Andrea Danti - Fotolia
How can an authentication bypass vulnerability be exploited?
A vulnerability was found in Western Digital's My Cloud NAS device that can be easily exploited by hackers. Discover what this vulnerability is and how users can be protected.
Hackers recently exploited an authentication bypass vulnerability found in Western Digital's My Cloud network-attached storage devices. How easy was this for hackers and what has Western Digital done to protect its users?
A vulnerability putting Western Digital's My Cloud network-attached storage (NAS) device at risk can be easily exploited by hackers using an authentication bypass vulnerability.
This vulnerability occurs after a My Cloud NAS device version 2.30.196 or earlier is plugged into the Ethernet port of a Wi-Fi router that is connected to a home or private network. Businesses and individuals who share files, stream audio and video, and back up computers or mobile devices from the vulnerable central device are the most likely to be victimized by attackers exploiting this vulnerability.
Security researchers at Securify found that the vulnerability enables unauthenticated hackers to escalate their privileges to administrative level in order to gain network access to the central device. This is due to the way Western Digital's My Cloud creates an admin session tied to the IP address of the business or individual user making the request.
An unauthenticated attacker could further create a valid admin session without sending a username=admin cookie in the HTTP request to the central device's web interface. A CGI module containing the cgi_get_ipv6 command with the flag parameter set to 1 can be used to start a session that is tied to the IP address of the attacker.
After gaining access to a router, the attacker can download malicious firmware and change the router's domain name system to redirect to phishing websites. A successful attacker can view, copy, delete, change and overwrite files stored on the connected computers and mobile devices.
Users have been advised to download the firmware update from Western Digital's website; however, Western Digital hasn't warned users about vulnerable mobile devices that use Bluetooth connections to play music from the My Cloud NAS device. An enterprise or individual that uses My Cloud NAS systems in a heterogeneous network should also be aware of the Bleedingbit Bluetooth vulnerabilities in devices from Cisco, Cisco Meraki and Aruba Networks.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)