This is a Fast-Air Tech Talk security notice. The Tech Talk security notice is a free service for all Fast-Air customers. Please suggest security notice topics.
Software vulnerabilities were revealed with Western Digital “My Cloud” network attached storage devices. The My Cloud devices are common consumer data storage devices.
The vulnerabilities include a hard-coded backdoor that is easy to exploit remotely. Unprivileged remote access means anybody can remotely browse files and data stored on affected My Cloud devices to gain sensitive and private information. Remotely exploiting the devices is possible through scripting in a web browser.
WD Patches Backdoor Security Flaw in My Cloud NAS Devices
Western Digital ‘My Cloud’ devices have a hardcoded backdoor
Unpatched My Cloud devices should be disconnected from networks until patched. Firmware patches and respective instructions are available at the Western Digital web site:
Updating the firmware on a My Cloud device
- Free Gift Phishing Scams (Notice 2020-001) - January 15, 2020
- Tech Support Phone Scam (Notice 2019-001) - March 14, 2019
- VPNFilter Router Malware (Notice 2018-007) - May 30, 2018