Hey you, get off of My Cloud

      Comments Off on Hey you, get off of My Cloud

Hey you, get off of My CloudInformation security consultancy SEC Consult has exposed a major vulnerability in Western Digital’s My Cloud storage devices, rendering them easy hijack targets.

Anyone who can reach the administrative web server, either through the public Internet or a user’s private network, can execute arbitrary commands on the machine and upload files. On top of this, WD’s firmware also has cross-site request forgery vulnerabilities. Anyone surfing to a compromised site could lose control of their My Cloud device.

Back in January, SEC Consult gave WD a ninety-day window to fix the holes before going public with its findings – but since then a third party has blown the whistle. As there’s no immediate solution on the horizon, best advice is to firewall or unplug My Cloud and sit tight.

Read more at http://www.theregister.co.uk/2017/03/08/wd_my_cloud_vulnerabilities/