Logo

    Ep 5: #ASUSGATE

    Security researcher Kyle Lovett discovered vulnerable Asus router security issues and aimed to resolve them, not just for himself but also for thousands of others who were similarly impacted.

    en-usNovember 01, 2017
    1
    Darknet Diaries

    150 Episodes

    What security risks are associated with default router passwords?
    How did Kyle Lovett’s actions protect his data?
    What vulnerabilities were found in Asus routers?
    Why is changing default passwords important for security?
    What measures can users take to secure their networks?

    • The Importance of Securing Network Routers to Protect Personal InformationRegularly checking and securing network routers from basic vulnerabilities can prevent data from being accessed by hackers. Protecting routers is crucial as they hold a person's private information.

      A default username and password on network devices can pose a significant security risk. Kyle Lovett discovered that going through a simple routine check-up on his network router and protecting it from the most basic vulnerabilities eventually helped him avoid sharing his data with the entire world. Though as common as it might sound, a security check on routers should not be taken lightly, as it could be an open invitation for hackers to exploit vulnerabilities and gain access to personal information stored within the network. Routers hold the key to a person's private life, and securing them should be a top priority for everyone.

    • Asus Router Security RisksChange default passwords, enable authentication and encryption, stay informed about updates, and consider penetration testing to identify vulnerabilities in your home network.

      The Asus router has multiple security vulnerabilities, including clear text passwords in unprotected directories and default passwords which increases the risk of unauthorized access to user's files, network and VPN. The AI Cloud feature of the router exposes the password of the router to anyone on the internet. Therefore, anyone with this router has an insecure home network. It is important for users to change default passwords and enable authentication and encryption. Users need to stay informed about the latest security patches and updates to ensure the safety of their network. Employing penetration testing may help in identifying vulnerabilities before attackers do.

    • Ethical Hacker Discovers Major Flaws in High-End Router and Asks Vendor for ActionPrompt response to security vulnerabilities is crucial to prevent hackers from exploiting users' privacy and safety. Vendors must act responsibly to address these issues to protect their customers.

      The Shodan website can identify vulnerable IPs with open ports, which can lead to issues such as unauthorized access and attacks on users. Kyle discovered that a high-end router had major security vulnerabilities that could be exploited to access over 100,000 private networks around the world. Zero-day vulnerabilities like these can be dangerous and can lead to hackers using the networks to carry out malicious activities. Kyle, being ethical and responsible, contacted Asus to report the issue, but the vendor failed to respond or release a fix for two months. It emphasizes the importance of prompt response and action by vendors to address security vulnerabilities for ensuring user privacy and safety.

    • The Dilemma of Full Disclosure in Security VulnerabilitiesFull disclosure can create awareness but may also lead to exploitation. Vendors must take security seriously and respond promptly to reports. The security community debates the balance between full and partial disclosure.

      Full disclosure of security vulnerabilities can be a double-edged sword. While it makes the customers aware of the potential threats, it also provides the keys to hackers. Independent researchers often resort to full disclosure when vendors do not take security vulnerabilities seriously. However, it can lead to legal threats and exploitation of the system. Asus took four months to respond to Kyle's emails reporting the security flaw, and it was only after public embarrassment via online disclosure that they took action. The security community debates the need for full disclosure versus partial disclosure, which is informing the customers about the vulnerability without providing too much detail.

    • Unsecured feature on Asus laptops caused data breachImplement secure features and restrict unauthorized access to personal data to protect individuals from being victimized.

      Asus customers were vulnerable to a security issue where their hard drives and files were accessed by unwanted strangers due to a feature, not a security bug, and without a password. This act was not clearly criminal because there was no restriction for keeping people out. The feeling of being violated due to the unauthorized access to private files is unexplainable and horrible. The news of the hackers exploiting this security issue went viral, and Asus eventually fixed all the bugs reported by Kyle. These incidents highlight the importance of implementing secure features and restricting unauthorized access to personal files and data to protect individuals from being victimized.

    • The Importance of Cybersecurity And Addressing Vulnerabilities.Companies must prioritize cybersecurity, work with security researchers, and take necessary steps to address vulnerabilities. The ongoing issue of inadequate security measures and customer negligence highlights the need for continuous monitoring and improvement in security practices.

      Asus was found to have accessed customer data and mismanaged security issues, resulting in a case and settlement with the FTC. Orders were given to address the issues, including conducting security audits and publicly notifying customers of security updates. However, even years later, thousands of Asus routers remain unpatched and vulnerable, highlighting the ongoing issue of inadequate security measures and customer negligence. It is important for companies to prioritize cybersecurity and work with security researchers to address vulnerabilities. The Department of Homeland Security's US-CERT is a resource for such efforts. Despite progress, many vendors still need to improve their security mindset and testing processes to prevent further security breaches.

    Was this summary helpful?

