Data in Western Digital My Cloud Products May Still Be Vulnerable
Update published by HDD maker
This is a Press Release edited by StorageNewsletter.com on January 15, 2018 at 2:13 pmOn a blog, Western Digital Corp. published this recommendation on January 9, 2018:
Western Digital My Cloud Update
This blog contains updates as of January 9, 2018.
Previously reported security vulnerabilities related to certain My Cloud products had been disclosed by a security researcher directly with our team in 2017, and critical issues mentioned in these recent articles (GulfTech; The Hacker News) were addressed in 2017 with firmware update v2.30.172 and above. Other issues are being addressed in future updates.
One of those issues currently being addressed for a future update is that certain My Cloud models (only with firmware versions 2.xx but not My Cloud Home) with default settings could be exploited by a sophisticated hacker in the unlikely event such hacker has access to the owner’s local network; or, if the My Cloud owner has enabled Dashboard Cloud Access (certain models*) or enabled additional port forwarding to such My Cloud devices.
To mitigate this issue, we strongly recommend that My Cloud owners who have made such changes disable the Dashboard Cloud Access and ensure their router and My Cloud device are secure by disabling additional port-forwarding functionalities. All affected My Cloud owners should restrict local network guest access only to people they trust.
We are working on a firmware update for this issue and will make it available on our support download site ASAP. We encourage users to contact Western Digital customer support should they need help updating their device. If you wish to contact customer support directly, please visit this page. You may need to use the ‘Change country’ link on that page to find the most appropriate phone number for your location.
It is important to note that the My Cloud Home model architecturally is designed new from the ground up and we are not aware of any vulnerability to the security issues listed in the respective reports.
As a reminder, we urge customers to ensure the firmware on their products is always up to date; enabling automatic updates is recommended. We also urge you to implement sound data protection practices such as regular backups and password protection, including to secure your router when you use a personal cloud or network-attached storage device.
Western Digital works continuously to improve the capability and security of our products, including with the security research community to address issues they may uncover. We encourage responsible disclosure by customers and researchers to ensure our customers are protected while we address valid vulnerabilities.
* Models with Dashboard Cloud Access:
. My Cloud EX2
. My Cloud EX4
. My Cloud EX2100
. My Cloud EX4100
. My Cloud EX2 Ultra
. My Cloud DL2100
. My Cloud DL4100
. My Cloud PR2100
. My Cloud PR4100
. My Cloud Mirror
. My Cloud Mirror Gen 2
Dashboard Cloud Access:
The Dashboard Cloud Access feature is available under Settings->General->Cloud Access.
Port Forwarding:
Port forwarding of HTTP connections should disabled on the My Cloud device and the router. On My Cloud devices the port-forwarding feature is available under Settings->Network->Port Forwarding and can be used only if the connected router supports uPnP.