AsusWRT, a web-based app from Asus that allows users to manage their WiFi network and works with smart devices, such as Amazon Alexa products, has been compromised in a data breach, giving hackers access to an user's home network and the ability to hijack smart devices.
According to Noam Rotem and Ran Locar, vpnMentor researchers, AsusWRT is a graphical interface app that combines with an Asus router to create a private wifi network in a user’s home. This grants an AsusWRT user complete control over their network and any devices connected to it, says the vpnMentor. AsusWRT becomes a centralized access point for all internet devices in ahome, including any phones, tablets, or laptops connected to the network.
The database has been closed by Asus, and while no personally identifiable information (PII) data was viewable in the AsusWRT database, the leak still allowed access to highly sensitive user information, such as:
- IP Address
- User’s name
- Device Name (John Doe’s iPhone)
- Usage information, IFTTT commands
- Longitude & Latitude coordinates
- Location: Country & City
- Commands
The leak affected AsusWRT users across the globe and also contained logs of user actions via Amazon Alexa devices connected to a router using AsusWRT, which gave insight into user behavior on the affected Alexa devices and any smart device connected to them, say the researchers. With this information, hackers can target users in several ways, online and offline, says the vpnMentor report.
To find out more, visit the vpnMentor website.