Western Digital has seemingly been shipping their My Cloud personal network attached storage solutions with an integrated backdoor. It's not really that complicated a backdoor either - a malicious user should always be able to use it. That stems from the fact that it's a hard coded backdoor with unchangeable credentials - logging in to someone's My Cloud is as simple as inputing "mydlinkBRionyg" as the Administrator username and "abc12345cba" as the respective password. Once logged in, shell access is unlocked, which allows for easy injection of commands.
The backdoor has been published by James Bercegay, with GulfTech Research and Development, and was disclosed to Western Digital on June 12th 2017. However, since more than 6 months have passed with no patch or solution having been deployed, the researchers disclosed and published the vulnerability, which should (should) finally prompt WD to action on fixing the issue. Making things even worse, no user action is required to enable attackers to take advantage of the exploit - simply visiting malicious websites can leave the drives wide open for exploit - and the outing of a Metasploit module for this very vulnerability means that the code is now out there, and Western Digital has a race in its hands. The thing is, it needn't have.
Reply With Quote
Bookmarks