Hackers Hijacked ASUS Software Updates to Install Backdoors on Thousands of Computers

shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
SHvFl said:
People should only maintain their software only after a changelog was posted for a while
Click to expand...
I like this idea. It's a good safety check, to make sure the update is legit. A changelog won't last very long on the official site, if it was put up by hackers. On the other hand, if they did hack the updating system, they can just leave the changelog to display on the site, and upload their rogue file to replace the legit one.
 
  • Like
Reactions: JB007
SHvFl

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,344
shmu26 said:
I like this idea. It's a good safety check, to make sure the update is legit. A changelog won't last very long on the official site, if it was put up by hackers. On the other hand, if they did hack the updating system, they can just leave the changelog to display on the site, and upload their rogue file to replace the legit one.
Click to expand...
That would require for them to have access to that resource for a while and wait for a new release and then hope none notices the file got changed. I don't think anyone will accept all this risk to get a few weirdos that don't auto update.

shmu26 said:
Updates often have security fixes. Isn't the risk of unpatched software greater than the risk of update poisoning?
Click to expand...
Depends on the user. For me there is a higher risk in update poisoning as I don't download random crap to abuse the unpatched software and remote exploits are not something that will happen.
 
  • Like
Reactions: JB007 and shmu26
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
SHvFl said:
That would require for them to have access to that resource for a while and wait for a new release and then hope none notices the file got changed. I don't think anyone will accept all this risk to get a few weirdos that don't auto update.


Depends on the user. For me there is a higher risk in update poisoning as I don't download random crap to abuse the unpatched software and remote exploits are not something that will happen.
Click to expand...
Sometimes, software is discovered to be inherently flawed, For instance, Logitech recently had to patch their software for this reason
Project Zero finds Logitech Options app critically flawed
I actually had this software on my computer.
So your strategy is good for you, since you keep your system lean in the first place, and and also read the security news. But I think that for non-experts, it is better to take software updates as they are offered.

In this ASUS incident, and also the CCleaner one, the backdoor was actively used only on a small number of machines. This indicates that they are after info from a high-value target, and us little guys are relatively safe.
 
  • Like
Reactions: plat, Gandalf_The_Grey and JB007
SHvFl

SHvFl

Level 35
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Nov 19, 2014
2,344
shmu26 said:
Sometimes, software is discovered to be inherently flawed, For instance, Logitech recently had to patch their software for this reason
Project Zero finds Logitech Options app critically flawed
I actually had this software on my computer.
So your strategy is good for you, since you keep your system lean in the first place, and and also read the security news. But I think that for non-experts, it is better to take software updates as they are offered.

In this ASUS incident, and also the CCleaner one, the backdoor was actively used only on a small number of machines. This indicates that they are after info from a high-value target, and us little guys are relatively safe.
Click to expand...
I use the same logitech software but after I setup my keys and speed I remove it. Maybe your device doesn't have onboard memory to save the profile.
The more software you have the more compromised you get. It's how the game it's played and whatever you do there is a chance.
 
  • Like
Reactions: Gandalf_The_Grey, JB007 and shmu26
V

Vasudev

Level 33
Verified
Nov 8, 2014
2,228
shmu26 said:
I have an ASUS Mobo, and this gives me one more good reason to get a Gigabyte next time . Fortunately, I don't have ASUS's garbage software installed.

I assume that all the AVs will soon be detecting it.
Click to expand...
Even GB's SW was hacked and shipped with signed malware firmware.
These days we don't need tools like that because BIOS update is rarely needed!
 
  • Like
Reactions: JB007 and shmu26
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
Vasudev said:
These days we don't need tools like that because BIOS update is rarely needed!
Click to expand...
True.
Last night I looked around on the website of the two big companies in my country that sell custom-built desktops. Most builds they offer are ASUS Mobos.
 
  • Like
Reactions: Vasudev and JB007
E

Entreri

Level 7
Verified
May 25, 2015
342
I do a clean install of the OS, can't stand the bloatware.

Superb job by the hackers, taking over legitimate update servers. Almost anyone can be compromised this way.
 
