Same hardcoded backdoor & security holes in WDMyCloud devices

Yes WD. You dont patch a lot of security holes and even backdoor sinde June 2017!
Now what?

@heinz_hoff I have had my WD My Cloud WDMyCloudImage for three years now without any problems. How secure is your network that you have it connected to?

What is so top secret on it that someone else would want it?

I agree, this should be fixed soonish. It’s a wide open door no one would want. WD, quick now, you have a responsibility that doesn’t end when your customers have paid the bill.

1 Like

@cat0w It has nothing to do with the security of the network; even if the MyCloud device isn’t accessible from the outside it can be accessed on the local network, e.g., by some web page containing malicious code.

Regarding your question what data on someone’s device would be so secret that someone else would want it, can I answer with another question? Can I please have your MyCloud device and all the data on it now (an ISO image will do)? :wink:

@wduserh You must think I am really stupid. If you think you can get to mine, then try it. I have the usual, user name and password for my home network, firewalls, and I have McAfee Total Protection.

I also never click on a link if I don’t know who sent it or where it came from as in the original post in this topic.

@cat0w I cannot make any assumptions about your intelligence from what little information I have available, and apologise for coming across that way. I was trying to challenge your point of view that information stored on a MyCloud device was per se not secret enough to be protected. While I still completely disagree with that point of view out of sheer principle, I have formulated my response wrongly.

Be advised that clicking on a link is not necessary to have the vulnerability take effect. A hacked web page can execute malicious code on your MyCloud device if you load it on another device in your local network. The firewall will not protect you from that, and McAfee TP is unlikely to.

This is a reply to everyone or anyone who may need it. If you are afraid for your privacy I suggest you read, Privacy In The Age Of Big Data by Theresa M. Payton and Theodore Claypoole. I bought my copy several years back from Barnes and Noble. If you really want to know more about Technology then read and study all you can, I do. My latest College text book that I am reading and studying is Technology In Action 14E. I have almost completed it, I am in Ch. 13.

I suggest you read and study all you can along with maintaining and keeping your devices up to date.

@wduserh Yes, while I have information on my My Cloud that is personal and very important to me nothing is so secret that anyone else should want it. As I wrote in my prior post about the book on Privacy probably all of the information on my computers and My Cloud is already out there, somewhere.

The question I used in my first post was not wanting the individual to tell us all what he has on his WD device that is or may be secret, but for him to think about that. Maybe he needs a better and more secure device to store his information.

Want to add this too about all those company security breaches that have occurred over the past few years causing me to have to get new Debit or Credit cards. What information did they get about me there!!!

@cat0w I’m glad we’ve sorted that out. Thanks for the book recommendation!

There are more Bugs detected by some other guys in beginning 2017 also still not fixed. No we have a new bug with spectre and Meltdown because MY Clouds are using Intel processors…WD is not doing soemthing against all this bugs. Best thing dont buy this products anymore. Forsure for big hackers you wont be a target. BUT the problem is they can use your Mycloud for criminal ■■■■ like uaing your mycloud to attack others and save some stuff which you dont want onyour cloud but you wont see it

1 Like

I could not believe the article on when they posted the mydlinkBRionyg / abc12345cba user and password - and was totally shocked when I tried this on my devices and it logged in to every device I had on my network. I now have 6 useless devices having taken them off the network and replaced with a more secure solution until WD issue a firmware fix that resolves this issue.

1 Like

Still no official answer from WD?!
How long you want close your eyes for security, WD?

Also more topics are created: