Asus updates infected from the source!

Forums › Laptops and mobile computers › Asus updates infected from the source!

Batman

Mad Scientist
29760 posts

Uber Geek

Trusted

Lifetime subscriber

#248441 26-Mar-2019 19:37

https://www.tomsguide.com/us/chinese-hackers-asus-kaspersky,news-29722.html

dc2daylight

87 posts

Master Geek

#2205272 26-Mar-2019 20:02

Thanks, this is interesting... I'd emphasize to others here that this concerns firmware updates, not just the usual bloatware offerings.

It stills surprises me constantly that most semi-respected taiwanese motherboard manufacturers, still don't offer signed downloads, and many still use standard ftp even with no encryption, usually from a global server after a re-direct.

This trend of hardware attacks is only going to get worse until a major public accident or event results, and people die it would seem.

Batman

Mad Scientist
29760 posts

Uber Geek

Trusted

Lifetime subscriber

#2205298 26-Mar-2019 20:27

Not critically worried about a device I can just turn off. Imagine your self-drive Tesla (or whatever car) update is infected and not known ... then they literally have an army of 1 billion cars ready for war at the push of a button.

Jase2985

13457 posts

Uber Geek

ID Verified

Lifetime subscriber

#2205303 26-Mar-2019 20:34

Batman:

https://www.tomsguide.com/us/chinese-hackers-asus-kaspersky,news-29722.html

think you could post some content instead of just a link dump?

gzt

17104 posts

Uber Geek

Lifetime subscriber

#2205491 27-Mar-2019 08:58

Anyone using a manufacturer's image and a manufacturer's update service is double crazy.

nathan

5695 posts

Uber Geek
Inactive user

#2205492 27-Mar-2019 09:00

gzt: Anyone using a manufacturer's image and a manufacturer's update service is double crazy.

Downright lunatic here, using a Surface and Windows Update

dc2daylight

87 posts

Master Geek

#2205795 27-Mar-2019 18:12

gzt: Anyone using a manufacturer's image and a manufacturer's update service is double crazy.

Do I detect sarcasm or are you seriously suggesting people can just roll their own UEFI bios or peripheral ROM code? What would you suggest?

Open platform firmwares only work on a tiny subset of chipsets currently, and ones that more often than not are at least ten years old like the Intel ICH9 series.

epr

260 posts

Ultimate Geek

#2205825 27-Mar-2019 18:35

Batman:
Not critically worried about a device I can just turn off. Imagine your self-drive Tesla (or whatever car) update is infected and not known ... then they literally have an army of 1 billion cars ready for war at the push of a button.

Umm have Tessa produced a billion cars?

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

gzt

17104 posts

Uber Geek

Lifetime subscriber

#2205896 27-Mar-2019 21:18

nathan:
gzt: Anyone using a manufacturer's image and a manufacturer's update service is double crazy.

Downright lunatic here, using a Surface and Windows Update

Windows Operating system updates - different ; ). OEM was the word I should have used instead of manufacturer.

nathan

5695 posts

Uber Geek
Inactive user

#2206028 28-Mar-2019 05:30

gzt:
nathan:
gzt: Anyone using a manufacturer's image and a manufacturer's update service is double crazy.

Downright lunatic here, using a Surface and Windows Update

Windows Operating system updates - different ; ). OEM was the word I should have used instead of manufacturer.

Yes I'm using the OEMs image on my Surface. It's already clean out of the box :)

Benjip

943 posts

Ultimate Geek

ID Verified

#2206030 28-Mar-2019 06:58

A “state-sponsored Chinese hacking group”. Remind me again why many on here seem keen on Huawei gear for 5G?

gzt

17104 posts

Uber Geek

Lifetime subscriber

#2206357 28-Mar-2019 15:20

dc2daylight:
gzt: Anyone using a manufacturer's image and a manufacturer's update service is double crazy.

Do I detect sarcasm or are you seriously suggesting people can just roll their own UEFI bios or peripheral ROM code? What would you suggest?

Open platform firmwares only work on a tiny subset of chipsets currently, and ones that more often than not are at least ten years old like the Intel ICH9 series.

Intending to mean oem operating system image typically customised with random utility software.

Moving on, the alternative to using something like Asus Live Update utility is downloading the required patches manually and installing manually.

This isn't the first instance of oem software being compromised by random actors and it won't be the last unfortunately. The attackers were nice enough to restrict the attack to a target range of hardcoded mac addresses and avoided infecting everyone who was using the utility.