My WDMyCloud Public Folder Hacked

AJ777 wrote:

My Roku 3, high end sony and samsung blu-ray players, and high end samsung smart tv will not fast forward, rewind, or pause any video that I have tried streaming from Twonky, and I have tried many, many formats.

Are you using the Roku Media Player on your Roku 3. Have you tried using an encoder like the free Handbrake program to encode video files? Is Twonky incorrectly recognising the Roku as some other Media Receiver Type? (See the Twonky UI → Sharing → Media Receivers .)

Using a Roku 2 XS with the Roku Media Player channel I have no problems fast forwarding, rewinding, pausing video content stored on the WD My Cloud. When there is a problem playing video it is 99.9% of the time a problem with the video file itself with either how it was encoded or was something like a 4K HD video. Running the video file through Handbrake usually fixes encoding problems. Otherwise no problems playing 720 and 1080 video resolution videos through Twonky. I also have my Roku hard wired as I ran into problems time to time with WiFi (Wireless N) trying to keep up for higher bitrate video files.

Agreed, but for the $343 i vested the media server should fast forward, pause, and rewind my video on all my devices like the other half dozen media servers I have tried. Also, I should be able to readily secure all my folders without completely crippling the functionality of the device. That does not seem like too much to ask for.

Yes, I have tried all the available server apps on the Roku 3. None of them, or the Roku 3, integrate satisfactorily with Twonky. I even tried the Twonky app on the Roku but it does not even complement the Twonky media server. It has some other sort of odd beaming function or something.

My Sony Blu-ray player is known for playing and integrating with basically everything on the market which is why I purchased it. The only server, out of many, that I tried that it does not integrate with is Twonky. I tried all the most well known media servers. Also, as I already mentioned, the que/review/pause functions will not work on my Samsung smart TV or Samsung Blu-ray player with any of the numerous formats I have tried.

WD really skimped out when they selected Twonky. It is by far the worst media server I have ever used. It is nearly completely dysfunctional as far as integrating with any player. It’s great though If you want to just use the stop and play buttons because that is all that is going yo work.

I’ve used the Twonky media server with the followings apps:

Linn Kinsky

UPnP Monkey

UPnPlay

BubbleUPnP

XBMC/Kodi

AirWire

DLNAPlayer

AirPlay

DroidUPnP

MediaMonkey

I settled on BubbleUPnP, Kodi and Kinsky, running on plain vanilla Android devices, and, for Kinsky, an iPad and a PC.

I can pause, fast forward and rewind in these apps, and I don’t recall having trouble with the others I tried.

I’m certainly not a WD or Twonky apologist, but I simply haven’t experienced the problems you are having. Granted, I’m not using a Sony Blu-ray player or Samsung TV.

Agreed. Most Android apps will play pretty much any video from any server, but I prefer to watch video on my TV not my phone. I did not mean to include my phone when I spoke about Twonky not playing on my devices since it is such an impractical viewing medium.

I don’t have a smartphone. I have a cheap Android media box connected to a dumb 40" TV. I chose this over a ‘smart TV’ because of the limited app availability, limited app update, weird UI and overpriced nature of ‘smart TV’ and similar devices.

cpt_paranoia wrote:

I don’t have a smartphone. I have a cheap Android media box connected to a dumb 40" TV. I chose this over a ‘smart TV’ because of the limited app availability, limited app update, weird UI and overpriced nature of ‘smart TV’ and similar devices.

Yes, I hope to get an HTPC someday. They still are very costly, not very reliable, and require a lot of, and constant jerry rigging to keep everything working right. I love my Blu-rays, my Sony player and my 7.1 DTS HD Master and TruHD surround sound. My Sony Blu-ray player has never failed me with exception to playing any Twonky video files from my WD Cloud. Also, my Mezzmo media server has streamed all of my media to all of my devices without issue to include my WiFi hogging .m2ts Blu-ray video files. All Samsung AVware seems finicky due to poprietary streaming issues or something but it is still very nice having built-in streaming. It is slow but muddles along. I would never buy a Samsiung AV device again though.

Yeah, there’s really not very good a solutions yet for streaming. My Roku and Samsung definitely leave a lot to be desired. A good HTPC is probably where it’s at if you have the time to fiddle with it.

AJ777 wrote:

Yes, I hope to get an HTPC someday. They still are very costly, not very reliable, and require a lot of, and constant jerry rigging to keep everything working right.

