While ASUS Live Update is used to update both software and firmware, there is a firmware update mechanism built directly into the ASUS UEFI firmware that updates firmware remotely completely, outside of the OS and beyond the visibility of security software. Firmware implants and backdoors have long been the go-to tool for nation-state attackers because they are very hard to detect via traditional means and allow the attacker to exist and persist below the level of the operating system. And while the malware was delivered to hundreds of thousands of computers, the attack appeared targeted at only 600 specific machines.
Kaspersky analysis strongly links the attack to a state-supported hacking group. To be clear, firmware implants have not been reported as yet in the ASUS attack, but the scenario is not at all far-fetched. This means that the ASUS attack could potentially include malicious firmware updates that have yet to be detected or fully analyzed simply because existing tools lack the necessary visibility. Software security products know that it is there, but they can’t see it. For most, firmware is the dark matter of the security universe.
Asus live update no updates drivers#
However, Live Update is also used by ASUS to update system firmware and drivers on devices. Most of the currently available analysis has focused on malicious software delivered by the Live Update tool. Let’s take a closer look at the ASUS issue specifically, the broader trends in the industry, and what we can be doing about it. Unfortunately, this issue extends well beyond software updates and well beyond ASUS. You can read the response and advice from ASUS here and the latest research from Kaspersky here. This malware was being passed from trusted ASUS URLs, using the trusted ASUS update tool, and the packages themselves were signed by ASUS. To briefly summarize, sophisticated attackers ( likely a nation-state group) were able to compromise ASUS servers that supported the company’s Live Update utility, which was then used to deliver malware to large numbers of ASUS users. With the recent revelations that ASUS unwittingly pushed malware-infected software updates to hundreds of thousands of its customers, the security industry is once again forced to examine the reality of supply chain attacks and the often shaky foundations of trust in our devices and their software.
0 kommentar(er)
