Why does Asus AiProtection require my email pwd?

[gaaah]

Hi, I just got the new Asus Blue Cave router and I thought I'd try the AiProtection feature. It is advertised as able to send you email alerts when something fishy is detected. In setting that up it's obvious it needs my email address, but then it also asks for my email password. What's up with that? It's supposed to send me an email, not read my email. ????

 

[Paul NZ]

I suppose it needs to look to see if anything is fishy. And it cant do that if it cant log in

 

[Roland Of Gilead]

hmmm, looking at the specs, and capablilties, it seems it may ask you for a password, so as to determine the strength of the password. Maybe it needs the password to send the email from your own address, although surely it's an automated system, and would send from an Asus server as an alert!? It's a bit of a weird one. It might be an idea to give the Asus support desk a call, and just ask. I'm sure they can answer definitively, rather than us speculating.

I can't be sure, as the specs and support info don't really explain why that might be needed.

With that said, it looks like a decent well thought out, highly secure Home Router. I would consider getting one.

 

[Ralston18]

See no reason why the email password would be needed.

One exception being you may be being asked to allow the router and/or the AiProtection software to login to some particular email account in order to send out email alerts.

That is still quite a stretch in my mind....

Overall very much agree that providing your email password does not make sense.

Take a closer look at the installation process and fine print.

Make sure that you did not get or install an earlier version (beta) with a bug or typo....

And contact the vendor - they should be able to offer some explanation.

 

[rgd1101]

https://www.asus.com/support/FAQ/1010064/
look like for some reason using pop3/smtp settings?

 

[gaaah]

I have a case open with Asus, will try to remember to post here when and if I get an answer.

 

[gaaah]

Please see my thread at the Asus ROG forums for the answer...

"https://rog.asus.com/forum/showthread.php?100061-Asus-AiProtection-requires-email-password"

 

[Ralston18]

Very confused here. I went to the link and was promptly booted out.

There is no reason, as I understand it all, that a sender would need your email account password to simply send you an email of any sort.

And there is likewise no need, for the sender to use your email account via your password to send you an email of any sort.

Please be very cautious.....

Something is wrong.

 

[rgd1101]

The alert email send from the router itself, not from asus

 

[gaaah]

I think rdg1101 is right. I don't think the email comes from TrendMicro (which is behind the scenes re AIProtection)... and in order for the router to send an email it needs to be logged into an email account, hence the password.

Still I'm not going to want my email password burned into my router firmware, esp because I think it is stored in plaintext. The guy over at the ROG forum suggested I set up a separate dedicated email account. Nah, too much fuss. I've turned on AIProtection but I'm going to forego the email alerts. I think I read that one reviewer thought that the actual alerts he received were a bit underwelming anyway.

 

[bill001g]

It depends what part of aiprotection features you wanted to use. I am kinda surprised they try to market this since HTTPS has killed off a lot of the abilities even on the large commercial appliances. Since it is getting to the point that almost all traffic is encrypted devices in the middle can't do "deep packet inspection". They are limited to looking at IP addresses which also mean very little because of virtual hosting services like akaimai.

Attacks coming in from the internet you can do nothing about anyway other than drop the traffic so it really doesn't matter if you get alerts or not as long as the traffic is dropped.

 

[Ralston18]

I am still curious about the "email".

I have set up a couple of things to provide email notices when problems occur. Really do not remember ever providing those devices my email account and password information per se. Just an email address.

The devices had their own access to some email system - most likely by "phoning home" the problem and some server then generating and sending the warning email to the email address on record.

Sort of stopped doing such things as some of those accounts also included lots of other "informational" emails that were, of course, authorized by me when I requested the desired email notifications.

A family member currently has a wearable health device. 2 or 3 emails per day it now seems.... Creating a rule to put those emails all straight into the trash.

Not quite the same as problem notifications - still the process is easily abused.

 

[Roland Of Gilead]

I am still curious about the "email".

I have set up a couple of things to provide email notices when problems occur. Really do not remember ever providing those devices my email account and password information per se. Just an email address.

The devices had their own access to some email system - most likely by "phoning home" the problem and some server then generating and sending the warning email to the email address on record.

Sort of stopped doing such things as some of those accounts also included lots of other "informational" emails that were, of course, authorized by me when I requested the desired email notifications.

A family member currently has a wearable health device. 2 or 3 emails per day it now seems.... Creating a rule to put those emails all straight into the trash.

Not quite the same as problem notifications - still the process is easily abused.

on top of that, what if the router is compromised, the attacker has access to the owners account. I'm genuinely scratching my head about the logic behind it

 

[USAFRet]

It almost certainly wants to send an email as you.

My QNAP NAS asks for the same thing.