ASUS routers knocked offline worldwide by bad security update

Gandalf_The_Grey

Level 76
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
6,506
ASUS has apologized to its customers for a server-side security maintenance error that has caused a wide range of impacted router models to lose network connectivity.

The problem has been extensively reported on social media and discussion platforms since May 16, 2023, with people appearing puzzled by the simultaneous connectivity issues on multiple ASUS routers and others complaining about the lack of communication from the vendor's side.

As the Taiwanese hardware maker explained in a statement published today and via a security bulletin, the problem was introduced by an error in the configuration of a server settings file.

"During routine security maintenance, our technical team discovered an error in the configuration of our server settings file, which could potentially cause an interruption in network connectivity on part of the routers," explains ASUS in a support bulletin.

While the company’s statement does not explicitly state what kind of error occurred and how exactly it impacted remote routers, a user on Reddit explained that the connectivity issues were caused by a corrupted definition file for ASD (ASUS AiProtection).

"Updating the firmware has pretty much universally fixed this, but so does simply resetting the router to factory defaults so long as it clears the NVRAM," explained the user on Reddit.

"In fact, any method that removes the offending file (/jffs/asd/chknvram20230516) will return the router to normal."

The ASD is a built-in security daemon supplied by Trend Micro, and it is used in a wide range of router models for real-time protection against emerging threats.

However, this component is updated regardless of whether the user has automatic security (firmware) updates enabled on their device or not.

Reportedly, the corrupted definition file for ASD was automatically pushed to all impacted routers, causing them to run out of filesystem space and memory and eventually crash.
 

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,628
Their router security and long term support has been greatly improved since.
This is why I initially thought the rather pro-famed as troublesome Trend Micro was the issue again. But apparently this ASD definitions are proprietary and not the pattern file Trend Micro distributes.
(One of the pattern files, they got few versions of it from 40 MB to 700MB).
 

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
This is why I initially thought the rather pro-famed as troublesome Trend Micro was the issue again. But apparently this ASD definitions are proprietary and not the pattern file Trend Micro distributes.
(One of the pattern files, they got few versions of it from 40 MB to 700MB).
Yeah it’s the same thing that mitigates whatever they figured out was the cause of VPNFilter. But they are very secretive about what all the ASD daemon does.
 
  • Like
Reactions: Trident

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,628
Yeah it’s the same thing that mitigates whatever they figured out was the cause of VPNFilter. But they are very secretive about what all the ASD daemon does.
Some posts online claim that it scans for malware but how credible these posts are is not certain. Also how exactly and what it scans for malware is not explained. Is this ASD actually an Anything-Sync-Daemon?
They probably maintain some security through obscurity there.
 
  • Like
Reactions: Nevi

blackice

Level 38
Verified
Top Poster
Well-known
Apr 1, 2019
2,731
Some posts online claim that it scans for malware but how credible these posts are is not certain. Also how exactly and what it scans for malware is not explained. Is this ASD actually an Anything-Sync-Daemon?
They probably maintain some security through obscurity there.
ASUS Security Daemon, I think. The only person who has a hint of how it works is RMerlin who creates the custom firmware. And I’m guessing he’s either under NDA or has a mutual understanding because he has said he cannot discuss it, but it does have to do with securing the router.
 
  • Like
Reactions: Nevi and Trident

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top