ASUS Settles FTC Case Over Router Security Breaches

The Internet of Things

The Internet of Things is an increasingly expanding network of physical objects that have the ability to connect to the internet. When embedded with software, everyday electronics like washing machines, lamps, and watches can have the ability to connect to the internet and communicate, allowing remote access to the object. This technology has expanded beyond commercial products and has penetrated the industrial market such as use in drills of oil rigs and optimization of supply chain networks. Additionally, consumers have the ability to hook up their houses to the Internet of Things, allowing owners remote access to their security systems and any other connected device. If these systems are compromised due to ineffective router security, there is no limit to the amount of information or data that could be at risk.

Risky ASUS Routers

Among the vulnerabilities of the ASUS routers, an attacker had the ability to remotely access the routers in order to alter security settings and configurations. This would allow the attacker to access files stored on the connected devices. According to the complaint, a hacker had the ability to bypass the password protection of these routers and make changes without the owner knowing. ASUS marketed its routers claiming it had various security features that protected customers from unauthorized access and attacks; however, the FTC claims that the company did not take the appropriate steps to ensure customer protection.

In particular, the ASUS cloud-based systems were at risk. Through ASUS’s AiCloud system, owners have the ability to plug a USB hard drive into their router and create a cloud storage device that allows them access from anywhere. By exploiting a vulnerability in the AiCloud service, a hacker could bypass the login screen and access any information stored by the owner. Additionally, the FTC’s charges stated that ASUS did not adequately encrypt consumer files that were transferred from one device to another, allowing public access to these files to anyone with an internet connection.

Settlement Terms

We’ve written previously here, about the FTC’s authority. Under the terms of its settlement with the FTC, ASUS must maintain a comprehensive security program that is subject to independently performed audits for the next 20 years. In addition to the security program, the FTC is ordering that the company educate its customers about software updates and measures they can take to prevent security flaws. One way ASUS can help educate customers is through offering direct security notices (through email, text message, etc.) to ensure its customers are adequately protected. Finally, the FTC’s order will prevent the company from making any misleading statements or claims regarding the security of its products.

Now that the Internet of Things is expanding, and potentially any electronic can be manufactured to include internet connectivity, the need for consumer protection is at an all-time high. The FTC is making an ongoing effort to protect consumers from insecure software and devices. This settlement sends a message to all producers that information and data security must be a top priority when developing their products.

For more information about the Internet of Things and staying protected, contact Revision Legal’s team of experienced Internet attorneys through the form on this page, or call 855-473-8474.

Image courtesy of Flickr user Sam Churchill.

Extra, Extra!
Recent Posts

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Does the AI-Copyright Legal Fight Represent a National Security Threat?

Copyright

The holders of copyrights for newspapers, magazines, books, and other publications are involved in numerous legal battles with owners of AI modules over alleged copyright infringement. The plaintiff copyright owners claim that the AI large language modules have been trained on huge quantities of copyrighted materials without permission and — most importantly — without payment. […]

Read more about Does the AI-Copyright Legal Fight Represent a National Security Threat?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Corporate

The owners of most small, closely-held businesses negotiate and sign some form of an “Owner’s Agreement.” An important part of such Agreements is the “Buy-Sell” provisions. These are often some of the most difficult to negotiate. The gist of the buy-sell part of the Owners’ Agreement is to establish the rules for what happens if […]

Read more about How Does Buy-Sell Insurance Work For An Owners’ Agreement?

Status on Social Media Moderation Statutes and Cases

Status on Social Media Moderation Statutes and Cases

Internet Law

Social media content moderation by technology platforms was one of the “hot” legal topics in 2023-2024. Three States — California, Texas, and Florida — passed different statutes to either require more content moderation (California) or to limit such moderation (Texas and Florida). All the statutes, in one way or another, demanded more transparency and information […]

Read more about Status on Social Media Moderation Statutes and Cases

Put Revision Legal on your side