Yesterday, Kaspersky Labs broke news that Asus has been infected by malware that it unwittingly pushed out to its own customers. Asus has responded to the news and acknowledged that it was affected, but it also disputes the number of customers that actually installed infected software.
To recap: Kaspersky Labs reported that this new attack, which it named ShadowHammer, was launched in a highly targeted effort to penetrate 600 specific PCs. More than 57,000 users of Kaspersky products have installed the backdoored utility, which was distributed directly by Asus after hackers penetrated its software and made changes to it without changing the file size or triggering other company security measures. Kaspersky estimates that one million Asus customers were impacted (the attack took place between July and November 2018). Kaspersky released an estimate of the number of affected users in each country, though it notes that this distribution could be impacted by the number of Kaspersky users in each location.
Asus has released a new version of its LiveUpdate utility, 3.68, which closes the loophole. The company also claims to have implemented “an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.”
Given the speed with which Asus deployed these fixes, it’s likely been working on them for some time. The question of whether OEMs should be in the business of providing so-called “value-added” software at all is a difficult one. This is far from the first time we’ve seen evidence of major security problems these companies bake into their own laptops as a result of badly secured software. Lenovo, Dell, Samsung, and other firms have all been burned by such issues in recent years. The software world has never found a good answer to this problem. No OEM or developer is immune to the problem of broken updates, including Microsoft, who builds the underlying OS. At the same time, the ability to deliver critical security updates on an ongoing basis is recognized as one of the best ways to keep customer machines secure.
As for who the original attacker was trying to target, or where those ~600 machines are, we don’t know. This wasn’t a random attack. Someone had very specific ideas who they wanted to hit and they knew the MAC addresses to target. That’s arguably the most concerning part of the entire affair. We still have no idea if this attack actually accomplished what it set out to do, whatever that was.
If you have an Asus laptop, make sure LiveUpdate 3.6.8 is installed. Alternatively, uninstall the entire suite of whatever utilities your laptop vendor shoved on to the laptop in the first place. You’ll probably be better off.
Hardware Accelerators May Dramatically Improve Robot Response Times
If we want to build better robots, we need them to be faster at planning their own motion. A new research team thinks it's invented a combined hardware/software deployment method that can cut existing latencies in half.
Clever OS Scheduling Partly Explains Apple M1’s Responsiveness
Some of the improved responsiveness of the M1 comes courtesy of new OS scheduling techniques.
CTS Labs Responds to Allegations of Bad Faith Over AMD CPU Security Disclosures, Digs Itself a Deeper Hole
CTS Labs CTO has written a letter addressing and defending his company's disclosure of various vulnerabilities in AMD's Ryzen CPU and chipsets, but his explanation raises more questions than it answers.
AMD Responds to CTS Labs Security Allegations, Resolutions Incoming
AMD has now responded to CTS Labs' initial findings, kicking the legs out from one of the company's defenses for its own actions in the process.