Hey you, get off of My Cloud! Western Digital hardwired backdoor is a golden oldie

Subject: General Tech | January 8, 2018 - 12:42 PM |
Tagged: western digital, My Cloud, security, D-Link, DNS-320L, NAS

A few years back the D-Link DNS-320L NAS device made headlines thanks to the discovery of a hardwired user and password present which allowed anyone access to your device.  Western Digital seems to have completely ignored that previous furor as it turns out they reused that same firmware, without the update D-Link provided years back, on a number of My Cloud devices.  As of now, if you are running any of the devices listed by The Register here with a firmware version below 4.x you are exposed.  If you can't find newer firmware, which may well be the case, you can use D-Link's 2.30.174 firmware patch on your My Cloud; as always back up anything you don't want to lose before doing a firmware update.

wd-my-cloud-mirror-personal-cloud-storage-product-overview.png.imgw_.1000.1000.jpg

"If you have a Western Digital My Cloud network attached storage device, it's time to learn how to update its OS because researcher James Bercegay has discovered a dozen models possess a hard-coded backdoor."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register