The US Federal Trade Commission has come down hard on ASUS for putting consumers at risk from router and cloud security failings.
Taiwan-based computer maker AsusTek has agreed to be audited for the next 20 years to settle charges from the US Federal Trade Commission that its "failure to employ reasonable security practices has subjected consumers to substantial injury".
The security audits, to be conducted by an independent third party, are just one of several measures ASUS must accept for misrepresenting the security of its routers and cloud services, AiCloud and AiDisk...
...The regulator noted that Asus claimed its routers had security features that could protect computers and local networks from hackers and virus attacks, yet failed to deliver patches in a timely fashion and didn't notify customers of the risks these flaws posed.
For example, the FTC accused ASUS of allowing users to retain default log credentials for the AiDisk FTP server of 'admin' for both username and password, as well as failing to inform consumers of methods to avoid unintentionally exposing sensitive personal information.
Hackers in 2014 were able identify thousands of vulnerable ASUS routers and, using flaws in AiCloud and AiDisk, accessed attached USB storage devices to save a text file that warned: "Your Asus router and your documents can be accessed by anyone in the world with an internet connection." ...
Read more: ASUS hit by FTC with 20-year audit for bungled router security | ZDNet