Taiwanese computer hardware company ASUS has confirmed reports claiming that the company was used by hackers to install backdoors on customers’ computers.
On Monday, Vice’s Motherboard reported that hackers used ASUS to push “malware to hundreds of thousands of customers through its trusted automatic software update tool,” and on Tuesday, ASUS confirmed the report in a statement.
“A small number of devices have been implanted with malicious code through a sophisticated attack on our Live Update servers in an attempt to target a very small and specific user group. ASUS customer service has been reaching out to affected users and providing assistance to ensure that the security risks are removed,” declared ASUS.
“ASUS has also implemented a fix in the latest version (ver. 3.6.8) of the Live Update software, introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism.”
“At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future,” the company continued, adding, “Additionally, we have created an online security diagnostic tool to check for affected systems, and we encourage users who are still concerned to run it as a precaution.”
Though ASUS claimed that only “a very small number of specific user group were found to have been targeted by this attack and as such it is extremely unlikely that your device has been targeted,” the company recommended those affected to backup their files and then restore their device to factory settings.