ASUS, a Taiwan-based computer company, has recently agreed to settle with the Federal Trade Commission over charges stemming from insecure routers and cloud services. The complaint alleged that ASUS compromised the personal information of hundreds of thousands of consumers with hardware that failed to meet federal regulations for security. The FTC found that ASUS did not address security flaws in a timely manner and did not communicate properly the risk these flaws posed to its customers. With the rapid growth of the Internet of Things, customers have more information at risk than ever before and secure routers are pivotal in protecting that information.
The Internet of Things
The Internet of Things is an increasingly expanding network of physical objects that have the ability to connect to the internet. When embedded with software, everyday electronics like washing machines, lamps, and watches can have the ability to connect to the internet and communicate, allowing remote access to the object. This technology has expanded beyond commercial products and has penetrated the industrial market such as use in drills of oil rigs and optimization of supply chain networks. Additionally, consumers have the ability to hook up their houses to the Internet of Things, allowing owners remote access to their security systems and any other connected device. If these systems are compromised due to ineffective router security, there is no limit to the amount of information or data that could be at risk.
Risky ASUS Routers
Among the vulnerabilities of the ASUS routers, an attacker had the ability to remotely access the routers in order to alter security settings and configurations. This would allow the attacker to access files stored on the connected devices. According to the complaint, a hacker had the ability to bypass the password protection of these routers and make changes without the owner knowing. ASUS marketed its routers claiming it had various security features that protected customers from unauthorized access and attacks; however, the FTC claims that the company did not take the appropriate steps to ensure customer protection.
In particular, the ASUS cloud-based systems were at risk. Through ASUS’s AiCloud system, owners have the ability to plug a USB hard drive into their router and create a cloud storage device that allows them access from anywhere. By exploiting a vulnerability in the AiCloud service, a hacker could bypass the login screen and access any information stored by the owner. Additionally, the FTC’s charges stated that ASUS did not adequately encrypt consumer files that were transferred from one device to another, allowing public access to these files to anyone with an internet connection.
Settlement Terms
We’ve written previously here, about the FTC’s authority. Under the terms of its settlement with the FTC, ASUS must maintain a comprehensive security program that is subject to independently performed audits for the next 20 years. In addition to the security program, the FTC is ordering that the company educate its customers about software updates and measures they can take to prevent security flaws. One way ASUS can help educate customers is through offering direct security notices (through email, text message, etc.) to ensure its customers are adequately protected. Finally, the FTC’s order will prevent the company from making any misleading statements or claims regarding the security of its products.
Now that the Internet of Things is expanding, and potentially any electronic can be manufactured to include internet connectivity, the need for consumer protection is at an all-time high. The FTC is making an ongoing effort to protect consumers from insecure software and devices. This settlement sends a message to all producers that information and data security must be a top priority when developing their products.
For more information about the Internet of Things and staying protected, contact Revision Legal’s team of experienced Internet attorneys through the form on this page, or call 855-473-8474.
The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]
The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]
Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]
