ASUS announced to us yesterday that it was the victim of a very sophisticated APT attack, trying to justify the hack of the ASUS Live Update app. But as everything shows company doesn't seem to care that much about consumer safety.
The company's announcement yesterday said:
Advanced Persistent Threat (APT) attacks are attacks at a national level and usually start from a few countries targeting certain international organizations or institutions rather than consumers.
ASUS Live Update is a proprietary tool that comes with ASUS laptops to ensure that the system always has the latest drivers and firmware from ASUS.
So a small number of devices have been found with malicious code through a sophisticated attack on Live Update servers in an effort to target a very small and specific group of users. ASUS Customer Service comes in contact with affected users and provides help in removing security risks.
Essentially what the company wants to tell us is that sophisticated APT attacks are not targeted at all consumers but in some targeted by government groups. However, ASUS Live Update is targeted and used by all consumers, and even if it publishes the company at this time, it does not change the fact that its systems have endangered millions of customers.
But let's see what the company has to say:
According to TechCrunch, the company has been warned about the loose safety of security researcher Zack Whittaker:
The security researcher warned Asus two months ago that its employees posted GitHub passwords that could be used to access the corporate network of the company.
A code πρόσβασης, που βρέθηκε σε ένα repo των εργαζομένων, επέτρεψε στον ερευνητή να αποκτήσει πρόσβαση σε έναν account email used by the company's internal developers and engineers to share applications, drivers, and tools.
This particular security breach was not directly responsible for the latest violation of ASUS Live Update, but it shows an incredible indifference to very simple security procedures.