Your WD networked drive is vulnerable to remote attacks
If you have one of Western Digital’s My Cloud nstorage drives, you might be particularly vulnerable to internet attacks. Exploitee.rs has discovered a number of unpatched security flaws in most My Cloud models that let remote intruders bypass the login, insert their own commands and upload files without permission. In numerous cases, it’s a matter of poorly implemented scripts. Also, every command exectued through the web interface has full access to the operating system — an attacker would have the keys to the kingdom.
The kicker? WD did fix one login bypass flaw through a firmware update, but it introduced another in the process.
We’ve asked WD for its take on the situation and will let you know if it has a response. However, the Exploitee.rs team says it’s revealing these pre-patch bugs to the public because of WD’s “reputation within the community.” Supposedly, the company doesn’t pay attention to the seriousness of security flaws — this open disclosure is a way of pressuring WD into action. True or not, you may not want to allow internet access to your My Cloud gear unless it’s absolutely necessary.
(63)
