ASUS and Trend Micro Data Collection

Through the years, I can’t even begin to tell you how many times I’ve gotten into a conversation about privacy, only to have the other person say “I have nothing to hide, so let them spy on me.” I don’t even bother arguing with them anymore, and usually just smile and nod as if I’m agreeing with them so they will just stop talking. If you are one of those people, just leave this webpage now. There is nothing here for you. For those that do care, and know that way too much information is being collected from us by governments and corporations, then stick around.

Here’s the straw that broke the proverbial horse’s back, for me …

A few years back, I bought an ASUS RT-AC1900P because it had what I perceived to be some pretty good protection capabilities. They had teamed up with Trend Micro to provide content filtering, quality of services, and a few other cool features for a cheap price. It was very easy to set up as well. I loved the QoS capabilities, parental controls and being able to schedule downtime for internet connected devices (kids).

All was fine until I downloaded the newest firmware and installed it. After a reboot, I had to re-enable the content filtering and was prompted by a end user license agreement to which I had to accept, otherwise the functionality would be turned back off. After only reading the first few sentences within the agreement, I was shocked. It talked about how they were openly collecting my data and sending it back to their servers for analysis. They were also sharing it with 3rd Paty organizations. I did some additional searching on the internet and found the full user license agreement … omg. You too can read it here: TrendMicro.

I’ll give them props for not trying to disguise what they are doing with legalese, but I’m shocked anyone would agree to this. This is a cut-and-paste from their own website:

You provide the following types of information and personal data when you use and 
interact with our products and services, including customer support. The specific 
information and personal data that you provide will depend on the particular product 
or services used. Providing these types of information and personal data enables you 
to participate, share and leverage Trend Micro’s global database of threat related 
intelligence to rapidly identify and defend against potential threats within your 
unique network environment, as described in more detail below as well as enabling 
us to provide support that you request.

    (1) Product information, such as MAC address, device ID
    (2) Public IP address of the user’s gateway to the Internet
    (3) Mobile/PC environment
    (4) Metadata from suspicious executable files
    (5) URLs, Domains and IP addresses of websites visited
    (6) Metadata of client/device managed by gateway product
    (7) Application behaviors
    (8) Customer behavior
    (9) Information from suspicious e-mail, including sender and receiver 
    email address, and attachments
    10) Detected malicious file information
    11) Detected malicious network connection information
    12) Debug Logs
    13) Network Architecture/Topology
    14) Screen capture of errors

In essence, they can capture whatever they want off any of your devices, whenever they want.

I shut down all the services I had grown to love and never turned them back on. But then I got to wondering … are they still collecting data, or not? I performed a packet capture and there is still traffic going out to Trend Micro. I’m not sure if it’s query for firmware updates or passing data. More testing needs to be done, but it is most certainly phoning home for something.

This ultimately led me on a journey to install the opensource and free firewall, IDS and IPS product called pfSense, along with the pfBlockerNG and Suricata packages on an old computer I had lying around. I also configured the DNS Blocker (DNSBL).

Here are the DNS entries for DNSBL (i.e.; these appear to be the addresses collecting your data at trend micro):

fbsv1.trendmicro.com
fbsv2.trendmicro.com
ntd-asus-2014b-en.fbs20.trendmicro.com
gslb1.fbs.trendmicro.com.akadns.net
rgom10-en.url.trendmicro.com
trendmicro.com.edgesuite.net
slb1.fbs.trendmicro.com.akadns.net
activeupdate.trendmicro.co.jp
backup21.url.trendmicro.com
wrs.trendmicro.com
e5110.dscd.akamaiedge.net
dlcdnets.asus.com
wideip-dlcdnets.isoi.asia
dlcdnets-ds.asus.com.edgekey.net

You wouldn’t believe how much of your private information is being transmitted back to Microsoft, Apple, Sumsung, advertising companies, Trend Micro, etc. You thought you secured Windows 10 by modifying the security options within Settings? Think again. It’s still transmitting back a ton of information about what you do, visit, type, say and if you have a camera … see.

And that’s just scratching the surface.