Get in touch now on

+61 7 3480 5121

Blog
Researcher finds hardcoded backdoor in Western Digital storage devices
08 January, 2018
This post was originally published on this site

Western Digital WD800 hard disk drive (80 GB storage capacity, date of manufacture: November 2002).

Western Digital network attached storage (NAS) devices have been found vulnerable to remote exploitation that would allow bad actors to download your private files at will.

Security researcher James Bercegay reveals in an advisory that an array of “My Cloud” NAS products from Western Digital are inherently vulnerable to attack because of a hardcoded backdoor that, if exploited properly, can allow a hacker to remotely access your photos, videos, and anything else on your NAS.

The technicalities are described in detail in Bercegay’s post over at GulfTech, but the gist of it is the firmware for WD’s My Cloud products has hardcoded user names and passwords. This, when used along with several other weaknesses, can allow an attacker to take control of the devices remotely, and access the data stored on them without permission.

WD’s My Cloud line of products is among the most popular NAS solutions, both for businesses and regular customers, so many users could be at risk of having their data compromised.

“As you can see in the … code, the login functionality specifically looks for an admin user named ‘mydlinkBRionyg’ and will accept the password of ‘abc12345cba’ if found. This is a classic backdoor,” Bercegay writes.

According to the researcher, an attacker simply needs to “login with the credentials” and, thanks to a separate bug in the system, they can get ahold of your NAS from a remote location.

Being LAN-bound doesn’t offer much more safety either. According to Bercegay, an attacker can direct the victim to a rigged website and make a request to the device using one of the many default hostnames for the WD My Cloud family of devices, such as “wdmycloud” and “wdmycloudmirror.”

“The triviality of

read more ...

What our
Clients say

Product Finder

Search for products that match of these criteria:

 + Add row
Price:
System Diagnostic

  • Do you have five or more computers?
  • Do you have a server?
  • Is your data critical to your business?
  • Do you think IT could perform better?
  • Are you concerned about your IT security?
  • Do you need to be kept up to date?
  • Would you like your IT maintained?
Product Finder

Search for products that match of these criteria:

 + Add row
Price:

FREE UPDATES



CONTACT US

Phone:07 3480 5121

Address: 8 - 37 Flinders Parade, North Lakes

QLD 4509 Australia

Post: PO Box 128, Burpengary

QLD 4505 Australia