A hacker could potentially brick your NAS The researchers found that they could get into a Cloud OS 3 device by remotely updating it with modified firmware. The firmware update functionality is meant to be accessible only to authenticated users, but they were able to get around that because the NAS seemingly has a user on it with a blank password, which they were able to use to authenticate in some cases.
There’s also the possibility that some users won’t be able to upgrade to Cloud OS 5. According to WD’s supported devices page, the updated software isn’t available for the MyCloud EX2, EX4, or certain versions of the My Cloud and My Cloud Mirror. If you own a device that can’t be updated to Cloud OS 5, WD’s advice is to upgrade to one that can. The other option, according to a statement WD gave to Comparitech last year, is to turn off remote dashboard access to the device. Their version of the exploit allows them to carry out commands on the NAS, but other versions could be used for any number of nefarious purposes. Also, because the hack exploits the firmware update function, a hacker could purposefully or even accidentally brick the device. The researchers have built their own custom security patch, but it has to be re-applied to the device every time it reboots. You can see more details about it in a video they made explaining the exploit.
While the vulnerability found by the researchers seems especially egregious, it may not be the only one out there — WD’s post recommending people upgrade to Cloud OS 5 says that it defends against entire classes of attacks. With that in mind, if you own a device that can’t run the new OS, it’s probably time to think about an upgrade, either to one of WD’s new devices, or to another NAS option.
The News Highlights
- Another day, another WD security hole
- Check the latest world news updates and information about business, finance, technology and more.
- Check the latest update on tech news
For Latest News Follow us on Google News
- Show all
- Trending News
- Popular By week