Η ASUS μας ανακοίνωσε χθες ότι υπήρξε θύμα μιας πολύ εξελιγμένης επίθεσης APT, προσπαθώντας να δικαιολογηθεί για το hack της εφαρμογής ASUS Live Update. Όμως όπως όλα δείχνουν η company δεν φαίνεται να ενδιαφέρεται και τόσο πολύ για την ασφάλεια των καταναλωτών.
The company's announcement yesterday said:
Her attacks Advanced Persistent Threat (APT) are attacks that take place at a national level and are usually initiated by a few countries that target certain international organizations or agencies rather than consumers.
ASUS Live Update is a proprietary tool that comes with ASUS laptops to ensure that the system always has the latest programs drivers and firmware from ASUS.
A small number of devices have therefore been found with malicious code through a sophisticated attack on the Live Update servers in an attempt to target a very small and specific group of users. ASUS customer service is contacting affected users and providing assistance to remove the risks security.
Essentially what the company wants to tell us is that sophisticated APT attacks are not targeted at all consumers but in some targeted by government groups. However, ASUS Live Update is targeted and used by all consumers, and even if it publishes the company at this time, it does not change the fact that its systems have endangered millions of customers.
But let's see what the company has to say:
According to TechCrunch, the company has been warned about the loose safety of security researcher Zack Whittaker:
The security researcher warned Asus two months ago that its employees were posting passwords on GitHub that could be used to access the company's network the company's.
A password, found in a workers' repo, allowed the researcher to access an email account that internal developers and engineers use to share apps, drivers, and tools.
This particular security breach was not directly responsible for the latest violation of ASUS Live Update, but it shows an incredible indifference to very simple security procedures.