An ASUS software update has left many vulnerable to backdoor attacks. ASUS users running the ASUS software Live Update, which is preinstalled on most ASUS systems, were possibly susceptible to security flaws which have been discovered that allowed attackers to gain a backdoor to users’ computers and vulnerable to the Operation ShadowHammer security flaw.
The Operation ShadowHammer security flaw in the ASUS software was first discovered by research firm Kaspersky Lab on 29 January 2019, which has been performing diagnostics test and forensic investigations to analyse what this exploit means to ASUS users. The research firm reportedly found that over 1 million ASUS users were vulnerable to the Operation ShadowHammer security flaw between June and November 2018. ASUS was notified about Operation ShadowHammer on 31 January 2019.
Now, Asustek Computer Inc (or ASUS as we all know it as) has responded to the Operation ShadowHammer attack, urging users to install version 3.6.8 of the ASUS Live Update Utility which is a patch that implements security flaw fixes. The new patch introduces multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means and implements an enhanced end-to-end encryption mechanism. Additionally, ASUS updated and strengthened its server-to-end-user software architecture to prevent similar attacks from happening in the future.
The company also disputed the claims by Kaspersky Lab that over 1 million users were compromised by the security flaw, claiming the attacks only impacted “a small number of devices“.
The company had since helped customers fix the problem, patched the vulnerability and updated their servers.
It’s unclear who, or which organisation was behind the attack. It is also unclear what the attackers’ motives were for the cyber attack, with ASUS only stating that
Advanced Persistent Threat (APT) attacks are national-level attacks usually initiated by a couple of specific countries, targeting certain international organizations or entities instead of consumers.
Users can use this free tool from Kaspersky Lab to check whether they’ve been attached by Operation ShadowHammer. Users can also use another tool suggested by ASUS to check whether they’re system is vulnerable to the security flaw.