Headline News: ASUS Live Update software encounter Advanced Persistent Threat (APT) groups implant backdoor – 26th Mar 2019

Preface (Attack roadmap): Asus Live Update software installed on laptops and PCs encounter cyber attack in between June and November 2018. Hacker implant a backdoor into the live update software!

Observation: ASUS, it configures the network using dynamic host configuration protocol and then makes a plain HTTP request to a remote server to check if a newer version of the UEFI BIOS firmware is available than the version currently running in the system. Thus, there’s no SSL protection nor verification that it’s actually talking to the correct remote server.

Official announcement: ASUS response to the recent media reports regarding ASUS Live Update tool attack by Advanced Persistent Threat (APT) groups (below URL for reference): https://www.asus.com/News/hqfgVUyZ6uyAyJe1