Hackers Can Access Your Western Digital My Cloud Device

  • 1
  •  
  •  
  •  
  •  
  •  
  •  
  •  
    1
    Share

According to researchers at VerSprite says that, Western Digital’s My Cloud NAS (Network Attached Storage) hard drive can be hacked by local or remote attackers.

This device is getting good sales in market, since it is very easy to use and carry. This device is available in 2TB, 3TB, 4TB and 6TB starting from $97 and on. This device has password protection with hardware encryption.

Western Digital device runs a version of Debian Linux, which allow the users to interact with the device using two methods

  1. Web-accessible UI (http://wdmycloud.local/UI/)
  2. RESTful API (http://wdmycloud.local/api/)

Researchers were able to find two major flaw in this device

  1. Command injection issue
  2. Cross-site request forgery (“CSRF”) vulnerability

This video is a demonstration of the command injection vulnerability in the Western Digital My Cloud NAS. It shows that it is possible to remotely access every folder and file on the NAS regardless of permissions.

Western Digital My Cloud with firmware versions 04.01.03-421 and 04.01.04-422 are vulnerable to the two major flaws, and patches have already been made and launched after few days by the company.

The following two tabs change content below.

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Unallocated Author

Please note that the article you are reading has an unallocated author as the original author is no longer employed at latesthackingnews.com, this has been put in place to adhere with general data protection regulations (GDPR). If you have any further queries, please contact: [email protected]

Leave a Reply