Factual one week after tool vulnerabilities left WD My Book Are residing users with hacked and formatted storage drives, a newly learned exploit is threatening Western Digital’s My Cloud devices. This exploit, which permits hackers to carry out instructions or brick My Cloud NAS objects, affects all products working the Cloud OS 3 tool, of which there are a vary of.
Researchers Radek Domanski and Pedro Ribeiro learned that they would possibly be able to even remotely safe admission to a My Cloud 3 instrument by pumping it with modified firmware. This isn’t a very advanced task—yes, Cloud OS 3 devices require login credentials to create a firmware update, but Domanski and Ribeiro learned that some WD NAS devices own a hidden shopper that isn’t safe by a password.
Now, it’s price pointing out that WD’s Cloud OS 3 is an outdated working machine. Most folk the employ of Western Digital NAS objects gather the chance to update to Cloud OS 5, which defends against several “classes of attacks,” in step with Western Digital.
Western Digital advises all of its potentialities to update to the Cloud OS 5 working machine, because it goes to also light. Nonetheless many refuse to pork up because Cloud OS 5 is lacking parts which would possibly maybe maybe be available in Cloud OS 3, in conjunction with the flexibility to manage recordsdata all over diversified NAS devices.
Prospects can even gather sold their My Cloud NAS unit for parts which would possibly maybe maybe be lacking in Cloud OS 5, so that you just would maybe maybe also’t blame them for refusing to pork up. On the different hand, you can blame Western Digital for now no longer sending out security patches for Cloud OS 3. Not completely carry out some potentialities take the older OS, but devices relish the MyCloud EX2 and EX4 can not update to the more moderen Cloud OS 5.
As soon as you have a NAS instrument working Cloud OS 3, that you just would maybe maybe also light doubtlessly chunk the bullet, pork as a lot as the recent OS, and safe a further backup to your recordsdata lawful in case one thing gruesome occurs. Western Digital clearly can’t be trusted to take care of instrument security severely, and hackers are likely browsing for label recent ideas to compose adjust over Western Digital NAS objects.
Source: Krebs on Security thru The Verge