ASUS Releases Fix For ShadowHammer Malware Attack (engadget.com) 63
A reader shares a report from Engadget: ASUS may have inadvertently pushed malware to some of its computers through its update tool, but it at least it has a fix ready to go. The PC maker has released a new version of its Live Update software for laptops that addresses the ShadowHammer backdoor attack. It also promised "multiple security verification mechanisms" to reduce the chances of further attacks, and started using an "enhanced end-to-end encryption mechanism." There are upgrades to the behind-the-scenes server system to prevent future attacks, ASUS added.
The company simultaneously reiterated the narrow scope of ShadowHammer, noting that the malware targeted a "very small and specific user group." It's believed to be an Advanced Persistent Threat -- that is, a state-backed assault against organizations rather than everyday users. Other ASUS devices weren't affected, according to a notice. While the fix is reassuring, it also raises questions as to why the systems weren't locked down earlier. Update tools are prime targets for hackers precisely because they're both trusted and have deep access to the operating system -- tight security is necessary to prevent an intruder from hijacking the process.
The company simultaneously reiterated the narrow scope of ShadowHammer, noting that the malware targeted a "very small and specific user group." It's believed to be an Advanced Persistent Threat -- that is, a state-backed assault against organizations rather than everyday users. Other ASUS devices weren't affected, according to a notice. While the fix is reassuring, it also raises questions as to why the systems weren't locked down earlier. Update tools are prime targets for hackers precisely because they're both trusted and have deep access to the operating system -- tight security is necessary to prevent an intruder from hijacking the process.
Comment removed (Score:4, Funny)
Re: (Score:2)
The PC maker has released a new version of its Live Update software for laptops that addresses the ShadowHammer backdoor attack. It also promised "multiple security verification mechanisms" to reduce the chances of further attacks, and started using an "enhanced end-to-end encryption mechanism."
The new security measures include the software promising, scout's honour, cross my fingers and hope to die, that it really, really isn't malware. Asus have announced that you can now fully trust it, since no malware would pass that test.
So much facepalm (Score:2)
They just now started using cryptographic security for their system software updater.
And don't worry, the malware only "targeted" a small group of users. Never mind that malware ran with full admin privs on your computer undetected for months. You're totally safe because it didn't "target" you specifically.
<facepalm>
Question answered (Score:2)
Why didn't they fix this earlier, TFS asks?
Isn't it obvious? They were not going to spend money to fix some theoretical problem, especially when there are no real consequences if it actually does get exploited. Release a patch, wait for the 24 hour news cycle to move on, day after that everyone has forgotten and most people never even heard that your software is insecure. Sales unaffected.
Notifying them? (Score:2)
The company simultaneously reiterated the narrow scope of ShadowHammer, noting that the malware targeted a "very small and specific user group." It's believed to be an Advanced Persistent Threat -- that is, a state-backed assault against organizations rather than everyday users.
Well are they going to notify the victims of the attack or just pretend the problem is solved?!
APT (Score:2)
[ASUS notes] that the malware targeted a "very small and specific user group." It's believed to be an Advanced Persistent Threat
What a good news for the infected users! Now their GPU and hard disk firmware are probably compromised as well, making sure that ASUS' update will not wipe attacker presence out of the machine.