'

ASUS software updates hijacked to install "ShadowHammer" backdoor into systems

Over a million users may be affected

ASUS software updates hijacked to install

ASUS software updates hijacked to install "ShadowHammer" backdoor into systems

Back in January, Kaspersky discovered a "sophisticated supply chain attack involving the ASUS Live Update Utility", allowing a backdoored version of ASUS Live Update to be released and installed on over 57,000 PCs. 

At this time, ASUS has not released an official statement on the matter, with Kaspersky claiming that scale of the problem could extend to over 1 million PC. Right now, ASUS is one of the world's largest PC manufacturers, acting as the 5th largest PC vendor as of 2017. In addition to this, ASUS also commands a dominating market share of the PC components market. 

ASUS' Live Update software can update the drivers, BIOS, UEFI and selected system applications, making it possible for compromised versions of the application to compromise systems further. Kaspersky has dubbed this exploit "ShadowHammer". 

It is believed that ASUS' update utility was first attacked between June and November 2018, with the change going unnoticed until January 2019. This was due to the compromised software's use of legitimate ASUS certificates, and the fact that the malicious updates were hosted on official servers. 

Kaspersky plans to release a full paper on the ASUS attack in April, during the company's Security Analyst Summit in Singapore. ASUS was first contacted by Kaspersky about the attack on January 31st 2019, and since then Kaspersky has supported their investigation into the malware. 
  

ASUS software updates hijacked to install  

ASUS is expected to release an official statement regarding the attack later today. 

Update - ASUS has confirmed that released a fixed version of their Live Update tool and has “implemented an enhanced end-to-end encryption mechanism” to “strengthened [their] server-to-end user software architecture”. This should prevent any similar attacks from happening in the future. 

ASUS has also stated that this attack was designed to "target a very small and specific user group", which means that most users of ASUS PCs should be unaffected by the attack. Users who are concerned about their PCs should download and run ASUS' security diagnostic tool, which will check to see if their PC has been impacted by a ShadowHammer-infected version of their Live Update tool. This utility can be downloaded here

You can join the discussion on ASUS' "ShadowHammer" backdoor on the OC3D Forums

«Prev 1 Next»

Most Recent Comments

26-03-2019, 11:32:45

Arne Saknussemm
However damaging ShadowHammer is...it's still got nothing on AI Suite...Quote

26-03-2019, 11:58:28

Bartacus
Quote:
Originally Posted by Arne Saknussemm View Post
However damaging ShadowHammer is...it's still got nothing on AI Suite...
LMAO! It's funny because it's true, LOL! Quote

26-03-2019, 12:55:53

Wraith
Quote:
Originally Posted by Arne Saknussemm View Post
However damaging ShadowHammer is...it's still got nothing on AI Suite...
Thanks a million that just made my year! Quote
Reply
x

Register for the OC3D Newsletter

Subscribing to the OC3D newsletter will keep you up-to-date on the latest technology reviews, competitions and goings-on at Overclock3D. We won't share your email address with ANYONE, and we will only email you with updates on site news, reviews, and competitions and you can unsubscribe easily at any time.

Simply enter your name and email address into the box below and be sure to click on the links in the confirmation emails that will arrive in your e-mail shortly after to complete the registration.

If you run into any problems, just drop us a message on the forums.