February 24, 2016
On February 2014, thousands of Asus router owners found a disturbing text file saved to their devices.
“This is an automated message being sent out to everyone effected [sic],” the message read. “Your Asus router (and your documents) can be accessed by anyone in the world with an Internet connection.” The anonymous sender then urged the readers to visit a site that explained more about the router vulnerability.
On Tuesday, the US Federal Trade Commission settled charges that alleged the hardware manufacturer failed to protect consumers as required by federal law. The settlement resolves a complaint that said the 2014 mass compromise was the result of vulnerabilities that allowed attackers to remotely log in to routers and, depending on user configurations, change security settings or access files stored on connected devices. Under the agreement, Asus will maintain a comprehensive security program subject to independent audits for the next 20 years.