Vulnerability in AsusWRT could have jeopardized thousands of users data

Vulnerability in AsusWRT could have jeopardized thousands of users data
We may receive commissions for purchases made through links on our website. We appreciate your support.

A leak in AsusWRT which could have jeopardized thousands of users privacy using ASUS Routers even in a place as safe as home. Thanks to vpnMentors research team who discovered the leak and reported to ASUS, hence it was swiftly fixed by ASUS.

AsusWRT is a graphical interface app that combines withan Asus router to create a private Wi-Fi network in a users home.This grants an AsusWRT user complete control over their network and any devices connected to it.

The leak in question in could be a win-win situation for hackers, as AsusWRT is a centralized access point for all the devices in your home that is connected to internet through ASUS, which includes Mobiles, Computers, or any other IoT devices.

Discovered and fixed

The leak in AsusWRT was discovered by vpnMentors research team, led by Noam Rotem and Ran Locar.

It was discovered on 15 September 2019 and was reported to Asus on the same day, and swiftly fixed by Asus within same day.

Examples of Entries in the Database

While no personally identifiable information (PII) data was viewable in the AsusWRT database,the leak still allowed access to highly sensitive user information and was a goldmine for hackers.

The user data vpnMentor included:

  • IP Address
  • Users name
  • Device Name (John Does iPhone)
  • Usage information, IFTTT commands
  • Longitude & Latitude coordinates
  • Location: Country & City
  • Commands(?)

The leakaffected AsusWRT users across the globe,with user data available from every continent.

By cross-referencing the leaked data with publicly available information,hackers can easily identify a users identity and address.For example, using someones longitude & latitude coordinates and IP address, a hacker could pinpoint users physical street address.

The other data available, such as the device name, eg. John Does iPhone, and Wi-Fi name, would confirm the address.

Possible Impact

If hackers managed to breach in through the leak they could have access every internet devices connected to AsusWRT. Thus, giving hackers unprecedented access to a users home network and the ability to hijack devices therein, including Amazon Alexa.

Thus, it could have resulted in

  • Device Takeover
  • Robbery
  • Various Forms of Fraud
  • Sensitive information

How to avoid it?

If you are using AsusWRT and feels like you have been compromised, contact ASUS immediately.

In the meantime vpnMentor suggests that you uninstall AsusWRT and disconnect your device from the network, you can reconnect them after removing AsusWRT. After Asus releases a patch, you can safely install it back again.