If you own an Asus RT-AC1900P home wireless router, it's time to patch it. Asus recently issued a firmware update to fix two serious security flaws that could let an attacker with access to your home network hack both your router and your PC.
Trustwave, the security firm that found the flaws, disclosed the issues in a security advisory yesterday (July 22). It explained that the Asus router searches for firmware updates on the Asus website by using a file-download tool but without checking digital security certificates.
"As a result, MITM [man-in-the-middle] attack is trivial when the device is connected to a malicious network," the Trustwave advisory says.
- The best Wi-Fi routers for your home or small office
- Your router's security stinks: Here's how to fix it
- New: iPhone 12 blown away by Samsung Galaxy S20 Fan Edition leak
That means an attacker can trick the router into downloading and installing malicious firmware updates. And because an attacker can do that, a trap can be set for when the router's owner logs into the router's administrative interface, which is displayed in a web browser on the owner's PC or Mac.
- More: Out and about? See how to use a VPN to stay safe on public Wi-Fi
After this, all bets are off
Because the attacker already controls your router, he or she can also change the router settings so that you're led to fake banking or email websites in attempts to capture account login credentials or to trick you into installing corrupted software.
How to avoid attacks based on this router flaw
To avoid these nightmare scenarios, you can open up your Asus router's administration panel and see if a firmware update is available. (Asus has instructions here.)
Alternately, head over to the Asus firmware-update page for the RT-AC1900P and download the most recent update.
You should always change the administrator password on your router as soon as you get it out of the box. And make sure that the access password for your home Wi-Fi network isn't something easy to guess and is at least 10 characters long. You don't want random neighbors getting access and possibly playing havoc with your router.