Data on thousands of hard drives connected to its router Asus are easily accessible from the Internet due to unsafe default settings, according to tests conducted by PC World Norway specialists.
The Broadband Routers with USB ports that allow users to connect external hard drives directly to the router are becoming more and more common. Shared space accessible over the internet using protocols such as FTP is quite useful but has significant security risks.
If the products are not set up correctly, personal data is exposed to anyone with basic technical knowledge. Several incidents have already been reported with people using its router Asus.
The problem it starts with how the routers are configured. Access to an external hard drive, which is connected via USB to a router using FTP, can be enabled manually or using the wizard. In both cases, however, they leave the router exposed.
The wizard lets the user choose between 3 settings, the default unlimited access with options for permissions, limited access and admin permissions, with little information on what each one means. Also, limited access permissions include an option that creates a user named 'family' and suggests the family password instead of asking each user to create their own password.
This issue affects users worldwide including users in the US. The strange thing is that these routers passed all the tests security which Asus uses without any problem.
To solve the problem the company develops a firmware update which will be distributed worldwide thus making the security settings clearer.
We thank her warmly SecTeam @Walkin.
