Thousands of Asus routers are being hit with stealthy, persistent backdoors

PhilipTheBucket@ponder.cat · 8 days ago

Thousands of Asus routers are being hit with stealthy, persistent backdoors

dohpaz42@lemmy.world · 8 days ago

Probably because it’s not limited to one or two specific models. Read the article:

The only way for router users to determine whether their devices are infected is by checking the SSH settings in the configuration panel. Infected routers will show that the device can be logged into by SSH over port 53282 using a digital certificate with a truncated key of

ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAo41nBoVFfj4HlVMGV+YPsxMDrMlbdDZ… To remove the backdoor, infected users should remove the key and the port setting.

People can also determine if they’ve been targeted if system logs indicate that they have been accessed through the IP addresses 101.99.91[.]151, 101.99.94[.]173, 79.141.163[.]179, or 111.90.146[.]237. Users of any router brand should always ensure their devices receive security updates in a timely manner.

There’s your answer.

thermal_shock@lemmy.world · 8 days ago

Users of any router brand should always ensure their devices receive security updates in a timely manner.

I like how you’re supposed to get updates from the same company that left the security holes open, or are actively monitoring them.