Asus Acknowledges, Responds to Attack but Disputes Kaspersky Numbers

Asus Acknowledges, Responds to Attack but Disputes Kaspersky Numbers

Yesterday, Kaspersky Labs broke news that Asus has been infected by malware that it unwittingly pushed out to its own customers. Asus has responded to the news and acknowledged that it was affected, but it also disputes the number of customers that actually installed infected software.

To recap: Kaspersky Labs reported that this new attack, which it named ShadowHammer, was launched in a highly targeted effort to penetrate 600 specific PCs. More than 57,000 users of Kaspersky products have installed the backdoored utility, which was distributed directly by Asus after hackers penetrated its software and made changes to it without changing the file size or triggering other company security measures. Kaspersky estimates that one million Asus customers were impacted (the attack took place between July and November 2018). Kaspersky released an estimate of the number of affected users in each country, though it notes that this distribution could be impacted by the number of Kaspersky users in each location.

Image by Kaspersky Labs
Image by Kaspersky Labs

Asus has released a new version of its LiveUpdate utility, 3.68, which closes the loophole. The company also claims to have implemented “an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.”

Given the speed with which Asus deployed these fixes, it’s likely been working on them for some time. The question of whether OEMs should be in the business of providing so-called “value-added” software at all is a difficult one. This is far from the first time we’ve seen evidence of major security problems these companies bake into their own laptops as a result of badly secured software. Lenovo, Dell, Samsung, and other firms have all been burned by such issues in recent years. The software world has never found a good answer to this problem. No OEM or developer is immune to the problem of broken updates, including Microsoft, who builds the underlying OS. At the same time, the ability to deliver critical security updates on an ongoing basis is recognized as one of the best ways to keep customer machines secure.

As for who the original attacker was trying to target, or where those ~600 machines are, we don’t know. This wasn’t a random attack. Someone had very specific ideas who they wanted to hit and they knew the MAC addresses to target. That’s arguably the most concerning part of the entire affair. We still have no idea if this attack actually accomplished what it set out to do, whatever that was.

If you have an Asus laptop, make sure LiveUpdate 3.6.8 is installed. Alternatively, uninstall the entire suite of whatever utilities your laptop vendor shoved on to the laptop in the first place. You’ll probably be better off.

Continue reading

Intel May Change Its Process Node Numbering to Align With TSMC, Samsung
Intel May Change Its Process Node Numbering to Align With TSMC, Samsung

Intel is reportedly considering a change to how it reports its process node sizes. It may be a good idea.

Xiaomi Overtakes Apple to Become World’s Number Two Smartphone Maker
Xiaomi Overtakes Apple to Become World’s Number Two Smartphone Maker

That leaves Samsung to battle Xiaomi for the top spot. Based on the company's impressive growth rate, it may only be a matter of time before it overtakes Samsung as well.

Musk Puts Twitter Deal on Hold Until It Proves Bot Numbers
Musk Puts Twitter Deal on Hold Until It Proves Bot Numbers

Weeks after tweeting his way to a preliminary agreement to buy the social media site for $44 billion, Musk is now casting doubt on the deal (via tweet), saying that he first needs to verify Twitter's bot count is really as low as it claims.

Nvidia’s Latest 40-Series Teaser Hints at Jaw-Dropping Numbers
Nvidia’s Latest 40-Series Teaser Hints at Jaw-Dropping Numbers

The company's latest teaser includes a cryptic phone number that might reveal important specs about its upcoming architecture.