http://news.techworld.com/security/3581701/researcher-creates-proof-of-concept-worm-for-network-attached-storage-devices/
By Lucian Constantin
Techworld.com
20 October 2014
Network-attached storage (NAS) devices are riddled with vulnerabilities
that can put the security of sensitive data and networks at risk, a
researcher has found. To prove his point, he has created a
proof-of-concept worm that can infect devices from three different
manufacturers.
Earlier this year, Jacob Holcomb, a security analyst at Baltimore-based
firm Independent Security Evaluators, started researching the security of
NAS devices. He selected popular devices from 10 manufacturers and found
that they were all were susceptible to root compromise. In addition, he
found that exploiting half of them did not require authentication.
The tested devices were: Asustor AS-602T, TRENDnet TN-200 and TN-200T1,
QNAP TS-870, Seagate BlackArmor 1BW5A3-570, Netgear ReadyNAS104, D-LINK
DNS-345, Lenovo IX4-300D, Buffalo TeraStation 5600, Western Digital
MyCloud EX4 and ZyXEL NSA325 v2.
During a presentation last week at the Black Hat Europe security
conference in Amsterdam, Holcomb demonstrated a proof-of-concept worm that
can automatically infect the D-LINK DNS-345, TRENDnet TN-200/TN-200T1 and
Western Digital MyCloud EX4 devices by exploiting command injection and
authentication bypass vulnerabilities, which as far as he knows, are still
unpatched.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
