Western Digital wont fix a vulnerability found in older My Cloud OS3 storage devices
Owners of Western Digital network attached storage (NAS) devices may have yet another security headache on the horizon. Following the two flaws hackers exploited to wipe My Book Live devices remotely , security journalist Brian Krebs has published a report on another zero-day vulnerability that affects Western Digital products running the companys My Cloud OS3 software. Whats more, it doesnt appear there will be an official fix for those who dont upgrade to a newer device. Earlier in the year, security researchers Radek Domanski and Pedro Ribeiro discovered a series of weaknesses that allow a malicious actor to remotely update a My Cloud OS3 device to add a backdoor. The two say they never heard back from the company when they tried to contact it about the vulnerability. Western Digital attributes its response (or lack thereof) to one of its previous policies. The communication that came our way confirmed the research team involved planned to release details of the vulnerability and asked us to contact them with any questions, a spokesperson for the company told Krebs. We didnt have any questions so we didnt respond.
Western Digital wont fix a vulnerability found in older My Cloud OS3 storage devices
Owners of Western Digital network attached storage (NAS) devices may have yet another security headache on the horizon. Following the two flaws hackers exploited to wipe My Book Live devices remotely , security journalist Brian Krebs has published a report on another zero-day vulnerability that affects Western Digital products running the companys My Cloud OS3 software. Whats more, it doesnt appear there will be an official fix for those who dont upgrade to a newer device. Earlier in the year, security researchers Radek Domanski and Pedro Ribeiro discovered a series of weaknesses that allow a malicious actor to remotely update a My Cloud OS3 device to add a backdoor. The two say they never heard back from the company when they tried to contact it about the vulnerability. Western Digital attributes its response (or lack thereof) to one of its previous policies. The communication that came our way confirmed the research team involved planned to release details of the vulnerability and asked us to contact them with any questions, a spokesperson for the company told Krebs. We didnt have any questions so we didnt respond.