Latest in Gear

Image credit: WD

Your WD networked drive is vulnerable to remote attacks

The My Cloud line has some conspicuous security holes.
1144 Shares
Share
Tweet
Share
Save

Sponsored Links

WD

If you have one of Western Digital's My Cloud nstorage drives, you might be particularly vulnerable to internet attacks. Exploitee.rs has discovered a number of unpatched security flaws in most My Cloud models that let remote intruders bypass the login, insert their own commands and upload files without permission. In numerous cases, it's a matter of poorly implemented scripts. Also, every command exectued through the web interface has full access to the operating system -- an attacker would have the keys to the kingdom.

The kicker? WD did fix one login bypass flaw through a firmware update, but it introduced another in the process.

We've asked WD for its take on the situation and will let you know if it has a response. However, the Exploitee.rs team says it's revealing these pre-patch bugs to the public because of WD's "reputation within the community." Supposedly, the company doesn't pay attention to the seriousness of security flaws -- this open disclosure is a way of pressuring WD into action. True or not, you may not want to allow internet access to your My Cloud gear unless it's absolutely necessary.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
1144 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's 2019 Back-to-School Guide

Engadget's 2019 Back-to-School Guide

View
Watch and listen to THX's new Deep Note trailer with spatial 3D audio

Watch and listen to THX's new Deep Note trailer with spatial 3D audio

View
Facebook loses Oculus executive who led its mobile VR efforts

Facebook loses Oculus executive who led its mobile VR efforts

View
YouTube is removing its direct messaging feature in September

YouTube is removing its direct messaging feature in September

View
Walmart sues Tesla after solar panels catch fire at stores

Walmart sues Tesla after solar panels catch fire at stores

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr