When hackers strikes personal NAS-type devices
Pool Western Digital My Book Live NAS owners… many of them woke up to find out that their content was gone from their devices. Apparently, hackers came in by using an unpatched vulnerability on devices where the last update was issued in 2015 by Western Digital. This brings me to ask the following questions: were those devices directly connected on the internet? If yes, that dumb. If this was a known vulnerability, why WD didn’t issue a patch? Companies should be required to publish security-only fixes for far longer than they do right now. I’m sorry but 2015 isn’t that old for such a type of devices. Finally, I personally own a Synology NAS, obviously not directly connected on the Internet, yet, I have to wonder if it is still secure. I’m planning on enabling 2FA to add another layer of protection, though.