Asus patches its Wi-Fi routers' AiCloud vulnerabilities

Asus is rolling out a new firmware update, version, that addresses security holes caused by the AiCloud, a storage-based feature available in its USB-enabled Wi-Fi routers.

Dong Ngo SF Labs Manager, Editor / Reviews
CNET editor Dong Ngo has been involved with technology since 2000, starting with testing gadgets and writing code for CNET Labs' benchmarks. He now manages CNET San Francisco Labs, reviews 3D printers, networking/storage devices, and also writes about other topics from online security to new gadgets and how technology impacts the life of people around the world.
Dong Ngo
2 min read
With firmware version, Asus' AiCloud feature is now safe to use.
With firmware version, Asus' AiCloud feature is now safe to use. Dong Ngo/CNET

Sometimes more is not better, at least for a while. Case in point: the AiCloud feature of Asus' USB-enabled routers.

In my last review of an Asus router, the RT-AC66U, I found the device to be one of the best 802.11ac routers on the market, which it still is now. Among other things, the router's USB-connected storage feature was one of the most comprehensive, offering convenient data sharing, media streaming, and so on.

A month after my review, Asus moved to add even more to the router by introducing the AiCloud feature together with firmware version This feature added cloud-based sharing and mobile-app support for the router's USB-connected storage. Unfortunately, at the same time, AiCloud also created a series of vulnerabilities, first reported by security expert Kyle Lovett, that could potentially allow hackers to take control of the router remotely.

According to Lovett, it seems the best way to avoid this risk has been to turn off the AiCloud feature, or better yet not use an external hard drive with the router at all. That's not the case anymore, at least with RT-AC66U and the RT-N66U.

Asus informed me today that firmware version patches all AiCloud-related bugs as well as improving the functionality of both routers.

Here's part of the release notes for the latest firmware:

  1. Fixed AiCloud-vulnerability-related bugs.
  2. Underline "_" can now be acceptable in device name and computer name.
  3. Hide Broadcast option in PPTP VPN server when it is disabled.
  4. Fixed multicast IPTV related issues in PPPoE/PPTP/L2TP connection.
  5. Fixed parental control offset issue in IE.
  6. Fixed 3G dongle-related issue.
  7. Hide ASUS DDNS description when selecting third-party service.
  8. Fixed script error 'invalid argument on IE.'
  9. Fixed smart-sync JS error.
  10. Fixed JST time zone issue.

I tried the new firmware with the RT-AC66U, and so far it has seemed the router is now secure with AiCloud turned on. Note that the new firmware was not available when I checked from within the router's Web interface. In other words, I had to download it from Asus' Web site and upgrade the router manually. So, here are the support links and available dates of the firmware for routers affected by the AiCloud bugs.

If you're not using the AiCloud feature, there's nothing to worry about; if you are, make sure to turn that feature off till the router is updated with firmware version or later.