What are you looking for ?
Mobile Search Icon
Mobile Menu Icon
Advertise with us
RAIDON

Codenomicon Warns Consumers About Poor Stability of NAS

But not discloses any details of product vulnerabilities publicly

This is a Press Release edited by StorageNewsletter.com on May 9, 2012 at 2:47 pm

Codenomicon Ltd, vendor of proactive security solutions, warns consumers about the poor stability of NAS units.

                  
Test results from the NAS tests
codenomicon_poor_stability_nas_540

Based on Codenomicon’s robustness test results using smart model-based fuzzing tools, all of the tested units failed in multiple critical communication protocols.

"It is alarming that not a single one of the devices could clear the tests," says Ari Takanen, CTO of Codenomicon. "Similar protocols are used not only in consumer NAS units, but also in enterprise-level data storage devices. The information security as it stands is poor."

Embedded devices are everywhere. Connected to the Internet, they use protocols to transfer data. Bugs in software implementing those protocols make the devices vulnerable, and potentially exploitable. Researchers at Codenomicon Labs have been testing embedded devices. However, Codenomicon will not disclose any details of the vulnerabilities publicly in order to protect the users of those devices.

This research is part of a series of publications in testing embedded devices used by home consumers. Codenomicon Labs took five different consumer-grade NAS units from well-known manufacturers. Lab researchers fuzzed them thoroughly, and all of them failed.

What are NAS units?
NAS have been becoming more and more ubiquitous due to the convenient, simple and efficient way of sharing and storing data, often requiring nothing more than connectivity to a LAN or the Internet. These features, however, expose them to a multitude of threats that menace any networked devices.

What is Fuzzing?
Fuzzing is a black-box testing technique in which malformed inputs are delivered to the system under test while its behavior is monitored. If the target system crashes or fails in any other way, a software bug is found. The main benefit of fuzzing is its unparalleled ability to find unknown zero-day vulnerabilities.

To download the NAS white paper
More test results (registration needed)
More on fuzzing

Articles_bottom
ExaGrid
AIC
ATTOtarget="_blank"
OPEN-E