Western Digital, new problem for My Cloud OS

Following the appearance of the serious problem that last week affected Western Digital’s My Book Live drives, leading to the sudden deletion of all data stored on the disks, a second vulnerability which potentially allows anyone to remotely perform a factory reset without knowing the administrator password. In case all this is still not enough, now we add another flaw affecting the My Cloud OS software. WD My Cloud OS 3, a new vulnerability appears Researchers Pedro Ribeiro and Radek Domansk uncover it: version 3 of the operating system, no longer supported, is affected by it (on March 12, 2021, WD has put in black on white that My Cloud OS 3 will not receive additional security fixes). The manufacturer has made the update to version 5 available for some time, but not everyone has already installed it (due to some missing features compared to the previous one) or can do it (for reasons related to compatibility with older models): it is not available for example for My Cloud EX2, EX4 and for some incarnations of the My Cloud and My Cloud Mirror range. support page, under “Different features between OS 3 and OS 5”, we read that not all features in the list are supported by all My Cloud and Twoknky models DLNA Server 8.2.1 installed on My Cloud OS 5 and later does not include the Twonky Thumbnail Utility tool and does not support the extraction of previews from video content by default. The two have even released an “amateur” patch for My Cloud OS 3, capable of correcting the problem and thus securing user data. but that must necessarily be reinstalled every time the unit is restarted. Another solution that can be adopted is that which passes from disconnecting the disks from the network, thus making them unreachable remotely.

Categories:   Security