WASHINGTON (Legal Newsline) — The Federal Trade Commission (FTC) has reached an agreement with ASUSTeK Computer Inc. over allegations of critical security flaws in the company’s products.
The complaint alleges the Taiwan-based computer hardware maker had major flaws in its in routers, putting the home networks of thousands of consumers at risk. Additional complaints state the company’s “cloud” services were insecure as well, exposing the personal information of consumers on the internet.
“The Internet of Things is growing by leaps and bounds, with millions of consumers connecting smart devices to their home networks,” said Jessica Rich, director of the FTC’s Bureau of Consumer Protection. “Routers play a key role in securing those home networks, so it’s critical that companies like ASUS put reasonable security in place to protect consumers and their personal information.”
The proposed consent order mandates that ASUS establish and maintain a better, more comprehensive security program. This program must be subject to independent audits for the next 20 years.
ASUS marketed its routers as having certain security features that would “protect computers from any unauthorized access, hacking, and virus attacks” and “protect [the] local network against attacks from hackers.” The FTC alleges that despite these promises, the company failed to actually secure the software.