A default setting in Asus Routers allows an attacker to remotely access data archived on a USB media storage connected to the devices.
Swedish users reported an alleged vulnerability in Asus Routers that allows an attacker to remotely access data archived on a USB media storage directly connected to the devices.
Asus and many routers manufacturers offer the possibility to directly connect USB removable media to store and retrieved data within the computer network.
The data stored on a USB hard disk could be shared between computers on the same network or could be available on the Internet and accessible through the FTP protocol. Many Asus devices implement the AiDisk utility to enable the FTP server function, the feature is easily configurable from the administrator panel of the router.
The list of ASUS Routers which implement this feature included the following models:
Is it a vulnerability, or is it a feature implemented to allow the publication of user’s data on an FTP server?
The real problem is that enabling the AiDisk utility the device is configured to share data publicly on Internet, its default configuration gives complete control of the files on the storage.
The colleagues at THN demonstrated how it is possible to use SHODAN search engine to find ASUS routers poorly configured, thousand of Storage Disk using Asus Routers with no password or having default settings.
The access to the data present on the devices is quite easy, use the ftp protocol and the IP address retrieved from Shodan i.e. ftp://ipaddress/.
Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer.
Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US.
Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines.
Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.