Just when you think it's safe

Submitted by Nick on Wed, 09/19/2018 - 15:11

I find it amazing how easily it is to connect to networked devices from anywhere these days. However, with more access comes more vulnerability. The latest from The Hacker News, shows just how easily it is to hack into Western Digital's My Cloud NAS devices. Securify researchers were able to break into one by simply applying a cookie value which designated the user as an admin that is already logged on without any type of authentication needed.

One would think that with a profile like Western Digital, they would have put a little more thought into securing devices that are meant to store many many terrabytes of data. Apparently they still don't think it's that big of an issue, as they were told about the vulnerability a little over a year and a half ago and they still haven't patched it.

A word of advice for all those reading this with a MyCloud device, disable the remote access options if you can and perhaps start shopping around for a new NAS device, as it would seem that Western Digital doesn't seem to care about all that data you're storing on it.