Report: Supply Chain Attack ShadowHammer Leveraged ASUS Live Update

Subject: General Tech | March 25, 2019 - 01:47 PM |
Tagged: ShadowHammer, security, Kaspersky Labs, asus

Update, 3/26/19: As reported by TechRadar this morning ASUS has responded to the issue and implemented a fix to the latest version of Live Update (version 3.6.8) which provides "an enhanced end-to-end encryption mechanism" for the software. ASUS states that they "have also updated and strengthened our server-to-end-user software architecture to prevent similar attacks from happening in the future”. The company has also released a software tool to see if your system is affected, available directly from ASUS here (ZIP file).

Further, Bloomberg reports today that ASUS has disputed the numbers from the Kaspersky report, stating the attacks impacted only several hundred devices - and not "over a million" as had been estimated by Kaspersky. An ASUS spokesperson also said that "the company had since helped customers fix the problem, patched the vulnerability and updated their servers," in a statement quoted in the Bloomberg report.

The original news post follows.


Today, unfortunately, we have a perfect example of a supply chain attack posted at Slashdot and a very good reason for anyone using ASUS products to do a full scan on their systems as soon as they can.  It seems that attackers compromised the ASUS update server, forged two different ASUS digital certificates and pushed out malware to about a half million customers when their machines ran an auto-update. Kaspersky Labs published details on their findings this afternoon as well, cautioning that "the investigation is still in progress and full results and technical paper will be published during SAS 2019 conference in Singapore".

What makes this even more interesting is that the infection was looking for 600 specific MAC addresses, when it found one it would immediately reach out to another server to install additional payload.  This does not mean those without one of the listed MAC addresses is safe, the infection could still be there and modified to install additional nastiness on all infected machines.  According to the information from Motherboard, Kaspersky first detected this in January and have reached out to ASUS several times, as did Motherboard who "has not heard back from the company".

View Full Size

"The researchers estimate half a million Windows machines received the malicious backdoor through the ASUS update server, although the attackers appear to have been targeting only about 600 of those systems. The malware searched for targeted systems through their unique MAC addresses."

Here is some more Tech News from around the web:

Tech Talk

 

Source: Slashdot

Video News


No comments posted yet.

Post new comment

The content of this field is kept private and will not be shown publicly.
  • Lines and paragraphs break automatically.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <blockquote><p><br>
  • Web page addresses and e-mail addresses turn into links automatically.

More information about formatting options

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.