Well, oops:
Today, yet another security blunder becomes publicized, and it is really bad. You see, many Western Digital My Cloud NAS drives have a hardcoded backdoor, meaning anyone can access them -- your files could be at risk. It isn't even hard to take advantage of it -- the username is "mydlinkBRionyg" and the password is "abc12345cba" (without quotes). To make matters worse, it was disclosed to Western Digital six months ago and the company apparently did nothing until November 2017.Gah. I'll spare you the gory details other than to say that Western Digital has clearly been asleep at the security switch multiple times. This is a very bad vulnerability, it's one that can be exploited when you take your browser to a site hosting malicious javascript (i.e. pretty much anywhere), and it gives a Bad Guy complete access to all your data.
I sure as heck didn't know about this when I recommended the product. Here is the list of products that have this bug:
If you have any of these, you can get updated firmware via this page.
- MyCloud
- MyCloudMirror
- My Cloud Gen 2
- My Cloud PR2100
- My Cloud PR4100
- My Cloud EX2 Ultra
- My Cloud EX2
- My Cloud EX4
- My Cloud EX2100
- My Cloud EX4100
- My Cloud DL2100
- My Cloud DL4100
As to a recommended storage product, Western Digital is not anything that I can suggest you look into. The bug never should have been in the code, but they were sloppy. They should have fixed it months earlier than they did, but they seemingly didn't care. Not a company I want to trust with my data.
Your mileage may vary, void where prohibited, do not remove tag under penalty of law.
This in no way negates the absolute need to back up any data you care about. Twice, in three places.
ReplyDeleteI'm extremely dubious about anything with 'cloud' in the name unless they are actually talking about airborne water vapor.
ReplyDeleteI have one that I bought it in '14, long before your recommendation.
ReplyDeleteI don't use the WD software, but currently Cobian Backup. I assume I still need to do this software fix, but would appreciate your input.
Ouch is right... But how could you know?
ReplyDeleteASM826, absolutely.
ReplyDeleteSiGraybeard, as I understand it this bug is in the firmware, so Cobian isn't keeping you safe. I'd think that updating the firmware is best.
Old NFO, I couldn't know. That's the joy of vulnerability disclosure. ;-)
Recommend a FreeNAS by I systems. Great hardware, open source software.
ReplyDelete*ix systems
DeleteIt took me most of the day to determine that the file won't run on my WD MyCloud. The linked file clearly says "WD has released new firmware for the second gen My Cloud units. "
ReplyDeleteMine is old enough to be the first gen. I'm set for automatic updates, and it was telling me it had the latest version firmware, which agrees with their web site.