[ale] PSA - Asus Routers
DJPfulio at jdpfu.com
DJPfulio at jdpfu.com
Sat May 31 13:38:23 EDT 2025
Thousands of Asus routers are being hit with stealthy, persistent backdoors
Backdoor giving full administrative control can survive reboots and firmware updates.
"
https://arstechnica.com/security/2025/05/thousands-of-asus-routers-are-being-hit-with-stealthy-persistent-backdoors/
The only way for router users to determine whether their devices are infected is by checking the SSH settings in the configuration panel. Infected routers will show that the device can be logged in to by SSH over port 53282 using a digital certificate with a truncated key of: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAo41nBoVFfj4HlVMGV+YPsxMDrMlbdDZ...
To remove the backdoor, infected users should remove the key and the port setting.
"
Asus makes some of the longest supported routers with industry leading security practices, so they are popular for people who want long support for a home router and don't want to do their own firmware or use something like OPNSense. I have an cheap Asus Router (RT-AX1800S) in "AP mode" myself, though my WAN router is an x86-64 device running OPNSense. That AP replaced the popular, cheap, suspicious, Chinese-made brands that many people, including me, used.
Patch your router, at least monthly. It it has been a few months since the last update, check that support hasn't ended. Routers are our first line of defense.
More information about the Ale
mailing list