Asus patches its Wi-Fi routers' AiCloud vulnerabilities
Asus is rolling out a new firmware update, version 18.104.22.1682, that addresses security holes caused by the AiCloud, a storage-based feature available in its USB-enabled Wi-Fi routers.
Sometimes more is not better, at least for a while. Case in point: the AiCloud feature of Asus' USB-enabled routers.
In my last review of an
A month after my review, Asus moved to add even more to the router by introducing the AiCloud feature together with firmware version 22.214.171.124.220. This feature added cloud-based sharing and mobile-app support for the router's USB-connected storage. Unfortunately, at the same time, AiCloud also created a series of vulnerabilities, first reported by security expert Kyle Lovett, that could potentially allow hackers to take control of the router remotely.
According to Lovett, it seems the best way to avoid this risk has been to turn off the AiCloud feature, or better yet not use an external hard drive with the router at all. That's not the case anymore, at least with RT-AC66U and the
Asus informed me today that firmware version 126.96.36.1992 patches all AiCloud-related bugs as well as improving the functionality of both routers.
Here's part of the release notes for the latest firmware:
- Fixed AiCloud-vulnerability-related bugs.
- Underline "_" can now be acceptable in device name and computer name.
- Hide Broadcast option in PPTP VPN server when it is disabled.
- Fixed multicast IPTV related issues in PPPoE/PPTP/L2TP connection.
- Fixed parental control offset issue in IE.
- Fixed 3G dongle-related issue.
- Hide ASUS DDNS description when selecting third-party service.
- Fixed script error 'invalid argument on IE.'
- Fixed smart-sync JS error.
- Fixed JST time zone issue.
I tried the new firmware with the RT-AC66U, and so far it has seemed the router is now secure with AiCloud turned on. Note that the new firmware was not available when I checked from within the router's Web interface. In other words, I had to download it from Asus' Web site and upgrade the router manually. So, here are the support links and available dates of the firmware for routers affected by the AiCloud bugs.
- RT-AC66U (available now)
- RT-N66U (available now)
- RT-N65U (available July 17)
- RT-N14U (available July 17)
- RT-N16 (available July 18)
- RT-N56U (available July 19)
- DSL-N55U (available July 19)
If you're not using the AiCloud feature, there's nothing to worry about; if you are, make sure to turn that feature off till the router is updated with firmware version 188.8.131.522 or later.