[TC] Hackers dropped a secret backdoor in Asus’ update software - Overclock.net - An Overclocking Community

Forum Jump: 

[TC] Hackers dropped a secret backdoor in Asus’ update software

Reply
 
Thread Tools
post #1 of 37 (permalink) Old 03-25-2019, 11:04 AM - Thread Starter
Retired Staff
 
JedixJarf's Avatar
 
Join Date: Dec 2010
Location: Coruscant
Posts: 9,345
Rep: 304 (Unique: 243)
[TC] Hackers dropped a secret backdoor in Asus’ update software

Quote:
Hackers targeted and compromised “hundreds of thousands” of Asus computer owners by pushing a backdoored update software tool from the company’s own servers.

The bombshell claims, first reported by Motherboard, said the hackers digitally signed the Asus Live Update tool with one of the company’s own code-signing certificates before pushing it to Asus’ download servers, which hosted the backdoored tool for months last year. The malicious updates were pushed to Asus computers, which has the software installed by default.
Time to fire up that old AV scanner

https://techcrunch.com/2019/03/25/asus-update-backdoor/


JedixJarf is offline  
Sponsored Links
Advertisement
 
post #2 of 37 (permalink) Old 03-25-2019, 11:44 AM
New to Overclock.net
 
Laysson's Avatar
 
Join Date: Dec 2012
Posts: 265
Rep: 5 (Unique: 5)
So first, they mine with your hardware, then, they infect it ? seriously...
Laysson is offline  
post #3 of 37 (permalink) Old 03-25-2019, 12:48 PM
Tetrapyloctomist
 
Aenra's Avatar
 
Join Date: Feb 2017
Posts: 1,344
Rep: 18 (Unique: 17)
This is rather amusing
We've been saying this for literally decades.. if it's not broken, you don't try fixing it.
Not only do people fail to live by this, they actually allow for "live" updates; c'est la vie ^^

Forgive me for failing to sympathise.
The easiest thing to exploit is your own tendency to be just like the other monkey right next door, block, or city.

I'd be more interested in how this all went down, though am sure it would be over my head.

Pride, honour and purity.
Aenra is offline  
Sponsored Links
Advertisement
 
post #4 of 37 (permalink) Old 03-25-2019, 12:56 PM
Old to Overclock.net
 
xJumper's Avatar
 
Join Date: Jan 2008
Posts: 1,954
Rep: 107 (Unique: 95)
Does this have anything to do with Asus motherboard BIOS updates? Whenever I update those I download the .cap file on a USB key and install it manually instead of using the ethernet BIOS ability to download it straight from ASUS servers.

362436
(15 items)
CPU
AMD Ryzen 5 1600
Motherboard
Asus Prime X370-A AMD Ryzen AM4 DDR4
GPU
Gigabyte GeForce GTX 950
RAM
2x Corsair Valueselect 8GB 288 Pin DDR4 SDRAM DDR4 @ 2133
Hard Drive
Corsair Force LS 2.5" 120GB SATA III MLC SSD
Optical Drive
Lite-On 24X SATA DVD/RW Optical Drive
Power Supply
Corsair RM550x 550W 80 Plus Gold
Cooling
Noctua NH-L9A-AM4 Low-Profile
Case
Antec NSK4100 Steel ATX Mid Tower
Operating System
Mint 18.2 x64
Monitor
HP 24" LCD/LED 1920x1080
Keyboard
IBM PC-AT
Mouse
Logitech G5
Audio
Sennheiser HD650
Audio
Asus Essence STX II
▲ hide details ▲


xJumper is offline  
post #5 of 37 (permalink) Old 03-25-2019, 01:52 PM
Waiting for 10 and 7nm
 
tpi2007's Avatar
 
Join Date: Nov 2010
Posts: 10,908
Rep: 870 (Unique: 494)
One more source, it seems that Asus doesn't come out of this looking very well:

https://www.zdnet.com/article/supply-chain-attack-installs-backdoors-through-hijacked-asus-live-update-software/

Quote:
Kaspersky informed ASUS of the supply chain attack at the end of January. However, Motherboard reports that the PC giant has "been largely unresponsive" since meeting with Kaspersky representatives on this issue.

ASUS denied its servers were compromised when informed of the findings and continued to use one of the compromised certificates involved in the attack for at least a month after notification. The Taiwanese firm has since stopped, but the certificates are yet to be revoked.

