Friday, July 9, 2021

Another Western Digital 0-Day

Brian Krebs (Hacker News):

But there is a similarly serious zero-day flaw present in a much broader range of newer Western Digital MyCloud network storage devices that will remain unfixed for many customers who can’t or won’t upgrade to the latest operating system.

At issue is a remote code execution flaw residing in all Western Digital network attached storage (NAS) devices running MyCloud OS 3, an operating system the company only recently stopped supporting.

[…]

But according to Domanski, OS 5 is a complete rewrite of Western Digital’s core operating system, and as a result some of the more popular features and functionality built into OS3 are missing.

[…]

Domanski said MyCloud users on OS 3 can virtually eliminate the threat from this attack by simply ensuring that the devices are not set up to be reachable remotely over the Internet. MyCloud devices make it super easy for customers to access their data remotely, but doing so also exposes them to attacks like last month’s that led to the mass-wipe of MyBook Live devices.

Western Digital remains my favorite brand for bare hard drives. They have consistently good reliability, prices, and quiet operation. But we keep being reminded to stay away from their software.

Previously:

1 Comment RSS · Twitter

It now seems odd to me that anyone would expose data to the capital-I Internet via any means other than an open source server geek whose livelihood depends on keeping up with security issues.

Leave a Comment