Kaspersky: Asus shipped 'million-plus' pre-pwned PCs that downloaded backdoor from update server

www.theregister.co.uk | 3/25/2019 | Staff
ashb0101 (Posted by) Level 3
Click For Photo: https://regmedia.co.uk/2018/04/09/the-shining.jpg

Asus may have shipped more than a million computers with compromised firmware that downloaded and ran spyware on the machines, Kaspersky Lab claims.

The motherboard firmware, we're told, was secretly modified before the PCs were sent out to customers so that they would fetch malware stashed on Asus's servers and install it: this downloaded malware was signed using the computer maker's certificates, so everything looked legit, and it would open a backdoor to its masterminds when up and running.

Spyware - Number - Target - Devices - MAC

Interestingly enough, the spyware was only interested in a small number of target devices, identified by their MAC addresses, it is claimed. Seemingly, whoever was able to tamper with the firmware was also able to lace Asus's servers with malware, too.

The software nasty, discovered by Kaspersky and dubbed Shadowhammer, because they've all got to have a sexy name these days, was apparently found on 57,000 machines running the Russian security shop's antivirus tools. Extrapolating that figure, there are a million or more computers running this backdoor: Ausus is the world's fifth largest computer manufacturer. Kaspersky claims it has found similar exploit code in the firmware of three other, as yet unnamed, vendors.

Component - Asus - Live - Update - Utility

The secretly modified firmware component is the Asus Live Update Utility, which is bundled...
(Excerpt) Read more at: www.theregister.co.uk
Wake Up To Breaking News!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!