Yeah, there’s really not very good a solutions yet for streaming. My Roku and Samsung definitely leave a lot to be desired.

This really isn’t the case anymore. Both Plex Server/Plex Home Theater and Kodi are pretty straight forward to setup, even on moderately older PC’s that meet the system requirements. One can build a HTPC for under $300 these days (probably even under $200 if one can find deals).

Been running Plex on an old unused Dell Vista OS PC that has a Core 2 Duo E6700 with 4GB RAM for a couple of years now. Initial setup wasn’t a problem at all. Only problem, and it was a minor one, was getting some of the “unsupported” channels installed.

Some have no problems streaming with the Twonky server on the WD My Cloud. Others, like in your case, do. Both of my Roku’s along with a family member’s Roku have played everything we’ve thrown at it from two different WD MY Clouds so long as it was properly encoded in a Roku supported format.

One can build a HTPC for under $300 these days (probably even under $200 if one can find deals).

My Android media box cost me £35 delivered…

The only app I’ve paid for is BubbleUPnP, which cost £3.06 for unlimited licences; I have it running on six devices…

Anyway, I’d like to get back to the suspected hacking problem, since that concerns me.

We need to determine if this is the first reported case of a vulnerability exploit (from the large number of fielded MyClouds), or whether the torrent files have got there by some other means. Whilst it might be ‘obvious’ that the files ‘must have’ come from outside the network, placed there by a hacker, until we can identify the method by which access was gained, and replicate the hack, we’re just speculating.

Port forwarding is off

https is on

remote access is off in router but on in WDCloud for phone and pc when away from my network

If you have remote MyCloud access enabled, then you have some port forwarding enabled to allow the data traffic through.

Why would I want to manually configure the ports the router uses to forward traffic? An open port is an open port. One is not really any more secure than another.

Do you have router UPnP control enabled to allow automatic port configuration? I don’t, because I don’t want random programs to be able to modify my router settings using UPnP; I want to be in control of port opening on the firewall, manually.

I use MyCloud as a DVR since I cut the cable cord a couple years ago.

What do you use as a DVR client?

Where does it get its video stream from? (I assume when you say ‘DVR’, you do mean ‘recording’) i.e. is it external to your network, or is it only internal?

I came to that conclusion because it was very apparent. The movies were strewn with torrent signatures/files.

There was approximately 30-50 movie files in my Public folder with numerous torrenting files within the folders.

It’s very obvious that someone came in through the internet and placed them there.

Is your device new, or secondhand?

If new, was the box sealed when you bought it?

Are the file dates within your ownership period?

What I’m getting at is; were these files present when you bought the device, or have they been put there since?

Have you contacted WD regarding this suspected security exploit?

cpt_paranoia wrote:

One can build a HTPC for under $300 these days (probably even under $200 if one can find deals).

 

My Android media box cost me £35 delivered…

I was implying a more traditional HTPC, one where there is an hard drive inside the case and where one can expand the memory of the unit. There are plenty of low cost Android TV devices and other devices like RasberryPI that can run an HTPC OS and have external hard drives attached to it and pipe a signal to the TV via HDMI (or other input connection).

cpt_paranoia wrote:

 

We need to determine if this is the first reported case of a vulnerability exploit (from the large number of fielded MyClouds), or whether the torrent files have got there by some other means. Whilst it might be ‘obvious’ that the files ‘must have’ come from outside the network, placed there by a hacker, until we can identify the method by which access was gained, and replicate the hack, we’re just speculating.

Yes, it needs to be determined if there really was a “hack” and the attack vector of that “hack” if there was one. In this case because the WD My Cloud configures the Public Share folders as non password protected anyone who has access to the local network can save or copy files to it. That does not mean the WD My Cloud or its remote access method has actually been hacked. 

Bennor wrote:


AJ777 wrote:

Yes, I hope to get an HTPC someday. They still are very costly, not very reliable, and require a lot of, and constant jerry rigging to keep everything working right.

Yeah, there’s really not very good a solutions yet for streaming. My Roku and Samsung definitely leave a lot to be desired.


This really isn’t the case anymore. Both Plex Server/Plex Home Theater and Kodi are pretty straight forward to setup, even on moderately older PC’s that meet the system requirements. One can build a HTPC for under $300 these days (probably even under $200 if one can find deals).

