We live in times when hackers are threatened by a little smart microwaves or kettles with access to the network. So should we be surprised by the security gap in Western Digital My Cloud?
Probably not, although its simplicity may surprise us. Independent researchers from Exploitee.rs have just discovered that the code present on Western Digital’s My Cloud devices has a serious vulnerability, thanks to which each of us can easily break into data stored on any product from the My Cloud series. At least that’s what the discoverers say, who tested it on the WDBCTL0020HWT model and firmware version 2.30.172. For those who have never encountered these devices before, I already explain that these are NAS servers, which are popular among consumers due to their relatively low price.
However, the brand may suffer from a safety issue. The so far unpatched security gap in Western Digital My Cloud allows you to easily take control over the NAS server. With such admin rights, the fraudster can not only read the data, but also modify and delete it. If you want to know the details of how to perform such an attack, you can find them at securify.nl.