Western Digital network attached storage devices (NAS) owners may be facing another security problem. Brian Krebs, security journalist and security researcher has published a report about another zero-day vulnerability in Western Digital products that run the company's My Cloud OS3 software. This follows the exploits hackers used to wipe My Book Live devices remotely. It doesn't appear that there will be an official solution for those who don't upgrade to a better storage solution.Security researchers Radek Donmanski and Pedro Ribeiro found a number of vulnerabilities that allowed a malicious actor, to remotely update a My Cloud OS3 tablet to add a backdoor. They claim they didn't hear back from Western Digital when they attempted to contact them about the vulnerability. Western Digital attributes the company's response to one of its policies in the past.A communication from Krebs confirmed that the researcher team was going to disclose details about the vulnerability. It also asked Krebs to get in touch with them if we had any questions. We didn't have any questions, so we did not respond. We have since updated our process and responded to all reports in an effort to avoid miscommunications like this.The flaw is not in Western Digital's My Cloud OS 5. It is unclear if the company has ever addressed it in My Cloud OS 3. It also announced that it will no longer support older software. Western Digital states that it will no longer provide security updates for the My Cloud OS3 firmware. This is stated in a support page dating back to March 12, 2021. We recommend that you upgrade to My Cloud OS 5 firmware. We recommend upgrading to any of our My Cloud offerings that support My Cloud OS 5 if your device isn't eligible for My Cloud OS 5 upgrade.Engadget reached Western Digital to learn more. A spokesperson said that the company had "patched" OS3 with OS 5. "My Cloud OS 5" is a major security update that offers an architectural overhaul of the older My Cloud firmware. All My Cloud products that are currently supported by My Cloud OS 5 can be upgraded. We recommend all users to upgrade as soon as they can to take advantage of the most recent security fixes.A patch Domanski-Ribiro created for devices that aren't compatible with My Cloud OS 5 can be downloaded. It is important to remember that you will need to apply it every time your device reboots. You can also limit the internet access of your My Cloud NAS drive to protect it.Update at 6:35 PM ET: Western Digital has added a comment.
