PSA - ASUS warns of Cyclops Blink malware attacks targeting routers

"At this time, ASUS has not released new firmware updates to protect against Cyclops Blink but have released the following mitigations that can be used to secure devices:

Reset the device to factory default"

Seems like nonsense. Why would factory default mitigate this threat if there are no firmware updates?

alpovs wrote: ↑ "At this time, ASUS has not released new firmware updates to protect against Cyclops Blink but have released the following mitigations that can be used to secure devices:

Reset the device to factory default"

Seems like nonsense. Why would factory default mitigate this threat if there are no firmware updates?

seems like a way for them to say do this so it sounds like were trying to help but were just telling to u to do something that would be a waste of time.

aaron158 wrote: ↑ seems like a way for them to say do this so it sounds like were trying to help but were just telling to u to do something that would be a waste of time.

Yes. Especially when they stated: "The malware then receives a command to nest in the flash memory and establish permanent persistence, as this storage space doesn't get wiped even by factory resets."

Any word on a merlin update for this?

Good old Asus
You Never change.

Asus's MO with their longer lived products is in General this: Great when it's new year 1-2 constant and rapid updates with new features. Year 2-3 it's basically patches only. Years 3-5 critical patches if you're lucky. Year 5+ glhf if there's a bug you SOL.

To contrast Netgear still updates their nighthawks

Good thing I never updated my firmware so it sounds like im good with an older version lol. Also if there is no fix for it why would I upgrade my router to the latest firmware which is the vulnerable version. This whole thing seems odd as already mentioned above with the 'Reset to factory"

sickcars wrote: ↑ Good thing I never updated my firmware so it sounds like im good with an older version lol. Also if there is no fix for it why would I upgrade my router to the latest firmware which is the vulnerable version. This whole thing seems odd as already mentioned above with the 'Reset to factory"

I think the wording "Under" means any version older than xxxx.

For anyone curious:
The AC-87U launched 2014 is EOL. Last firmware update was May 2021 (surprisingly longer than I would have thought).
NightHawk R7000 launched 2013 last firmware update was Feb 16 2022.

Maybe it is time to consider pfsense or OPNsense routers.
Practically you invest once in a good hardware and you are good for very long time (pfsense started in 2006).

https://www.cvedetails.com/vendor/21847/Opnsense.html

https://www.cvedetails.com/vendor/11749/Pfsense.html

https://www.cvedetails.com/vendor/3447/Asus.html

... or Fresh Tomato?

poorwingman wrote: ↑ Any word on a merlin update for this?

poorwingman wrote: ↑ Any word on a merlin update for this?

Merlin firmware is based on the stock Asus firmware so there probably won't be a patch until Asus has a patch.

https://www.asuswrt-merlin.net/about

TE7 wrote: ↑ Maybe it is time to consider pfsense or OPNsense routers.
Practically you invest once in a good hardware and you are good for very long time (pfsense started in 2006).

https://www.cvedetails.com/vendor/21847/Opnsense.html

https://www.cvedetails.com/vendor/11749/Pfsense.html

https://www.cvedetails.com/vendor/3447/Asus.html

The software yes but still make sure you cherry pick the x86 soc. Not all offer aes crptyo otherwise its all on soc.I prefer openwrt for cake sqm vs f_codel used in pfsense/opensnse. Cake is the best traffic management.

But the reality is there is too too little opensource for ax wifi outside of some broadcom for asus and certain cherry devices under openwrt. Tomato and dd-wrt are basically dead done after AC wifi as no ax is expected for them so its Game over. Tomato has but 2 or 3 routers now that could traffic shape at 500 mbps? Thats ridiculous thats the bare min to buy today. Plus you need atleast 3 cores and they have to be high clocked or the soc has to be powerful. You can't rely on harware accel for routing at gigbait rates it has too much limitations with too little future as its all kernel support based and will die out sooner vs later. You need low power but still a powerful soc for gigabit rates on its own. You need multicore as aes runs on single core, traffic shaping will use atleast 2 cores(ingress/egress). So thats a third or 4th for other stuff like adblocking etc.

Router manufacturers are playing a stupid game with high turn over routers . Its bad. From jan to feb I saw atleast 4 or 5 routers all ax wifi 6 with open mesh support all for under 50 cad from amazon.com shipped. All shared the same specs and soc(BCM6755) as the $170 cad asus rt-ax56/55?? Crazy!! Some were as cheap as 35 cad shipped at times?? wtf is going on!! But they all had no firmware support anymore or just sdk crap?

The reality is opensource wifi router support have to change there ideology going forward. They have to concentrate on routing and porting more than wifi. They need to Stop focusing soley on wifi because there will always be affordable apps for that. Pfsense more so than opensense has to broaden its arm support and what opensense does support in arm is far too small a pool and needs to broaden.

Right now the cheapest bang for buck or should be the cheapest if not for a soc shortage is the rpi4 2gb. Its traffic shaping sqm_cake at gigabit rates includes docker support. Has arguably the biggest fan base for a single device at openwrt with some stellar builds and the reports are in of running stable for over +year now with a variety of solutions. But Its a quad a72 soc which eclipses basically most +200 buck arm routers. Its x86 territory. It has one flaw same as some x86 too. It has no aes crypto extensions. It has to do aes all on the soc if you want vpn.

Now the r4s2 from nanopi is a great choice dual gigabit with enclosure for 84 usd but the price is too high do to soc shortage. It was cheaper earlier and also has aes crypto support with higher rates than alot of x86 options.

The best question now is do you bother with the same old all in one wifi router solutions anymore?

Is it a great idea to run your nas/router/wifi/vpn/media server under one device? No!! One point of failure sucks. Share the load with multiple devices across your network is smarter and simpler and faster to fix and swap out/failover etc when needed. Its not really a different concept than keeping all your files on a single drive vs shared multiple drives.

lead wrote: ↑ The software yes but still make sure you cherry pick the x86 soc. Not all offer aes crptyo otherwise its all on soc.

You don't need AES crypto to run pfSense or OPNsense.

alpovs wrote: ↑ You don't need AES crypto to run pfSense or OPNsense.

of course not but its alot less taxing supporting it than not.

Mikrotik supports Cake

https://help.mikrotik.com/docs/display/ ... ueues-CAKE

Is this an issue on the WAN side or the LAN side?

I'm guessing that if you don't have remote administration enabled there shouldn't be an issue.