3 min Security

Hackers hijack ASUS software updates to install back doors

Hackers hijack ASUS software updates to install back doors

Hackers have taken over a server from computer manufacturer ASUS to install a back on the company’s computers already sold to customers, according to researchers from security company Kaspersky Lab. The burglary was discovered last January.

The hackers were able to penetrate the server that ASUS uses to send software updates to end users’ computers, writes Motherboard. According to Kaspersky, the back was sent to customers for five months before the problem was discovered. The malicious file was signed with legitimate digital certificates from the manufacturer, making it look like a legitimate software update was being installed.

The researchers estimate that half a million Windows machines have received the rogue back through the update server. However, the attackers seem to have targeted only 600 of these systems. The malware searched for those systems via their unique MAC address. If the malware found such an address and was on that system, it connected to a command-and-control server of the attackers, after which more malware was installed.

Security specialist Symantec has confirmed the findings of Kaspersky.

Discovery and reaction

Kaspersky Lab states that it was the January attack on the sppor when the security company added new supply chain detection technology to its scanning tool to detect anomalous code fragments in legitimate code. On 29 January this year, the malware was first discovered on an infected device. ASUS was informed on 31 January and a meeting between Kaspersky and the computer manufacturer took place on 14 February.

Kaspersky states that since then, the company has made little known and has not informed its customers of the problem. Motherboard sent ASUS a list of the claims that Kaspersky made in three separate e-mails. However, the medium has not heard from the hardware manufacturer.

However, after Motherboard’s reporting, the company did come up with an explanation. It states that such attacks – also known as Advanced Persistent Threat (ATP) attacks – are normally launched by ‘a number of specific countries, targeting certain international organisations or entities’. Consumers would not be targeted.


The company further states in its statement that “a small number of” devices became the victim of the back door. “ASUS Customer Service has contacted affected users and provided assistance to ensure that security risks have been removed.”

A solution to the problem has also been implemented in the latest version of Live Update, version 3.6.8. This includes several verification mechanisms to prevent malicious manipulation in the form of software updates or other ways to be used. An improved end-to-end encryption mechanism has also been deployed.

This news article was automatically translated from Dutch to give Techzine.eu a head start. All news articles after September 1, 2019 are written in native English and NOT translated. All our background stories are written in native English as well. For more information read our launch article.