My Cloud has a Dangerous Backdoor
Recently, Security researchers have found a very hard-coded backdoor in Western Digital’s My Cloud NAS devices which allow attackers to gain unauthorized root access to the devices. Western Digital’s My Cloud is a very popular storage device which is used by many companies to save their files and it creates automatically backup and syncs them with various cloud
This device has very useful because it provides share files option from which the user can share any files from anywhere and at any time even when they are not in the home network. These devices have been formed for connected over the internet, the hard-coded backdoor leaves user data openly for hackers to access them easily.
GulfTech research and development team has recently published an detail information about these vulnerabilities present in the Western Digital My Cloud storage which allow hackers to inject their payloads easily to upload and download the sensitive data of the company.
James Bercegay of GulfTech tells vendor and report the issue in June last year. After confirmation of vendor about these vulnerabilities, they require a time period of 90 days before disclosure of these vulnerabilities. On 3rd January they publically announce about this vulnerability almost after 180 days.
Some of the attacks used by this vulnerability are:-
- Unrestricted File Upload leads to Remote exploitation
- Hard-Coded backdoor leads to Remote exploitation
- Cross-Site Request Forgery
- Command Injection
- Denial of service
- Information Disclosure
So, these all are the attacks, attackers do this on this Digital My Cloud storage. Now, the problem is fixed. So, there is no issue.