Wednesday, March 27th 2019

ASUS Responds to Reports of ASUS Live Update System Being Compromised by Hackers

Advanced Persistent Threat (APT) attacks are national-level attacks usually initiated by a couple of specific countries, targeting certain international organizations or entities instead of consumers. ASUS Live Update is a proprietary tool supplied with ASUS notebook computers to ensure that the system always benefits from the latest drivers and firmware from ASUS. A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group. ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed.

ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism. At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.
Additionally, we have created an online security diagnostic tool to check for affected systems, and we encourage users who are still concerned to run it as a precaution. The tool can be found here.

Users who have any additional concerns are welcome to contact ASUS Customer Service. More information about APT groups can be accessed here.

FAQs
  • How do I know whether or not my device has been targeted by the malware attack?
    Only a very small number of specific user group were found to have been targeted by this attack and as such it is extremely unlikely that your device has been targeted. However, if you are still concerned about this matter, feel free to use ASUS' security diagnostic tool or contact ASUS Customer Service for assistance.
  • What should I do if my device is affected?
    Immediately run a backup of your files and restore your operating system to factory settings. This will completely remove the malware from your computer. In order to ensure the security of your information, ASUS recommends that you regularly update your passwords.
  • How do I make sure that I have the latest version of ASUS Live Update?
    You can find out whether or not you have the latest version of ASUS Live Update by following the instructions shown here.
  • Have other ASUS devices been affected by the malware attack?
    No, only the version of Live Update used for notebooks has been affected. All other devices remain unaffected.
Add your own comment

10 Comments on ASUS Responds to Reports of ASUS Live Update System Being Compromised by Hackers

#1
DeathtoGnomes
Not surprised here, ASUS software, all of it, was pure shit when I used it, years ago, seems it still is.
Posted on Reply
#3
Argyr
DeathtoGnomesNot surprised here, ASUS software, all of it, was pure shit when I used it, years ago, seems it still is.
well, maybe you have a messy system and it didn't like the place:). I've been running ASUS software for 6+ years and never had any problems. AI Suite3 is excellent, really nice monitoring and fan control going on. Haven't noticed fishy disk or network usage, it's just stable and reliable.
Batou1986I remember someone pointing out a whole bunch of vulnerabilities in AI suite and the RGB software a while ago so i removed everything asus from my system
www.secureauth.com/labs/advisories/asus-drivers-elevation-privilege-vulnerabilities
your link only mentions RGB software.
Posted on Reply
#4
Fx
I don't trust anyone for automatically patching anything that I own at home or at work.

Concerning ASUS Suite, I only use the bare essential software of it and leave the rest uninstalled. I am not at home and can't remember off the top of my head of what that is.
Posted on Reply
#5
mcraygsx
DeathtoGnomesNot surprised here, ASUS software, all of it, was pure shit when I used it, years ago, seems it still is.
Not much has changed in past few years with Asus bundle software. I have x5 Asus boards ranging from X99 Deluxe II, maximux IX code, X hero, XI hero and non of the app in so called Value Added software bundle is of any use to me especially their Dual Intelligent processor is mediocre at best. I tend to use their GameFirst application but it does not make a whole lot of difference when I do OOKLA's speedtest when gaming while running bandwidth intensive applications in the background. Perhaps Mem Tweak is something that is worth while in the entire bundle while rest is pure junk for some.

Getting back to topic, imagine same thing were to happen with Microsoft. :twitch:
Posted on Reply
#6
Caring1
mcraygsx…..
Getting back to topic, imagine same thing were to happen with Microsoft. :twitch:
The NSA has to tight a hold on those backdoors ;)
Posted on Reply
#7
tony359
it's always a "small number of devices" being affected...
Posted on Reply
#8
ssdpro
What the heck is ASUS Live Update? That bloatware is for the kids that can't do anything for themselves. Grow up and update via USB direct to the UEFI.
Posted on Reply
#9
tony359
it updates all the drivers, not just the BIOS. It's pretty convenient - at least the similar software I have on my Lenovo.
Posted on Reply
#10
DeathtoGnomes
Nxoduswell, maybe you have a messy system and it didn't like the place:). I've been running ASUS software for 6+ years and never had any problems. AI Suite3 is excellent, really nice monitoring and fan control going on. Haven't noticed fishy disk or network usage, it's just stable and reliable.
obviously you dont read the asus forums much. Even ASUS sorta admitted it in a round about way. There was at one point at least 50 different uninstall executables, that was 4 years ago, one for every motherboard and system build. I know their forums changed since and a lot of the "negative posts" were culled.
Posted on Reply
Nov 23rd, 2024 21:32 EST change timezone

New Forum Posts

Popular Reviews

Controversial News Posts