Asus simplifies router configuration to protect external hard drives

The company is updating unsecure default settings that left files accessible over the Internet

Asus is now distributing a firmware update that will change the default security settings on its broadband routers after files on thousands of external hard drives were found easily accessible over the Internet.

The problem was reported last week and stems from how Asus' routers are configured. Access to an external hard drive that's been attached to a router's USB port via FTP can be activated manually or by using a wizard, but both leave the router open by default.

As a result, the files of users in Europe and the U.S. were found accessible via the Internet, according to industry experts and tests conducted by PC World Norway and TechWorld Sweden.

+ ALSO ON NETWORK WORLD Best of CES 2014: In Pictures +

After being questioned about the problem, Asus decided to develop a firmware update to fix the issue, which is now being distributed via its website and the directly from the router user interface.

"The update changes the default security setting from unlimited to limited access rights when setting up a FTP server. This change will ensure that the end user doesn't leave their FTP server unprotected by mistake and also make it easier to understand the implications of the different security options," the company said in a statement.

There is now a warning that it's possible to access files via FTP without entering a password when a user has chosen the limitless access setting, according to Asus.

The update has already been released for the RT-AC68U router, and will this week also become available for the RT-AC56U, RT-AC66U, RT-N66U and RT-N16 routers. Remaining routers will be updated next week, Asus said.

Send news tips and comments to mikael_ricknas@idg.com

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies