ASUS downplays major compromise of its servers

Taiwanese computer maker ASUS has admitted its Live Update servers were breached by an as-yet unknown adversary and used to push a backdoor onto what Kaspersky Lab says may have been over a million devices.

In a belated response to the revelation, the company pointed late Tuesday to “national-level attack[s] usually initiated by a couple of specific countries” and released a a fix in the latest version of its Live Update software.

Only the version of Live Update used for notebooks was hijacked, it said, downplaying the incident and declining to mention or thank Kaspersky Lab for identifying the sophisticated attack: “Only a very small number of specific user group were found to have been targeted by this attack” the company said.

ASUS said: “We have introduced multiple security verification mechanisms to prevent any malicious manipulation in the form of software updates or other means, and implemented an enhanced end-to-end encryption mechanism.

At the same time, we have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future.”

The text above is a summary, you can read full article here.