Western Digital My Cloud NAS Drives Susceptible To Serious Remote Root Exploits

by Brandon Hill — Monday, March 06, 2017, 12:09 PM EDT

If you have a Western Digital My Cloud device, you might want to perk up and pay attention. Security researchers have discovered that the family of network-attached storage (NAS) drives are susceptible to some rather nasty remote exploits, and they thus far have not been [properly] patched by Western Digital.

The first issue that researcher zenofex discovered is Western Digital’s sloppy use of scripts to authenticate users. The company uses cookies for authentication, but the way the process was implemented allows for an attacker to specially "bake" cookies to meet compliance. “Any time there is a login check within the PHP scripts, an attacker is able to bypass the check by supplying 2 specially crafted cookie values,” writes zenofex.

But here’s the kicker; during his research, zenofex discovered that Western Digital had rolled out a firmware update to resolve this issue. But with that step forward, the company took another step (or two) backwards, with the researcher writing, “This patch introduced a new vulnerability which had the same consequences as the original.” Sheesh!

Other issues found include command injection bugs and one rather curious flaw that would allow a user that hasn’t been authenticated to upload files onto a My Cloud NAS. “Our general goal at Exploitee.rs is to get bugs fixed as quickly as possible,” writes zenofex. “However, the large number of severe findings means that we may need to re-evaluate the product after the vendor has properly fixed the released vulnerabilities.”

The above exploits were discovered on a My Cloud PR4100, but should be applicable to the entire My Cloud family. We should also note that it’s typically prudent for a researcher to reveal security flaws first to a product’s vendor, and give them a reasonable amount of time to release a fix to the public. However, Exploitee.rs decided to essentially pull Western Digital’s underwear down in public due to its history of foot-dragging when exploits are brought to its attention.

Zenofex states that after learning Western Digital received a “Pwnie for Lamest Vendor Response” at BlackHat Vegas due to its decision to completely ignore a number of severe bugs that were reported, Exploitee.rs decided to air all of Western Digital’s dirty laundry to the public immediately. “Through this process, we’re fully disclosing all of our research and hoping that this expedites the patches to users’ devices,” adds zenofex.

The ball is now in your court, Western Digital.

Tags: Western Digital, NAS, (NASDAQ:WDC), my cloud

Brandon Hill

Brandon received his first PC, an IBM Aptiva 310, in 1994 and hasn’t looked back since. He cut his teeth on computer building/repair working at a mom and pop computer shop as a plucky teen in the mid 90s and went on to join AnandTech as the Senior News Editor in 1999. Brandon would later help to form DailyTech where he served as Editor-in-Chief from 2008 until 2014. Brandon is a tech geek at heart, and family members always know where to turn when they need free tech support. When he isn’t writing about the tech hardware or studying up on the latest in mobile gadgets, you’ll find him browsing forums that cater to his long-running passion: automobiles.

Opinions and content posted by HotHardware contributors are their own.

Which New GPU Is For You?

Stay updated with the latest news and updates. Subscribe to our newsletter!

Subscribe Now