 

Been running Plex on an old unused Dell Vista OS PC that has a Core 2 Duo E6700 with 4GB RAM for a couple of years now. Initial setup wasn’t a problem at all. Only problem, and it was a minor one, was getting some of the “unsupported” channels installed.

 

Some have no problems streaming with the Twonky server on the WD My Cloud. Others, like in your case, do. Both of my Roku’s along with a family member’s Roku have played everything we’ve thrown at it from two different WD MY Clouds so long as it was properly encoded in a Roku supported format.

Plex is garbage. It is the only program I have ever installed on my high end HP laptop that crashed it numerous times to the blue screen of death. It will not run on my laptop. Apparently numerous others are having the same problem, and Plex could basically care less. Also, it reencodes all 7.1 DTS/TruHD surround to 5.1 surround. That absolutely will not work for me.

Also, Kodi is all over the place. I spent hours watching YouTube videos on setting it up, but just cannot wrap my head around it. My HTPC will be a Windows based which will eliminate all potential incompatibility issues. I doubt I will be using Kodi.

Yeah, I spent hours upon hours trying all the major media servers. Mezzmo by far blows them all away and Twonky is by far the worst. Twonky does not attempt to integrate with devices whatsoever which is why my devices will only play a handful of formats and without cue/review. I got so ticked off tonight I about blew a gasket. My Sony cannot play any MP4 no matter how it is encoded from Twonky yet plays them all through Mezzmo. Twonky needs to be permanently retired. It is the most pathetic excuse of a media server I have ever used. The Roku has performed about the same for me. Only a handful of formats and blocky, pixelated video since the processor in it is so lame. Honestly, I cannot believe that anyone would stream their media through it unless the have no other choice.

cpt_paranoia wrote:

Anyway, I’d like to get back to the suspected hacking problem, since that concerns me.

 

We need to determine if this is the first reported case of a vulnerability exploit (from the large number of fielded MyClouds), or whether the torrent files have got there by some other means. Whilst it might be ‘obvious’ that the files ‘must have’ come from outside the network, placed there by a hacker, until we can identify the method by which access was gained, and replicate the hack, we’re just speculating.

 

Port forwarding is off

https is on

remote access is off in router but on in WDCloud for phone and pc when away from my network

 

If you have remote MyCloud access enabled, then you have some port forwarding enabled to allow the data traffic through.

 

Why would I want to manually configure the ports the router uses to forward traffic? An open port is an open port. One is not really any more secure than another.

 

Do you have router UPnP control enabled to allow automatic port configuration? I don’t, because I don’t want random programs to be able to modify my router settings using UPnP; I want to be in control of port opening on the firewall, manually.

 

I use MyCloud as a DVR since I cut the cable cord a couple years ago.

 

What do you use as a DVR client?

Where does it get its video stream from? (I assume when you say ‘DVR’, you do mean ‘recording’) i.e. is it external to your network, or is it only internal?

 

I came to that conclusion because it was very apparent. The movies were strewn with torrent signatures/files.

There was approximately 30-50 movie files in my Public folder with numerous torrenting files within the folders.

It’s very obvious that someone came in through the internet and placed them there.

 

Is your device new, or secondhand?

If new, was the box sealed when you bought it?

Are the file dates within your ownership period?

What I’m getting at is; were these files present when you bought the device, or have they been put there since?

 

Have you contacted WD regarding this suspected security exploit?

 

I use Playlater and WM Capture to record hulu, etc, on my laptop then copy to WD MyCloud to watch on all my devices.

I purchased it new 1+ years ago. The files just appeared within the last week. I thought I already said that in an earlier post. Maybe not. I am on a half acre lot and know all my neighbors very well. Most are elderly and all are incapanble of hacking my WiFi. Someone gained access to my WD MyCloud and put those files on my drive. After spending a few more hours on this issue today, I was finally able to secure a shared folder which streams my media using Mezzmo and Twonky. I am in the process of moving all of my files over to the secured folder which is looking like it is going to take 3 days. This is absolutely ridiculous! I should not have to be doing this! I am so sick of all the lame, broken hardware and software that’s on the market these days. All these companies promise you the world and only about a third of their specs actually works as described. (just venting, not intended for you cpt_paranoia)

Oh, and yes, I am now working a WD Tech.

