The router maker is in trouble with the Feds again.
Tuesday’s settlement between the Federal Trade Commission and ASUS is the second time the U.S. government has been involved in action against the wireless router maker.
In 2013, NETGEAR sued ASUS, claiming it was shipping wireless routers that did not comply with FCC peak power limits. That suit was settled last March, with ASUS agreeing to a compliance plan requiring ASUS to file reports with the FCC for three years.
Tuesday’s consent agreement resulted from a February 2014 mass compromise of ASUS routers that allowed attackers to remotely log in, mess with router settings and, in some cases, gain access to networked devices. This time, the U.S. government took action directly, with the FTC filing a complaint against ASUStek itself.
The resulting punishment is worse than that of the NETGEAR case, with ASUS agreeing to immediately implement a "comprehensive security program" that will be subject to independent audits for the next 20 years.
So why did the Feds go after ASUS, when routers from other manufacturers have (or had) similar security flaws? No reports seem to explain why. But it’s obvious given the severity of the punishment, that router manufacturers best take note and get their security design and verification processes tightened up.