Washington, DC - After a public comment period, the Federal Trade Commission has approved a final order resolving the Commission’s complaint against ASUSTeK Computer, Inc., charging that critical security flaws in its routers put the home networks of hundreds of thousands of consumers at risk.
The settlement was first announced in February 2016. In its complaint, the FTC alleged that ASUS failed to take reasonable steps to secure the software on its routers, despite making promises to consumers about their security.
Under the terms of the consent order, ASUS is required to establish and maintain a comprehensive security program subject to independent audits for the next 20 years. In addition, ASUS must notify consumers about software updates or other steps they can take to protect themselves from security flaws, including through an option to register for direct security notices (e.g., through email, text message, or push notification).
The consent order also prohibits the company from misleading consumers about the security of the company’s products, including whether a product is using up-to-date software.
The Commission vote to approve the final order and letters to commenters was 3-0.