Press "Enter" to skip to content

Western Digital won’t fix a vulnerability found in older My Cloud OS3 storage devices

Owners of Western Digital community hooked up storage (NAS) devices could have one more safety headache on the horizon. Following the 2 flaws hackers exploited to , safety journalist Brian Krebs has on one other zero-day vulnerability that impacts Western Digital merchandise operating the company’s My Cloud OS3 software. What’s extra, it doesn’t seem there will likely be an official fix for individuals who don’t improve to a newer storage resolution.

Earlier in the year, safety researchers Radek Domanski and Pedro Ribeiro found a collection of weaknesses that enable a malicious actor to remotely replace a My Cloud OS3 machine so as to add a backdoor. The two say they by no means heard again from the company once they tried to contact it concerning the vulnerability. Western Digital attributes its response (or lack thereof) to one among its earlier insurance policies.

“The communication that came our way confirmed the research team involved planned to release details of the vulnerability and asked us to contact them with any questions,” a spokesperson for the company instructed Krebs. “We didn’t have any questions so we didn’t respond. Since then, we have updated our process and respond to every report in order to avoid any miscommunication like this again.”

While the flaw isn’t current in Western Digital’s new My Cloud OS 5, it’s unclear if the company ever went again to handle it in My Cloud OS3. What’s extra, it not plans to assist the older software. “We will not provide any further security updates to the My Cloud OS3 firmware,” Western Digital says in a dated to March twelfth, 2021. “We strongly encourage moving to the My Cloud OS 5 firmware. If your device is not eligible for upgrade to My Cloud OS 5, we recommend that you upgrade to one of our other My Cloud offerings that support My Cloud OS 5.”

We’ve reached out to the company for extra info. In the meantime, you possibly can defend your My Cloud machine by Domanski and Ribiro developed. One factor to notice is you’ll have to reapply it every time you reboot your machine. You may also defend your My Cloud NAS drive by limiting its entry to the web.

All merchandise really helpful by Engadget are chosen by our editorial crew, impartial of our mum or dad company. Some of our tales embrace affiliate hyperlinks. If you purchase one thing by means of one among these hyperlinks, we could earn an affiliate fee.