Techly NewsGet the app

Get the latest tech news

ASUSpicious Flaw – Users' Information Exposed Since 2022


ASUSpicious Flaw - Millions of Users’ Information Exposed Since 2022 Please note that it’s not particularly suspicious, it just made for a good play-on-words title. Introduction What do most people do when they’re mistreated by a multi-billion dollar company after reporting a zero-day RCE to them? Certainly not find another zero-day exploit, but that’s exactly what I ended up doing. Read part one of this series on ASUS here. I had recently spent a lot of hours trawling through decompiled C/C++ code in part one so I wanted something a little easier to read.

This meant looking for executables made using C# since its decompilation creates a near perfect replica of the original code including file, function and variable names. My main concern was that these encrypted credentials may have unnecessarily permissive scopes that could facilitate malicious use if put in the wrong hands. This turned out to be true as the hard coded credentials had administrator level / unrestricted permissions that could be abused to access the information of any ASUS account.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of users

users

Photo of information

information

Photo of asuspicious flaw

asuspicious flaw

Related news:

News photo

Google introduces AI mode to users in India

News photo

Musk’s attempts to politicize his Grok AI are bad for users and enterprises — here’s why

News photo

Tesla Rolls Out Robotaxi in Austin to Handful of Users

« FDA approves powerful HIV drug that nearly eliminated spread in clinical trials
New York Is Building a New Advanced Nuclear Power Plant to Supply a Million New Homes... or One Artificial Intelligence Data Center »