ASUSGATE: A story about thousands of crimeless victims

Feb 2nd, 2014
  1. ASUSGATE: A story about thousands of crimeless victims
  2. Life is full of joy and woe. This story is about woe.
  4. ASUSTeK Computer Inc (ASUS) have spent the better part of a year ignoring the fact that their RT-series routers suffer from two CRITICAL security vulnerabilities.
  5. 1. Default setting for the ftp-server was to allow anonymous login. ASUS calls this feature “limitless access rights”. We call this madness.
  6. 2. AiCloud usernames and passwords were stored in plaintext in a file available for download without logging in. We call this insanity.
  8. Not only did they ship RT-routers with these vulnerabilities and ignore Kyle Lovetts emails and phonecalls informing them about them. They also failed to provide firmware upgrades where these vulnerabilities were removed for another SIX months. Did they even perform security audits on their products before releasing them? Considering the use of plain-text storage of login credentials we have a really hard time believing they did.
  9. This is not rocket surgery. Anyone with the slightest knowledge or interest in “security” would know this is unforgivable.
  10. Vulnerability #1 (FTP) gives EVERYONE on the internet access to attached USB storage making it possible to download and upload files. You do not need an untamed imagination to realize the implications this has.
  12. This madness must end and it must end now. ASUS have failed their customers. The internet service providers should all have scanned their networks and warned affected users about this. Did they?
  14. This release includes
  15. - IP-addresses to 12937 ASUS routers with vulnerable FTP and/or AiCloud.
  16. - 6536 complete and 3605 partial lists of files shared from these ASUS routers.
  17. - AiCloud login credentials to 3131 ASUS routers.
  19. We are sorry for exposing innocents in this manner. But this world need to change and change is only possible through revolution and revolution has to come from the people. Because this world is run by bandits who do not give a fuck while they watch the world burn. No fucks given. Lots of cash made. More cash made. Still no fucks given.
  21. You can continue to not give a fuck about your customers. We will watch you create new stories about woe. And we will most certainly write about them.
  23. Feel free to spread this. We want to see you talk about this. Use #ASUSGATE on Twitter.
  25. With regards,
  26. The Brothers Grim
  27. Chuck Palahniuk
  28. Gargamel
  29. Debra Morgan
  30. Gollum
  31. Voldemort
  32. Skeletor
  33. Duke Igthorn
  35. Kyle Lovetts Bug Report, filed June 22 2013.
  38. magnet:?xt=urn:btih:6FCF511F9C15D0895981657BF6174C4D45C6D64C&dn=ASUSGATE&
