A vulnerability is affecting ASUS routers from the private sector to the federal government, allowing remote access. Luckily, the solution falls in the realm of classic help desk duties.
That’s according to a report from the group GreyNoise Intelligence, who uncovered the backdoor access in March but refrained from revealing it publicly until ASUS could notify government agencies who might be compromised by the vulnerability.
GreyNoise Senior Researcher Matthew Remacle, who was the lead on the ASUS research, told IT Brew that attackers are exploiting the routers to allow themselves a backdoor to control connected devices.
“They are leveraged to install an attacker-controlled SSH public key into these ASUS routers, essentially giving explicit access to an attacker to these machines so that they can manipulate them,” Remacle said.
The vulnerability still affects thousands of machines. While ASUS has since released a firmware update, that’s not enough to handle the threat—GreyNoise recommends a factory reset of devices to allow for removing the threat completely; it’s unclear how many devices have done so. ASUS did not respond to a request for comment.
Wiped clean. A hard reset is daunting, but necessary. Human intervention is sometimes required to get systems back online, as CrowdStrike users found in July 2024 when the company’s update caused the “blue screen of death” that shut down airlines and other critical infrastructure. For ASUS users, be it an individual or organization, those who are affected by the exploit and don’t have the IT capabilities in house to manage the potential loss of data are on the back foot, Remacle said.
“There is no existing documentation and clear workflows of how to root out this malware that may have propagated for the past two months,” Remacle said. “If you’ve reset your router, there are clear documentation steps of how to do the initial setup.”
That’s the key difference, he noted, part of a process that GreyNoise recommends to manage the possibility of nagging malware. The NV RAM module isn’t cleared when your device is powered off, necessitating the “nuclear” option of erasing the data.
“It clears that entire section of memory such that you can go back to your initial state,” Remacle said. “You have rooted out, not only any potential threat, but you have also rooted out all of your configurations. And we can promise that that will work.”
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.