ASUS, a Taiwan-based computer company, has recently agreed to settle with the Federal Trade Commission over charges stemming from insecure routers and cloud services. The complaint alleged that ASUS compromised the personal information of hundreds of thousands of consumers with hardware that failed to meet federal regulations for security. The FTC found that ASUS did not address security flaws in a timely manner and did not communicate properly the risk these flaws posed to its customers. With the rapid growth of the Internet of Things, customers have more information at risk than ever before and secure routers are pivotal in protecting that information.
The Internet of Things
The Internet of Things is an increasingly expanding network of physical objects that have the ability to connect to the internet. When embedded with software, everyday electronics like washing machines, lamps, and watches can have the ability to connect to the internet and communicate, allowing remote access to the object. This technology has expanded beyond commercial products and has penetrated the industrial market such as use in drills of oil rigs and optimization of supply chain networks. Additionally, consumers have the ability to hook up their houses to the Internet of Things, allowing owners remote access to their security systems and any other connected device. If these systems are compromised due to ineffective router security, there is no limit to the amount of information or data that could be at risk.
Risky ASUS Routers
Among the vulnerabilities of the ASUS routers, an attacker had the ability to remotely access the routers in order to alter security settings and configurations. This would allow the attacker to access files stored on the connected devices. According to the complaint, a hacker had the ability to bypass the password protection of these routers and make changes without the owner knowing. ASUS marketed its routers claiming it had various security features that protected customers from unauthorized access and attacks; however, the FTC claims that the company did not take the appropriate steps to ensure customer protection.
In particular, the ASUS cloud-based systems were at risk. Through ASUS’s AiCloud system, owners have the ability to plug a USB hard drive into their router and create a cloud storage device that allows them access from anywhere. By exploiting a vulnerability in the AiCloud service, a hacker could bypass the login screen and access any information stored by the owner. Additionally, the FTC’s charges stated that ASUS did not adequately encrypt consumer files that were transferred from one device to another, allowing public access to these files to anyone with an internet connection.
Settlement Terms
We’ve written previously here, about the FTC’s authority. Under the terms of its settlement with the FTC, ASUS must maintain a comprehensive security program that is subject to independently performed audits for the next 20 years. In addition to the security program, the FTC is ordering that the company educate its customers about software updates and measures they can take to prevent security flaws. One way ASUS can help educate customers is through offering direct security notices (through email, text message, etc.) to ensure its customers are adequately protected. Finally, the FTC’s order will prevent the company from making any misleading statements or claims regarding the security of its products.
Now that the Internet of Things is expanding, and potentially any electronic can be manufactured to include internet connectivity, the need for consumer protection is at an all-time high. The FTC is making an ongoing effort to protect consumers from insecure software and devices. This settlement sends a message to all producers that information and data security must be a top priority when developing their products.
For more information about the Internet of Things and staying protected, contact Revision Legal’s team of experienced Internet attorneys through the form on this page, or call 855-473-8474.
There are some significant changes coming to the United States Patent and Trademark Office (USPTO) that will affect trademark filings beginning January 18, 2025. These changes include the introduction of the Trademark Center, new fees, and revised application requirements. Here is an overview of the key changes: The USPTO will retire the TEAS system, which […]
In today’s competitive e-commerce landscape, automated decision-making technology is becoming more and more important. From personalized product recommendations to targeted advertising and streamlined logistics, these systems help ecommerce businesses adapt and grow. But new regulations are on the horizon, and these changes could reshape the way e-commerce businesses use automation. The California Privacy Protection Agency […]
The Federal Trade Commission (FTC) has issued final amendments to its trade regulation rule concerning negative option plans, also known as the “click to cancel rule.” This rule aims to address widespread deceptive practices that prohibit customers from cancelling services in the same manner in which they signed up. Here’s a detailed summary of the […]