Asus patches its Wi-Fi routers’ AiCloud vulnerabilities

Asus patches its Wi-Fi routers’ AiCloud vulnerabilities

Asus is rolling out a new firmware update, version 3.0.4.372, that
addresses security holes caused by the AiCloud, a storage-based feature
available in its USB-enabled Wi-Fi routers.

Sometimes more is not better, at least for a while. Case in point: the AiCloud feature of Asus’ USB-enabled routers.

In my last review of an Asus router, the RT-AC66U, I found the device to be one of the best 802.11ac routers on the market,
which it still is now. Among other things, the router’s USB-connected
storage feature was one of the most comprehensive, offering convenient
data sharing, media streaming, and so on.

A month after my review, Asus moved to add even more to the router by
introducing the AiCloud feature on September 7 together with firmware
version 3.0.0.4.220. This feature added cloud-based sharing and
mobile-app support for the router’s USB-connected storage.
Unfortunately, at the same time, AiCloud also created a series of
vulnerabilities, first reported by security expert Kyle Lovett, that could potentially allow hackers to take control of the router remotely.

According to Lovett, it seems the best way to avoid this risk has
been to turn off the AiCloud feature, or better yet not use an external
hard drive with the router at all. That’s not the case anymore, at least
with RT-AC66U and the RT-N66U.

Asus informed me today that firmware version 3.0.4.372 patches all
AiCloud-related bugs as well as improving the functionality of both
routers.

Here’s part of the release notes for the latest firmware:

  1. Fixed AiCloud-vulnerability-related bugs.
  2. Underline “_” can now be acceptable in device name and computer name.
  3. Hide Broadcast option in PPTP VPN server when it is disabled.
  4. Fixed multicast IPTV related issues in PPPoE/PPTP/L2TP connection.
  5. Fixed parental control offset issue in IE.
  6. Fixed 3G dongle-related issue.
  7. Hide ASUS DDNS description when selecting third-party service.
  8. Fixed script error ‘invalid argument on IE.’
  9. Fixed smart-sync JS error.
  10. Fixed JST time zone issue.
  11. I tried the new firmware with the RT-AC66U and so far it has seemed
    the router is now secure with AiCloud turned on. Note that the new
    firmware was not available when I checked from within the router’s Web
    interface. In other words, I had to download it from Asus’ Web site and
    upgrade the router manually. So, here are the support links and
    available dates of the firmware for routers affected by the AiCloud
    bugs.

    If you’re not using the AiCloud feature, there’s nothing to worry
    about; if you are, make sure to turn that feature off till the router is
    updated with firmware version 3.0.4.372 or later. 

Add a Comment