Hackers Can Access Your Western Digital My Cloud Device

  • 1
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    1
    Share

According to researchers at VerSprite says that, Western Digital’s My Cloud NAS (Network Attached Storage) hard drive can be hacked by local or remote attackers.

This device is getting good sales in market, since it is very easy to use and carry. This device is available in 2TB, 3TB, 4TB and 6TB starting from $97 and on. This device has password protection with hardware encryption.

Western Digital device runs a version of Debian Linux, which allow the users to interact with the device using two methods

  1. Web-accessible UI (http://wdmycloud.local/UI/)
  2. RESTful API (http://wdmycloud.local/api/)

Researchers were able to find two major flaw in this device

  1. Command injection issue
  2. Cross-site request forgery (“CSRF”) vulnerability

This video is a demonstration of the command injection vulnerability in the Western Digital My Cloud NAS. It shows that it is possible to remotely access every folder and file on the NAS regardless of permissions.

Western Digital My Cloud with firmware versions 04.01.03-421 and 04.01.04-422 are vulnerable to the two major flaws, and patches have already been made and launched after few days by the company.

The following two tabs change content below.

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

William Fieldhouse

I currently work full time as a penetration tester and have been involved within the IT security industry for over a decade. I also love to pioneer any forms of new technology and ideologies for future advancements. Feel free to contact me at [email protected]

Leave a Reply