For every catastrophic security flaw that makes it out into the wild, there are hundreds that developers discover and quietly patch before they can threaten anyone.
That’s the case with a new update from Asus for its RT line of routers. A handful of potentially critical bugs will threaten Asus RT routers no more, but there’s a catch. Unless your router updates automatically, you'll have to apply the update manually, especially since cybercriminals can now see how the flaws work.
This information comes from online firm Nightwatch Cybersecurity, which hunts bugs, performs independent research and generally keeps users safe by collaborating with hardware and software manufacturers. Not only did Nightwatch report the vulnerabilities back in January, but Asus issued a firmware update in March. If you’ve been assiduous about keeping your router up to date, you can stop reading this piece right now and go do something fun online instead.
MORE: Best Wi-Fi Routers
If not, you should visit the Asus driver page (opens in new tab) ASAP, then download the latest firmware for your router. On your home network, type 192.168.1.1 into your web browser, then log in with your username and password. (Hopefully, you’ve changed these from the factory defaults; if not, they are probably “admin” and “password,” respectively.)
Click on Firmware Upgrade in the router configuration page, then follow the instructions to use your newly downloaded file. The process will take a few minutes, but you’ll be well protected, at least until the next flaw comes along.
As far as the flaws themselves, they have the potential to be fairly serious, but are also somewhat arcane. The first flaw affects the router’s login page, and could allow a malicious website to hijack a router, provided that a user hasn’t changed the default username and password. (Such an oversight is more common than you might think.) Controlling the router obviously means that a cybercriminal could also control everything that passes through the router, i.e. all internet traffic on the network.
The other flaws are less severe, but tend to proceed along the same lines. Cybercriminals could remain logged into a router’s administrative page without a user’s knowledge, as well as glean information about the router’s model number and IP address. The worst additional vulnerability could allow a cybercriminal to steal a network’s Wi-Fi password, but it requires physical proximity to the router, as well as a specialized app.
Nightwatch identified 40 affected routers, and pointed out that other units may be compromised as well. Check its blog for the full listing, although no matter what kind of Asus RT router you have, it would not hurt to take a minute and check that it has the latest firmware. It’s a good habit to get into, especially if your router does not automatically update, as many Asus RT routers do not.