If you keep an external hard drive plugged in to your Asus router, you'll likely want to disconnect it immediately.
Ars Technica is reporting that hackers are actively exploiting a giant security vulnerability in Asus routers. The contents of USB hard drives that have been physically attached to select router models are being made available to anyone with a web browser and the device’s IP address, with no password or other authentication.
According to security researcher Kyle Lovett, the vulnerability affects the following router models: RT-AC66R, RT-AC66U, RT-AC56U, RT-N66R, RT-N66U, RT-N56R, RT-N56U, RT-N14U, RT-N16 and RT-N16R.
The vulnerability is caused by the routers’ AiCloud remote access feature. Unlike the remote access vulnerability in Linksys routers we reported on yesterday, AiCloud (and the security hole therein) is turned on by default. Manually turning off AiCloud will seal the vulnerability.
If you want to keep your external drive attached to your router and continue to use the AiCloud service, Asus quietly released a firmware patch to correct the issue last year. Your router will remain vulnerable until you download and install it.
You can find the firmware update for your Asus router by visiting the company’s drivers and download page. For more on keeping your computer and network secure, check out these 6 ways to protect yourself from online threats.