FTC Brings ASUS To Heel Over Router Security Flaws

Photo of author

Tim Higgins

FTC and ASUSThe router maker is in trouble with the Feds again.

Tuesday’s settlement between the Federal Trade Commission and ASUS is the second time the U.S. government has been involved in action against the wireless router maker.

In 2013, NETGEAR sued ASUS, claiming it was shipping wireless routers that did not comply with FCC peak power limits. That suit was settled last March, with ASUS agreeing to a compliance plan requiring ASUS to file reports with the FCC for three years.

FTC stomps ASUS

Tuesday’s consent agreement resulted from a February 2014 mass compromise of ASUS routers that allowed attackers to remotely log in, mess with router settings and, in some cases, gain access to networked devices. This time, the U.S. government took action directly, with the FTC filing a complaint against ASUStek itself.

The resulting punishment is worse than that of the NETGEAR case, with ASUS agreeing to immediately implement a "comprehensive security program" that will be subject to independent audits for the next 20 years.

So why did the Feds go after ASUS, when routers from other manufacturers have (or had) similar security flaws? No reports seem to explain why. But it’s obvious given the severity of the punishment, that router manufacturers best take note and get their security design and verification processes tightened up.

Related posts

QCA Showing Mobile Draft 11ac Devices

Qualcomm Atheros is demoing draft 802.11ac chips for mobile devices this week at Computex.

EnGenius XtraRange Routers Hit The Shelves

EnGenius has begun shipping a new family of "extended-range" wireless routers.

MetaGeek Moves To Pay Model For New inSSIDer

MetaGeek has introduced a paid version of its inSSIDer Wi-Fi utility and ended development of its free version.