ASUS Settles With FTC After Selling Inadequately Secured Wireless Routers
The FTC alleges that ASUS put "hundreds of thousands" of users at risk because they were oblivious to some serious security holes that plagued the most important piece of equipment on their network. Some of these issues were tied to cloud software bundled with the router, but that's not all. The FTC mentions that bugs in some router control panels would allow attackers to change settings without the consumer's knowledge, and last April, a security researcher found an exploit campaign that actually took advantage of the vulnerabilities to commandeer Internet traffic.
As a result of these issues, the FTC has ordered that ASUS establish and maintain a security program that audits the company's networking products and will last for at least 20 years. Yes, "20 years" - something that proves that the FTC isn't kidding around here. While ASUS isn't in a great spot being square in the crosshairs of the FTC, this kind of action is important for consumers, as it will force vendors to take our security (and privacy) more seriously.
This isn't the first time the FTC has handled issues like these; way back in 2013, TRENDnet was pegged for an even more severe issue: insecure IP cameras. In that particular case, people could gain access to other people's cameras, and in effect spy or monitor them. It doesn't get much creepier than this, and fortunately, TRENDnet has learned its lesson and has been smarter about the software on its current IP camera line.
According to the FTC, "This matter is part of the FTC’s ongoing effort to ensure that companies secure the software and devices that they provide to consumers." Let's hope that causes companies who got lucky to not be in ASUS' position to doubly ensure that their own networking products are as secure as possible.