    Recent Episodes from Darknet Diaries

    150: mobman 2

    150: mobman 2
    Re-examining Episode 20 of Darknet Diaries, exploring doubts about Greg aka 'mobman' claiming to create sub7 malware.
    Darknet Diaries
    en-usOctober 01, 2024

    148: Dubsnatch

    148: Dubsnatch
    Story of daring teens pursuing unreleased dubstep music, revealing their audacious tactics to sneak a peek before others.
    Darknet Diaries
    en-usAugust 06, 2024

    147: Tornado

    147: Tornado
    In this podcast, Geoff White discusses the digital heist of Axie Infinity and Tornado Cash, revealing how cryptocurrencies were manipulated for money laundering, details from his book 'Rinsed'.
    Darknet Diaries
    en-usJuly 02, 2024

    146: ANOM

    146: ANOM

    In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

    This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

    Darknet Diaries
    en-usJune 04, 2024

    145: Shannen

    145: Shannen
    Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    Related Episodes

    Interview Frostee Rucker, NFL Defensive End with the Oakland Raiders

    Interview Frostee Rucker, NFL Defensive End with the Oakland Raiders
    Welcome to the Monday Climate Change interview with Scott Amyx. Today, I’m joined by Frostee Rucker, an American football defensive lineman entering his 13th season in the NFL who is currently in his first season with the Oakland Raiders. He is a well-respected veteran defensive end and most recently played five seasons for the Arizona Cardinals. He played college football at USC, and was drafted by the Cincinnati Bengals in the third round of the 2006 NFL Draft. Rucker has also played for the Cleveland Browns and Arizona Cardinals.

    342: Fortress of Loneliness

    342: Fortress of Loneliness

    The dark of war; unionization efforts in tech; Facebook’s new push to “privacy” & problems with “AI”; Google’s voodoo doll avatars; bored lonely angry stupid; conspiracy correlation matrix; Latch problems; no more getting lost; respect my authority!; what does delete & privacy mean; Apple iPad & pencil; sound machines; the case against dark mode; wood wide web.

    Show notes at https://gog.show/342

    See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

    171: Faradayspotting

    171: Faradayspotting
    Peak app; elevated buses; Pokemon mind control; Faraday caged bars; stupid chip payments; uber mapping; Netflix tax; IoT disasters; hacking autonomous vehicles; Australia moving; emoji political correctness; Mr. Robot back on track, stand ups; Matt Damon. Show notes at http://grumpyoldgeeks.com/171 See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

    532: Crypt Bros

    532: Crypt Bros

    Happy Thanksgiving; spam season; Jason's pivoting; scooters back in the news; Zillow's AI disaster; Tesla app locked people out of their cars (except for their keys); Zipline; trolling NFT owners; the NFT Bay; Crypto.com Arena; Apple on right to repair; OpenAI GPT-3; the Orville; Star Trek: First Contact; Jagged, Alanis Morissette; Discovery; Foundation; Wheel of Time; Bored Ape Yacht Club; Buy Nothing Project; ear wax; AirPods are out; Super Agent cookie monster; Twitter Blue; smart dimmers.

    Show notes at https://gog.show/532/

    This week we’re sponsored by Feals. Become a member today by going to Feals.com/gog and you’ll get 50% off your first order with free shipping.


    FOLLOW UP

    The Pivoteer

    Miami votes to end electric scooter pilot program


    IN THE NEWS

    What Went Wrong With Zillow? A Real-Estate Algorithm Derailed Its Big Bet

    Tesla app outage locked some owners out of their cars

    Zipline starts first commercial US drone deliveries with Walmart partnership in Arkansas

    How to Troll an NFT Owner

    “The NFT Bay” Shares Multi-Terabyte Archive of ‘Pirated’ NFTs

    Crypto park deal has winner’s curse

    Why Apple changed its mind on Right to Repair

    Apple will let iPhone users repair their own devices

    OpenAI makes GPT-3 generally available through its API


    MEDIA CANDY

    Jagged

    Star Trek: Discovery Season 4

    Star Trek: Discovery Is Tearing the Streaming World Apart

    ‘Scenes From a Marriage,’ ‘Dopesick,’ ‘Cowboy Bebop’ Showrunners on Adapting Source Material for TV

    Foundation

    Wheel of Time

    A Choice of Weapons: Inspired by Gordon Parks

    Universal Forms Metaverse Band Based on Bored Ape Yacht Club NFTs

    It’s just a pre-monitezed, not good Gorillaz... 


    APPS & DOODADS

    The Buy Nothing Project

    Yes, you DO need a smart ear wax remover. And the Spade Mini is on sale for under $40

    Are AirPods Out? Why Cool Kids Are Wearing Wired Headphones

    Super Agent - Automatic cookie consent

    Introducing Twitter Blue - Twitter’s first-ever subscription offering

    Amazon Basics Single Pole Smart Switch, Works with Alexa, Neutral Wire Required - A Certified for Humans Device

    See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

    Futurism in Africa: Creating New Realities With The Power of Technology

    Futurism in Africa: Creating New Realities With The Power of Technology

    This story was originally published on HackerNoon at: https://hackernoon.com/futurism-in-africa-creating-new-realities-with-the-power-of-technology.
    How should we use technology for our benefit? What are the risks, and how do we manage them in the Gambia?
    Check more stories related to futurism at: https://hackernoon.com/c/futurism. You can also check exclusive content about #futurism, #africa, #technology, #ai, #robotics, #security, #imagination, #tech, and more.

    This story was written by: @zraso. Learn more about this writer by checking @zraso's about page, and for more stories, please visit hackernoon.com.

    The significant impact of technology on society, culture and economy is undeniable. It has now become common to discuss technology together with innovation, as well as becoming a growing consideration for the government, the law, social initiatives and for families to contend with. In this article, we will dive deeper into the possibilities that exist for young Gambia, full of innovative and energetic minds who seek better opportunities and environments to thrive, to technologically advance their nations and to contribute their innovative solutions to the global landscape.

    Logo

    © 2024 Podcastworld. All rights reserved

    Company

    Pricing

    Stay up to date

    For any inquiries, please email us at hello@podcastworld.io