Asus Acknowledges, Responds to Attack but Disputes Kaspersky Numbers

Asus Acknowledges, Responds to Attack but Disputes Kaspersky Numbers

Yesterday, Kaspersky Labs broke news that Asus has been infected by malware that it unwittingly pushed out to its own customers. Asus has responded to the news and acknowledged that it was affected, but it also disputes the number of customers that actually installed infected software.

To recap: Kaspersky Labs reported that this new attack, which it named ShadowHammer, was launched in a highly targeted effort to penetrate 600 specific PCs. More than 57,000 users of Kaspersky products have installed the backdoored utility, which was distributed directly by Asus after hackers penetrated its software and made changes to it without changing the file size or triggering other company security measures. Kaspersky estimates that one million Asus customers were impacted (the attack took place between July and November 2018). Kaspersky released an estimate of the number of affected users in each country, though it notes that this distribution could be impacted by the number of Kaspersky users in each location.

Image by Kaspersky Labs
Image by Kaspersky Labs

Asus has released a new version of its LiveUpdate utility, 3.68, which closes the loophole. The company also claims to have implemented “an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.”

Given the speed with which Asus deployed these fixes, it’s likely been working on them for some time. The question of whether OEMs should be in the business of providing so-called “value-added” software at all is a difficult one. This is far from the first time we’ve seen evidence of major security problems these companies bake into their own laptops as a result of badly secured software. Lenovo, Dell, Samsung, and other firms have all been burned by such issues in recent years. The software world has never found a good answer to this problem. No OEM or developer is immune to the problem of broken updates, including Microsoft, who builds the underlying OS. At the same time, the ability to deliver critical security updates on an ongoing basis is recognized as one of the best ways to keep customer machines secure.

As for who the original attacker was trying to target, or where those ~600 machines are, we don’t know. This wasn’t a random attack. Someone had very specific ideas who they wanted to hit and they knew the MAC addresses to target. That’s arguably the most concerning part of the entire affair. We still have no idea if this attack actually accomplished what it set out to do, whatever that was.

If you have an Asus laptop, make sure LiveUpdate 3.6.8 is installed. Alternatively, uninstall the entire suite of whatever utilities your laptop vendor shoved on to the laptop in the first place. You’ll probably be better off.

Continue reading

Hardware Accelerators May Dramatically Improve Robot Response Times
Hardware Accelerators May Dramatically Improve Robot Response Times

If we want to build better robots, we need them to be faster at planning their own motion. A new research team thinks it's invented a combined hardware/software deployment method that can cut existing latencies in half.

Clever OS Scheduling Partly Explains Apple M1’s Responsiveness
Clever OS Scheduling Partly Explains Apple M1’s Responsiveness

Some of the improved responsiveness of the M1 comes courtesy of new OS scheduling techniques.

CTS Labs Responds to Allegations of Bad Faith Over AMD CPU Security Disclosures, Digs Itself a Deeper Hole
CTS Labs Responds to Allegations of Bad Faith Over AMD CPU Security Disclosures, Digs Itself a Deeper Hole

CTS Labs CTO has written a letter addressing and defending his company's disclosure of various vulnerabilities in AMD's Ryzen CPU and chipsets, but his explanation raises more questions than it answers.

AMD Responds to CTS Labs Security Allegations, Resolutions Incoming
AMD Responds to CTS Labs Security Allegations, Resolutions Incoming

AMD has now responded to CTS Labs' initial findings, kicking the legs out from one of the company's defenses for its own actions in the process.