Abouth Hacking: Search info in log files. Maybe you got answer.

egrep -rn 'File_name' /var/log

Or

cat /var/log/samba/smbd.log | grep File_Name

I am in the process of moving all of my files over to the secured folder which is looking like it is going to take 3 days.

SSH in and use mv.  It won’t require data transfer, just file system index changes.  It will be much quicker.

All these companies promise you the world and only about a third of their specs actually works as described

It does get pretty frustrating, I agree, and I have had the odd rant or two, including at WD Support…

I thought you could tell Plex not to transcode?  There would be no need to if you are using the server locally.

cpt_paranoia wrote:

 

I thought you could tell Plex not to transcode?  There would be no need to if you are using the server locally.

You can typically disable transcoding in the Plex app on the client device. Plex also includes it’s own DLNA server so non Plex app clients can still access compatable content on the Plex Server.

Bennor wrote:


cpt_paranoia wrote:

 

I thought you could tell Plex not to transcode?  There would be no need to if you are using the server locally.


You can typically disable transcoding in the Plex app on the client device. Plex also includes it’s own DLNA server so non Plex app clients can still access compatable content on the Plex Server.

I cannot remember if it was transcoding or just removing the mid or rear channels from the 7.1 DTS and TruHD audio but their specs at the time said that it did not stream any 7.1 audio. Only 5.1 audio, and even then it would not stream 5.1 DTS. It changed all surround to 5.1 Dolby Digital. It’s been a little while now. They could have improved it, but I was not at all impressed with their support of the Blue Screen crashes. I just threw my money away. I tend to do that a lot on useless apps.

Plex does apparently support 7.1 audio but its the clients that may or may not support it. Been that way for more than year (or two). The problem is, as is often the case, with transcoding to a client side supported format. This is probably a problem with most if not all media servers that do transcoding.

I know we’ve dragged this topic way off track with Plex but I’ve used (on and off) the Plex Server on several PC’s ranging from seven year old to brand new and cannot remember having any problems with the initial install and configuration of the Plex Server software over the years. No BSOD or anything like that which I would remember. As with anything computer related its possible the configuration (hardware, OS, applications, security software, etc.) of the PC you installed it on may contribute to causing issues on that particular PC.

Back to the initial topic at hand. From all appearances your WD My Cloud device (itself) doesn’t appear to have been “hacked” since the Public Share folder(s) are not password protected out of the box. So the question becomes who or what put the files in the Public Share folder(s), And what method or attack vector did they use to gain access to your local network (through the router from Internet, or local WiFi or Ethernet) in order to put those files in the Public Share folder(s).

If the attack vector was through the router from the internet then there are steps one can take to try and prevent future access. I assume your indicated Linksys EA6700 router has the latest firmware installed and has remote access to the router’s UI disabled. There was a vulnerability patched last year that could have potentially allowed remote access to certain Linksys routers from the internet. If the attack vector was through WD2Go remote access, then as explained previously in the thread the two ports the WD2Go remote access uses on the router can be changed/reconfigured to block remote access at the router level to the WD My Cloud. If you haven’t already done so there are various online sites, such as GRC, to scan one’s router to see if there are any open ports or general vunerablities that would allow unwanted remote access.

Are you running the latest firmware on the My Cloud?  We just fixed a major security issue with it.

Bill_S wrote:

@AJ777

 

Are you running the latest firmware on the My Cloud?  We just fixed a major security issue with it.

 

Yes, I keep all of my firmware/programs updated typically the day I receive the notifications. My WD Cloud firmware was updated the day I received the notification. I believe it was 1 Jul 15. 

Well, Ellis from WD Tech support was very helpful today and spent a couple hours reviewing all of my security, router and WD drive settings. He found nothing to indicate that I had any security issues. However, he did feel that MyCloud drive was bad and needed to be replaced since it was not behaving normally. They are sending me a recertified drive. I am in the process of moving all of my files out of the Public folder and will no longer be using it. Hopefully, with the recertified drive, and only using secured shares, my security issues will not resurface. If I do continue to have any further security problems, I will be sure to update this discussion since impenetrable security is of utmost importance when using our MyClouds. Thank you for all of your suggestions and to WD for promptly and aggressively seeking resolution to this potentially severe problem. Additioanlly, kudos to Ellis. He was very helpful and seemed to be a very capable WD Tech.