The attack has been confirmed by Symantec. ZDNet has not received a response from queries sent to ASUS at the time of writing.

Is your CPU bottlenecking your GPU ? Find out: CPU and GPU usage along with FPS in-game
Read my reviews here.
Clubs (founder): The rare / unusual CPU club
Clubs (member): Corsair Professional HX / AX Series PSU Owners Club || The Official Cooler Master HAF X/932/922/912(+) Club
CPU
Core i7-3820
Motherboard
Asus Sabertooth X79
GPU
MSI GTX 1060 6 GB Gaming X
RAM
16 GB Corsair DDR3 1866 Mhz Dominator
Hard Drive
Samsung SSD 830 128GB + WD Caviar Black 2TB
Optical Drive
Sony Optiarc DVD-RW
Power Supply
Corsair AX750 Professional Modular 80 Plus Gold
Cooling
Corsair A70 + Noiseblocker M12-P
Case
Cooler Master HAF 912 Plus
Operating System
Windows 7 Home Premium 64-bit
Monitor
BenQ RL2455HM
Keyboard
Cooler Master Octane
Mouse
Cooler Master Octane
▲ hide details ▲



Last edited by tpi2007; 03-25-2019 at 01:55 PM.
tpi2007 is offline  
post #6 of 37 (permalink) Old 03-25-2019, 04:43 PM
New to Overclock.net
 
Kree's Avatar
 
Join Date: Sep 2013
Posts: 157
Rep: 6 (Unique: 5)
Does anyone have the ASUS Press Release about this? or have they yet to release one?

Quote:
Retired and Content
Kree is offline  
post #7 of 37 (permalink) Old 03-25-2019, 05:16 PM
It Just Works
 
TFL Replica's Avatar
 
Join Date: Oct 2008
Posts: 14,874
It's not like the live update tool is anything special or complicated. They should just open-source it.


TFL Replica is offline  
post #8 of 37 (permalink) Old 03-25-2019, 05:55 PM
New to Overclock.net
 
Kree's Avatar
 
Join Date: Sep 2013
Posts: 157
Rep: 6 (Unique: 5)
Quote: Originally Posted by TFL Replica View Post
It's not like the live update tool is anything special or complicated. They should just open-source it.
Is the ASUS Live Update Tool incorporated into MS Windows 10 Updater or is it a standalone executable that comes preinstalled on ASUS manufactured systems and/or a part of the ASUS motherboard installer discs?

Quote:
Retired and Content
Kree is offline  
post #9 of 37 (permalink) Old 03-25-2019, 08:00 PM
New to Overclock.net
 
8051's Avatar
 
Join Date: Apr 2014
Posts: 2,600
Rep: 21 (Unique: 15)
I wonder how they overwrote the existing Asus Live Update Tool w/their backdoor code? Anyone running a webserver or a firewall should not only be able to prevent files being uploaded from external IP addresses but prevent overwriting of existing files right? Unless it was manipulated from someone inside Asus's corporate network? But even then wouldn't you also need the necessary file/account privileges on the server?
8051 is offline  
post #10 of 37 (permalink) Old 03-25-2019, 08:30 PM
Otherworlder
 
epic1337's Avatar
 
Join Date: Feb 2011
Posts: 7,164
Rep: 213 (Unique: 121)
Quote: Originally Posted by 8051 View Post
I wonder how they overwrote the existing Asus Live Update Tool w/their backdoor code? Anyone running a webserver or a firewall should not only be able to prevent files being uploaded from external IP addresses but prevent overwriting of existing files right? Unless it was manipulated from someone inside Asus's corporate network? But even then wouldn't you also need the necessary file/account privileges on the server?
a compromised administration account would allow all that.

trolling an adult is very dangerous, don't try it at home nor at work. you don't want to play tag with a rabid man.
epic1337 is online now  
Reply

Quick Reply
Message:
Options

Register Now

In order to be able to post messages on the Overclock.net - An Overclocking Community forums, you must first register.
Please enter your desired user name, your email address and other required details in the form below.
User Name:
If you do not want to register, fill this field only and the name will be used as user name for your post.
Password
Please enter a password for your user account. Note that passwords are case-sensitive.
Password:
Confirm Password:
Email Address
Please enter a valid email address for yourself.
Email Address:

Log-in



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Show Printable Version Show Printable Version
Email this Page Email this Page


Forum Jump: 

Posting Rules  
You may post new threads
You may post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off