  • Like
Reactions: shmu26
silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,143
ASUS releases fix for Live Update tool abused in ShadowHammer attack | ZDNet
ASUS Live Update version 3.6.8 contains the aforementioned fixes, the hardware vendor announced in a press release today.

The company said ASUS Live Update v3.6.8 "introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism."

ASUS also said it updated and strengthened its "server-to-end-user software architecture to prevent similar attacks from happening in the future."
Click to expand...
 
  • Like
  • Wow
  • +Reputation
Reactions: Der.Reisende, CyberTech, Solarquest and 4 others
DeepWeb

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
If you haven't switched to a Chromebook yet, now would be a good time.
 
  • Like
Reactions: Vasudev
B

boutthatlife

Level 1
Verified
Mar 15, 2019
33
So, I guess this is an example of when formatting the harddrive would have made no difference at all. I wish the company would have found this sooner. All that comes to mind when thinking of this ASUS situation is HP and their updating tools.

DeepWeb said:
If you haven't switched to a Chromebook yet, now would be a good time.
Click to expand...
Do you have one and is it hardened?
 
S

SUPRA

Level 3
Verified
Nov 26, 2016
109
Local Host said:
If you have problems with ASUS BIOS, you have problems with ASUS MBs in general. I actually been using ASUS MBs for over a decade and never had a single problem with their BIOS updates, in fact they one of the few MBs suppliers who actually support and update their BIOS for years.

Then again this is 2019, there are no MBs with BIOS on the market.
Click to expand...
I do agree old bios and mobos are good but the new one's are buggy there are many articles related to this...and regarding support while Intel published Spectre and meltdown update ASRock and MSI updated their 2nd gen CPU bios but Asus didn't also they have not provided windows 10 drivers update. I asked them about this they told me they only support a mobo for 3 years only...now this might be region specific but I have faced this...
 
  • Like
Reactions: Vasudev
shmu26

shmu26

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Jul 3, 2015
8,153
boutthatlife said:
So, I guess this is an example of when formatting the harddrive would have made no difference at all.
Click to expand...
Please note that the compromised software was an optional install, it was not part of the firmware. It was what many of us would call "bloatware", most people did not even install it in the first place.
 
  • Like
Reactions: ForgottenSeer 72227, silversurfer, roger_m and 2 others
V

Vasudev

Level 33
Verified
Nov 8, 2014
2,228
shmu26 said:
Thanks, I didn't know that. I have an ASUS mobo but it is a custom-built desktop. Yeah, laptops come with potentially dangerous bloatware, that's the way it is.
Click to expand...
But it can be uninstalled and that's the first I remove regardless of any laptop brands. Those aren't needed anymore but faulty firmware and updates are now shipped through windows update. Atleast Linux based capsule updates fwupdmgr does better job.
 
  • Like
Reactions: ForgottenSeer 72227 and shmu26
B

Bikeman0I17

Level 1
Verified
Sep 22, 2017
48
Got my First Asus based motherboard in my Prebuilt G11CD-K Desktop in 2017, did clean install soon as got it, only Asus software did reinstall was the Light Controller/Fan Speed controller--AEGIS III (Not even sure if reinstalling that after 1903 clean install yet or not) I might maybe, not sure
 
  • Like
Reactions: ForgottenSeer 72227, Vasudev and shmu26
silversurfer

silversurfer

Level 85
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,143
  • Like
Reactions: plat, Vasudev, roger_m and 2 others
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Wow
    • Like
    • +Reputation
ASUS routers knocked offline worldwide by bad security update
Replies
9
Views
1,597
News Archive
blackice
blackice
MuzzMelbourne
    • Like
    • +Reputation
New PowerExchange malware backdoors Microsoft Exchange servers
Replies
0
Views
960
News Archive
MuzzMelbourne
MuzzMelbourne
upnorth
    • +Reputation
    • Like
Asus Router Access, information disclosure, Denial of Service Vulnerabilities discovered
Replies
0
Views
590
News Archive
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top