CATEGORIES
home News

Western Digital My Cloud NAS Drives Susceptible To Serious Remote Root Exploits

by Brandon HillMonday, March 06, 2017, 12:09 PM EDT

If you have a Western Digital My Cloud device, you might want to perk up and pay attention. Security researchers have discovered that the family of network-attached storage (NAS) drives are susceptible to some rather nasty remote exploits, and they thus far have not been [properly] patched by Western Digital.

The first issue that researcher zenofex discovered is Western Digital’s sloppy use of scripts to authenticate users. The company uses cookies for authentication, but the way the process was implemented allows for an attacker to specially "bake" cookies to meet compliance. “Any time there is a login check within the PHP scripts, an attacker is able to bypass the check by supplying 2 specially crafted cookie values,” writes zenofex.

My Cloud PR4100

But here’s the kicker; during his research, zenofex discovered that Western Digital had rolled out a firmware update to resolve this issue. But with that step forward, the company took another step (or two) backwards, with the researcher writing, “This patch introduced a new vulnerability which had the same consequences as the original.” Sheesh!

Other issues found include command injection bugs and one rather curious flaw that would allow a user that hasn’t been authenticated to upload files onto a My Cloud NAS. “Our general goal at Exploitee.rs is to get bugs fixed as quickly as possible,” writes zenofex. “However, the large number of severe findings means that we may need to re-evaluate the product after the vendor has properly fixed the released vulnerabilities.”

The above exploits were discovered on a My Cloud PR4100, but should be applicable to the entire My Cloud family. We should also note that it’s typically prudent for a researcher to reveal security flaws first to a product’s vendor, and give them a reasonable amount of time to release a fix to the public. However, Exploitee.rs decided to essentially pull Western Digital’s underwear down in public due to its history of foot-dragging when exploits are brought to its attention.

Zenofex states that after learning Western Digital received a “Pwnie for Lamest Vendor Response” at BlackHat Vegas due to its decision to completely ignore a number of severe bugs that were reported, Exploitee.rs decided to air all of Western Digital’s dirty laundry to the public immediately. “Through this process, we’re fully disclosing all of our research and hoping that this expedites the patches to users’ devices,” adds zenofex.

The ball is now in your court, Western Digital.

Tags:  Western Digital, NAS, (NASDAQ:WDC), my cloud
TOP CONVERSATIONS
Your Next PC Platform?
More Results
KEEP INFORMED
SITE

Home

Reviews

News

Blogs

Full Site

Sitemap

CATEGORIES

PC Components

Systems

Mobile

IT Infrastructure

Leisure

Videos

COMPANY

About

Advertise

News Tips

Contact

Privacy And Terms

HotTech

MORE

Accessibility

Shop

STAY CONNECTED

Twitter

Facebook

YouTube

RSS

As an Amazon and Howl Technologies Associate, HotHardware earns a commission from qualifying purchases made on this site. This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or his associates. All products and trademarks are the property of their respective owners. Reproduction in whole or in part, in any form or medium, without express written permission of Hot Hardware, Inc. is prohibited. All content and graphical elements are Copyright © 1999 - 2024 David Altavilla and Hot Hardware, Inc.
All rights reserved. Privacy and Terms - Accessibility Commitment