WESTERN DIGITAL has fallen foul of another security vulnerability in its WD MyCloud range of NAS drives which could give backdoor access to hackers.
Dutch security researcher Remco Vermeulen claims that his discovery remains unpatched a full year and more after the flaw was first reported and has decided to go public.
260 days ago I responsibly disclosed a privilege escalation in the WD MyCloud. Unfortunately @WDCreators doesn't take security very seriously. After the recent public disclosure of Gulftech I decided to disclose my finding. @TheHackersNews #MyCloud #FullDisclosure pic.twitter.com/aEerGZpybU— Remco Vermeulen (@RemcoVermeulen) January 10, 2018
Described as an "authentication bypass vulnerability" (because it is), it allows hackers to take admin rights to the drive before they have even logged in. Then with a bit of flippery-pokery create a reverse shell that gives them access to the files.
Remco Vermeulen wasn't alone in spotting it and reporting it.
We contacted WD about the same vuln and even publicly disclosed it at DEFCON 25 last year (as well as the https://t.co/CdqUCdgpCq wiki). Western Digital refused to acknowledge or fix the finding, so I went as far as to write a @metasploit module for it. https://t.co/oeOxsWeTo4— Exploitee.rs (@Exploiteers) September 18, 2018
Techspot reports that WD has finally said that it is working on a "scheduled firmware update that will resolve the issue," with concerned users advised to report it to the support team. Who will doubtless tell them that there will be a "scheduled firmware update that will resolve the issue,".
Western Digital's track record on NAS vulnerabilities is less than stellar, and given how high profile the range is, when these things come up, especially with the revelation that vulnerabilities have been there for a year on devices often favoured by small to medium businesses, the repeated apathy is a concern. μ
Not exactly 'Think Different'
Coming tomorrow: Bug report Thursday
Privacy-aware office worker slams 'authoritarian' AFR tech