Serious security flaw discovered in wd's my cloud nas drives

With the recent news from the Meltdown and Specter CPU exploits, security vulnerabilities are beginning to receive more media attention. Another news that has hit us in the last hours is that of the WD My Cloud NAS units, which was discovered a ' backdoor ' that gives full root access to these devices.

User data with My Cloud NAS is exposed by a security breach

It turns out that this flaw in the security of the devices with My Cloud NAS allows anyone to login to the device with the username "mydlinkBRionyg" and the password "abc12345cba", that's all that is needed.

The units that were affected by this security flaw are the following;

• My CloudMy Cloud MirrorMy Cloud Gen 2My Cloud PR2100My Cloud PR4100My Cloud EX2 UltraMy Cloud EX2My Cloud EX4My Cloud EX2100My Cloud EX4100My Cloud DL2100My Cloud DL4100

This would be very bad news, but from Western Digital they tell us this failure was detected and corrected since the publication of the firmware update v2.30.172 (or, in some cases, firmware v2.30.168). This updated firmware for these units has been available since November 2017, so we recommend that all users who own one of these WD devices update their firmware as soon as possible.

To do so, they can go to the WD My Cloud support page, select their specific model and get the latest firmware, it's pretty straightforward.

TheRegister Font