When thinking about computer security, you probably consider your PC and phone first and foremost. But there’s a lot of hardware between you and the nebulous malefactors of the internet, and it’s important to make sure all of it is secure. Today Asus is telling owners of its Wi-Fi routers to update their firmware in order to protect against the Cyclops Blink botnet.
The botnet is being programmed to remotely access a router’s flash memory, potentially gaining access to any unencrypted traffic it handles. The malware can be cleaned off with a full reset, since it’s not being stored in permanent storage, but most users never have a reason to perform that action. According to the Asus security brief, seventeen different router models in the GT and RT series are affected:
- GT-AC5300 firmware under 3.0.0.4.386.xxxx
- GT-AC2900 firmware under 3.0.0.4.386.xxxx
- RT-AC5300 firmware under 3.0.0.4.386.xxxx
- RT-AC88U firmware under 3.0.0.4.386.xxxx
- RT-AC3100 firmware under 3.0.0.4.386.xxxx
- RT-AC86U firmware under 3.0.0.4.386.xxxx
- RT-AC68U firmware under 3.0.0.4.386.xxxx
- RT-AC68R firmware under 3.0.0.4.386.xxxx
- RT-AC68W firmware under 3.0.0.4.386.xxxx
- RT-AC68P firmware under 3.0.0.4.386.xxxx
- RT-AC66U_B1 firmware under 3.0.0.4.386.xxxx
- RT-AC3200 firmware under 3.0.0.4.386.xxxx
- RT-AC2900 firmware under 3.0.0.4.386.xxxx
- RT-AC1900P firmware under 3.0.0.4.386.xxxx
- RT-AC87U (EOL)
- RT-AC66U (EOL)
- RT-AC56U (EOL)
As noted by PCGamer, the Cyclops Blink botnet is becoming a huge problem, and security and law enforcement agencies in the US and UK are warning citizens to take precautions. The RT-AC56U was released way back in 2013, so this security flaw is affecting a huge range of Asus products. While some may be set up to download and install new firmware automatically, it’s best to check with the browser-based interface on your router to make sure. Asus also recommends resetting the router to factory default settings and changing the default administrator password.
Asus said you can update your router using the following process:
“(1) Reset the device to factory default: Login into the web GUI(http://router.asus.com) , go to Administration → Restore/Save/Upload Setting, click the “Initialize all the setting and clear all the data log”, and then click Restore button”
(2) Update all devices to the latest firmware.
(3) Ensure default admin password had been changed to a more secure one.
(4) Disable Remote Management (disabled by default, can only be enabled via Advanced Settings).”