Home Hacking Hackers Can Access Your Western Digital My Cloud Device

Hackers Can Access Your Western Digital My Cloud Device

2 min read
0
0

Hackers Can Access Your Western Digital My Cloud Device

According to researchers at VerSprite says that, Western Digital’s My Cloud NAS (Network Attached Storage) hard drive can be hacked by local or remote attackers.

This device is getting good sales in market, since it is very easy to use and carry. This device is available in 2TB, 3TB, 4TB and 6TB starting from $97 and on. This device has password protection with hardware encryption.

Western Digital device runs a version of Debian Linux, which allow the users to interact with the device using two methods

  1. Web-accessible UI (http://wdmycloud.local/UI/)
  2. RESTful API (http://wdmycloud.local/api/)

Researchers were able to find two major flaw in this device

  1. Command injection issue
  2. Cross-site request forgery (“CSRF”) vulnerability

This video is a demonstration of the command injection vulnerability in the Western Digital My Cloud NAS. It shows that it is possible to remotely access every folder and file on the NAS regardless of permissions.

Western Digital My Cloud with firmware versions 04.01.03-421 and 04.01.04-422 are vulnerable to the two major flaws, and patches have already been made and launched after few days by the company.

Load More Related Articles
Load More In Hacking

Leave a Reply

Your email address will not be published. Required fields are marked *

Check Also

New Cold Boot Attacks Can Evade Current Mitigations

New Cold Boot Attacks Can Evade Current Mitigations Many people tend to put laptops to ‘Sl…