Recent Vulnerability Discoveries and recommendations?

JasonNAS · March 8, 2017, 10:08pm

With the recent announcement of the new hacking vulnerabilities I have disabled the cloud service on the EX4 and removed the port forward statements from my firewall.

I would like to know what steps if any I can do to retain the cloud function of this device without leaving it exposed to the vulnerabilities over the internet. My current option is to VPN into my network, then access the shares. Not really that convenient based on what this device is sold as. I would also like to retain the use of remote backups.

I would like Western Digital to put a recommended action plan for mycloud owners until the firmware can be patched and remove the known bugs.

Thanks you.

SBrown · March 8, 2017, 10:59pm

Thank you for your question.

What should My Cloud owners do to maximize prevention of reported vulnerabilities?

We recommend customers follow best practices and enable auto-update in their My Cloud devices to receive updates when they are released
(a description of the process can be found at KBA 10440 Auto Update WD My Cloud Firmware).
Manual updates can be found at: Software and Firmware Downloads | WD Support

For this issue, users can disable the port-forwarding method of remote access to minimize the reported vulnerabilities prior to when we publish the update with the resolutions.

JasonNAS · March 8, 2017, 11:10pm

You are only recommending the port-forwarding method of cloud access should be turned off.

Are you stating that the cloud services are still safe to use via the Relay Method?

Thank you.

dunbone · March 9, 2017, 11:17am

I have the same question as @JasonNAS. Interested in your answer @SBrown
Thank you.

SBrown · March 9, 2017, 2:35pm

Hello,

Myron · April 1, 2017, 10:46am

@SBrown, I have a suggestion. How about building into the MyCloud OS within the NASs a robust VPN dameon to remove the need to, say, set-up a Rasberry Pi as a VPN server?