Live: Refreshing Technology, Scott can often be found returning to his high school days working with the Foundation for Inspiration and Recognition of Science and Technology (FIRST), mentoring teams and helping with ROBOTICON Tampa Bay. He has also helped found a student software learning group, the ASCII Warriors, currently housed at AMRoC Fab Lab.

Avram Piltch

Host

Avram's been in love with PCs since he played original Castle Wolfenstein on an Apple II+. Before joining Tom's Hardware, for 10 years, he served as Online Editorial Director for sister sites Tom's Guide and Laptop Mag, where he programmed the CMS and many of the benchmarks. When he's not editing, writing or stumbling around trade show halls, you'll find him building Arduino robots with his son and watching every single superhero show on the CW.

Opening

Powered by TeknoAXE

Nifty Gifties

Powered by Microsoft Store

Asus update tool hacked, allowed access to millions of computers

Piltch Point with Avram Piltch

Powered by Newegg.com

Extra Life

Powered by Razer

After years of partnership, Valve is ready to build its own VR headset

Valve, the gaming company behind the Steam game distribution platform and popular games like Portal, has been involved in the virtual reality market for the past few years. The SteamVR platform has been as popular for VR games as Steam has been for PC gaming. But, they have relied on a partnership with HTC to produce the HTC Vive hardware as the primary VR headset for SteamVR. That is about to change, however, as Valve is ready to enter the hardware space once again.

News From the Tubes

Powered by RiffTrax

Google's questioned in policy of scanning and reporting content

It is no secret that online privacy is quickly dissolving. Some of this has been care of the general nature of companies like Facebook, whose platforms are based around you giving someone else your personal information for public consumption. More recently, however, some of the big tech companies have been getting involved with the government to not only invade your privacy but to violate the 4th Amendment of the US Constitution.

* DRM Not Included

Powered by Amazon Prime

Apple announces TV+ and News+ services for video and magazines

This week, the long-awaited Apple video streaming service was finally unveiled. Adding to that, the company also showed off a second subscription service for newspapers and magazines. The New York Times had already given us a small taste of what that might be when they warned publishers to avoid it.

Asus update tool hacked, allowed access to millions of computers - The UpStream

F5 Live: Refreshing Technology

March 31, 2019 - Episode 524

Sunday Mar 31, 2019 (01:21:25)

Email

Password