Western Digital NAS System Vulnerabilities: Fix Not Planned

Hard disk manufacturer Western Digital It does not come out of the headlines. after this two holes Make sure that some users They lost all their dataNow, a new security issue has become known. security expert Brian Krebs mentioned by one weakness pointwho preferred the program My Cloud OS3 company. This is an operating system for network attached storage solutions (Network Attached Storage – NAS) the company.

What is particularly deceptive about the vulnerability is that Western Digital has no plans to fix it. At the request of Engadget The company only advises that the bug is in the latest version My Cloud OS5 It has been fixed. The problem is that not all devices support upgrading to OS5 – so many owners of older devices have had bad luck, so to speak.

The vulnerability was discovered by security researchers a few months ago Radek Domansky And the Pedro Ribeiro. Allows malicious code to be smuggled. The base is a user account with low permissions, in which the password field can be left blank.

Western Digital did not respond at first

The two say they heard nothing from the company when they tried to contact the company about the vulnerability. Western Digital told Cancer that the researchers’ letter only stated that the company should contact cancer if they have any questions. “We had no questions and he didn’t answer,” a spokesman said. In the meantime, the guidelines have been changed so that each report is answered by the researcher. The plan to not fix the gap in the old firmware has not changed.

For this reason, researchers have their own patch Developed for MyCloud OS3 and publish it. However, the patch has one drawback: it must be turned on every time the device is restarted. Western Digital only says that the solution has not been evaluated and that no support can be provided for it.