Skip to main content

WD My Cloud web interface could give hackers the key to your files

Western Digital’s My Cloud network-attached storage (NAS) drives feature several unpatched security problems which could leave users vulnerable to attack by nefarious individuals. WD has been made aware of the flaws in the system, and the team that discovered the bugs has now made them available to the public in the hope that it encourages a quicker turnaround on a fix.

Traditionally, the playbook for revealing security issues with hardware or software is to let the manufacturer know first. That way, the company has some time to fix up the problem without it negatively affecting its business. More importantly, it means that hackers who weren’t aware of the bug don’t exploit it while it’s being fixed.

Recommended Videos

In this case, Exploitee.rs (via Engadget) who who discovered the bugs, made them public straight away due to what was described as WD’s “reputation within the community.” More specifically, Western Digital earned the Pwnie award at BlackHat Las Vegas 2016 for “Lamest Vendor Response” to bugs revealed to it in the past. By alerting the community, Exploitee hopes that users can avoid this particular drive range until WD goes ahead and fixes it.

There are actually a few bugs that were found as part of this latest investigation. Although they were specifically discovered on the My Cloud PR4100, they are expected to impact the entire My Cloud range. They are mostly to do with poorly written login scripts which could allow a hacker to bypass the certification system entirely, but others allow unauthorised file uploads, missing login requirements, and poorly implemented web interface commands.

Western Digital MyCloud Multiple Remote Root Exploits

While WD has yet to issue a response to these claims, My Cloud owners would be wise to keep their NAS drive offline for the time being and restrict it to your local network until several security fixes are released.

Jon Martindale
Jon Martindale is a freelance evergreen writer and occasional section coordinator, covering how to guides, best-of lists, and…
Watch these AI humanoid robots play soccer like Mbappé … sort of
Humanoid robots playing soccer.

Watching these humanoid robots battle it out on the soccer field, you quickly realize that Kylian Mbappé and his fellow professionals really have little to worry about. At least, for now.

The footage (top) was captured last week in Beijing at the RoBoLeague World Robot Soccer League, China's first-ever three-on-three humanoid robot soccer league.

Read more
The robot takeover comes another step closer — at Amazon
An Amazon robot working inside one of the company's warehouses.

Amazon is close to having more robots operating inside its warehouses than humans after the e-commerce giant announced this week that it now has more than a million robots working at its facilities around the world.

Over the years, Amazon has spent billions of dollars on the development and deployment of warehouse-based robots, which handle an array of tasks once performed by human workers.

Read more
This Lenovo ThinkPad laptop is over $1,400 off — hurry while stocks last!
The Lenovo ThinkPad T14 Gen 5 Intel laptop on a white background.

Now's an excellent time to take advantage of laptop deals from Lenovo, which has slashed the prices of a wide range of devices for its Black Friday in July sale. Lenovo's ThinkPad laptops are up to 45% off, and here's one of the most interesting offers available with such a discount — the Lenovo ThinkPad T14 Gen 5 at $1,440 off its estimated value of $3,199, so you'll only have to pay $1,759. That's an excellent price for this fantastic productivity tool, but you're going to have to push forward with your purchase as soon as possible because stocks may run out at any moment.

BUY NOW

Read more