ASUS and TrendMicro Data Collection

I can’t even begin to tell you how many times I’ve gotten into a conversation about privacy, only to have the other person say “I have nothing to hide, so let them spy on me.” I don’t even bother arguing with them anymore, and usually just smile and nod as if I’m agreeing with them so they will just stop talking.

If you are one of those people, don’t bother reading this web page. There is nothing here for you. For those that do care, and know that way too much information is being collected from us by governments and tech giants, then stick around.

Here’s the straw that broke the proverbial camel’s back for me …

A few years ago, I bought an ASUS RT-AC1900P because it had what I perceived to be some pretty good web surfing protection. ASUS had teamed up with Trend Micro to provide content filtering, quality of services, and a few other cool features for a cheap price. It was very easy to set up as well. I loved the QoS capabilities, parental controls and being able to schedule downtime for internet connected devices (kids).

All was fine until I downloaded the newest firmware and installed it. After a reboot, I had to re-enable the content filtering and was prompted by an end user license agreement to which I had to accept, otherwise the functionality would be turned back off. After reading the first few sentences within the agreement, I was shocked. It talked about how they were openly collecting my data and sending it back to their servers for analysis. They were also sharing it with 3rd Party organizations. So, I did some additional searching on the internet and found the full user license agreement. You too can read it here: TrendMicro.

I’ll give them credit for not trying to disguise what they are doing with legalese, but I’m shocked anyone would agree to this. This is a cut-and-paste from their own website:

You provide the following types of information and personal data when you use and interact with our products and services, including customer support. The specific information and personal data that you provide will depend on the particular product or services used. Providing these types of information and personal data enables you to participate, share and leverage Trend Micro’s global database of threat related intelligence to rapidly identify and defend against potential threats within your unique network environment, as described in more detail below as well as enabling us to provide support that you request.”

(1) Product information, such as MAC address, device ID (2) Public IP address of the user’s gateway to the Internet (3) Mobile/PC environment (4) Metadata from suspicious executable files (5) URLs, Domains and IP addresses of websites visited (6) Metadata of client/device managed by gateway product (7) Application behaviors (8) Customer behavior (9) Information from suspicious e-mail, including sender and receiver email address, and attachments 10) Detected malicious file information 11) Detected malicious network connection information 12) Debug Logs 13) Network Architecture/Topology 14) Screen capture of errors

In essence, they can capture whatever they want off any of your devices, whenever they want.

I shut down all the services I had grown to love and never turned them back on. But then I got to wondering, are they still collecting data, or not? I performed a packet capture and there is still traffic going out to Trend Micro. I’m not sure if it’s query for firmware updates or still passing data. More testing needs to be done, but it is most certainly phoning home for something.

This ultimately led me on a journey to install the opensource and free firewall, IDS and IPS product called pfSense, along with the pfBlockerNG, DNS Blocker (DNSBL), and Suricata packages on an old computer I had lying around.

Here are the DNS entries for DNSBL (i.e.; these appear to be the addresses collecting your data at trend micro):

  • fbsv1.trendmicro.com
  • fbsv2.trendmicro.com
  • ntd-asus-2014b-en.fbs20.trendmicro.com
  • gslb1.fbs.trendmicro.com.akadns.net
  • rgom10-en.url.trendmicro.com
  • trendmicro.com.edgesuite.net
  • slb1.fbs.trendmicro.com.akadns.net
  • activeupdate.trendmicro.co.jp
  • backup21.url.trendmicro.com
  • wrs.trendmicro.com
  • e5110.dscd.akamaiedge.net
  • dlcdnets.asus.com
  • wideip-dlcdnets.isoi.asia
  • dlcdnets-ds.asus.com.edgekey.net

You wouldn’t believe how much of your private information is being transmitted back to Microsoft, Apple, Sumsung, advertising companies, Trend Micro, etc. You thought you secured Windows 10 by modifying the security options within Settings? Think again. Windows is still transmitting back to Microsoft a ton of information about what you do, visit, type, say and if you have a camera … see.

And that’s just scratching the surface.

Leave a Comment

weatherimagery