in

Another WD exploit surfaces, permits distant set up of modified NAS firmware

"use strict"; var adace_load_61439e863a162 = function(){ var viewport = $(window).width(); var tabletStart = 601; var landscapeStart = 801; var tabletEnd = 961; var content = '%09%3Cdiv%20class%3D%22adace_ad_61439e863a144%22%3E%0A%0A%09%09%0A%09%09%09%0A%09%09%09%3Cscript%20async%20src%3D%22https%3A%2F%2Fpagead2.googlesyndication.com%2Fpagead%2Fjs%2Fadsbygoogle.js%22%3E%3C%2Fscript%3E%0D%0A%3C%21--%20Ad1%20--%3E%0D%0A%3Cins%20class%3D%22adsbygoogle%22%0D%0A%20%20%20%20%20style%3D%22display%3Ablock%22%0D%0A%20%20%20%20%20data-ad-client%3D%22ca-pub-1901661950726093%22%0D%0A%20%20%20%20%20data-ad-slot%3D%227951881710%22%0D%0A%20%20%20%20%20data-ad-format%3D%22auto%22%0D%0A%20%20%20%20%20data-full-width-responsive%3D%22true%22%3E%3C%2Fins%3E%0D%0A%3Cscript%3E%0D%0A%20%20%20%20%20%28adsbygoogle%20%3D%20window.adsbygoogle%20%7C%7C%20%5B%5D%29.push%28%7B%7D%29%3B%0D%0A%3C%2Fscript%3E%0A%09%09%09%3C%2Fdiv%3E%0A%09'; var unpack = true; if(viewport=tabletStart && viewport=landscapeStart && viewport=tabletStart && viewport=tabletEnd){ if ($wrapper.hasClass('.adace-hide-on-desktop')){ $wrapper.remove(); } } if(unpack) { $self.replaceWith(decodeURIComponent(content)); } } if($wrapper.css('visibility') === 'visible' ) { adace_load_61439e863a162(); } else { //fire when visible. var refreshIntervalId = setInterval(function(){ if($wrapper.css('visibility') === 'visible' ) { adace_load_61439e863a162(); clearInterval(refreshIntervalId); } }, 999); }

})(jQuery);

Western Digital simply can’t catch a break.

Yet one other safety flaw has surfaced for WD NAS (network-attached storage) house owners. This time round, the flaw impacts My Cloud OS 3 units. It permits malicious actors to entry a tool and set up modified firmware able to executing instructions, bricking the machine or worse.

Security researchers Pedro Ribeiro and Radek Domanski (through KrebsOnSecurity) detailed the vulnerability and remotely updating WD NAS units with modified firmware in a video.

Typically, firmware updates are solely accessible to authenticated customers. However, the researchers discovered that the NAS appears to have a consumer on it with a clean password, which in some circumstances allowed the researchers to authenticate and set up the modified firmware.

Worse, WD’s recommendation on the matter is principally to replace to My Cloud OS 5 or purchase a tool with My Cloud OS 5. The firm describes My Cloud OS 5 as a “major and fundamental security release” that revamps the structure of My Cloud firmware and defends towards “common classes of attacks.”

[embedded content]

Even if My Cloud OS 5 is as safe as WD claims, it’s not precisely an choice for all customers. For one, many have averted updating to My Cloud OS 5 as a result of it lacks a number of options and features from My Cloud OS 3. For others, the My Cloud OS 5 replace isn’t accessible for his or her machine (you could find a full listing of supported units right here). Others have encountered difficulties performing the improve, whereas some individuals simply could not have the cash or time to modify their WD NAS.

Unfortunately, WD has additionally made it clear it doesn’t plan to replace My Cloud OS 3 with safety patches, which leaves many NAS house owners caught.

Ultimately, it’s a messy state of affairs. For these caught with a MyCloud OS 3 machine, both as a result of they’ll’t replace, received’t replace or can’t improve, there’s principally one answer WD has provided: disable the distant dashboard entry. WD gave the recommendation in a assertion to Comparitech final 12 months, together with a hyperlink to directions for doing so.

If you’ll be able to afford to improve to a brand new NAS, which may be the most effective plan of action. Plus, it’d offer you an opportunity to maneuver away from WD, which has had a string of latest safety points associated to its storage options.

Source: KrebsOnSecurity, Comparitech Via: The Verge

What do you think?

Written by Gideon

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

Loading…

0