Another day, another manufacturer default firmware issue revealed. This time it was Asus and some of its most popular routers including the RT-AC87U and the RT-N66U.
On approximately Jan. 4, a backdoor exploit was published for Asus routers. It is unknown at this time how long this exploit was known by Asus or hackers.
It appears that the issue is located in infosvr service, generally used to help the administrators find and configure ASUS routers on a network segment.
According to the github post by jduck,
Several models of ASUS’s routers include a service called infosvr that listens on UDP broadcast port 9999 on the LAN or WLAN interface. It’s used by one of ASUS’s tools to ease router configuration by automatically locating routers on the local subnet. This service runs with root privileges and contains an unauthenticated command execution vulnerability.
The following Asus models were confirmed as vulnerable:
RT-AC87U – Firmware version: 18.104.22.168.378_3754
RT-N66U – Firmware version: 22.214.171.124.376_1071-g8696125
RT-N56U – Firmware version: 126.96.36.199.374_5656
Yet it likely other Asus routers affected but their firmwares that have not yet been tested or confirmed. The github post states: “Currently, all known firmware versions for applicable routers (RT-AC66U, RT-N66U, etc.) are assumed vulnerable.”
And what does this problem mean for users? Basically, anyone connected to the local network can gain control by sending a single protocol packet to the router. To be clear, in order to exploit this someone would need to have access to your local network.
What To Do to Get Ahead of the Router Firmware Exploit Curve?
While manufacturers create excellent hardware, it appears that often times that fatal flaw is the limiting, ill-performing firmware installed that allows the router to be used to its max capabilities. Lucian Constantin at PCWorld explains why the frequency of router exploits has exploded:
Routers are valuable targets for attackers, because they provide them with a foothold inside networks from where they can attack other devices. A router compromise is much harder to detect than a PC infection, because there are no antivirus programs running on such devices.
By controlling routers attackers gain the ability to intercept, inspect and modify incoming and outgoing Internet traffic for all devices that connect through them. Among other things, they can strip SSL from secure traffic and use DNS hijacking techniques to misrepresent legitimate websites.
He then goes on to suggest installing custom firmware but warns “… it should be noted that installing custom firmware can void the device warranty and should only be done by users who understand and accept all the risks associated with this procedure, including the possibility that their device might be damaged.”
So how can you get the best of both worlds? Well it just so happens that all Asus FlashRouters ship with this custom firmware solution already completely installed, with warranty and support options unavailable anywhere else for custom open-source firmware solutions like DD-WRT or TomatoUSB.
Already have an Asus router and want help upgrading the firmware? Our team of experts offer remote flashing and setup assistance via worldwide custom-firmware flashing and VPN setup support plans for a large array of Asus WiFi Routers.
Asus Firmware Backdoor Fixes
Yes, Asus has worked harder than some router manufacturers to keep on top of these issues and gets some excellent work right out of the open-source firmware community from users and developers like Eric Sauvageau AKA Merlin.
But, ArsTechnica wrote, “Unless Asus releases a patch, there’s little non-technical users can do to close the hole. More technically inclined people can use the vulnerability itself to turn off infosvr after each reboot.”
If you are one of those technically inclined, we suggest visiting the Github page for the latest workarounds or updates. Still, our recommendation as a long-term solution is upgrading to an enhanced, custom firmware routing device to hopefully prevent this type of upgrade scramble in the future and not have to wait for a manufacturer update.