Hello
Can somebody let me know if WD have ironed out the security vulnerabilities highlighted in March/April of this year?
Hello
Can somebody let me know if WD have ironed out the security vulnerabilities highlighted in March/April of this year?
Apologies, meant to post this under my cloud mirror.
You most likely will NOT get much of an an official answer from WD other than what they post in firmware readme/change log file and what one of their staff has posted previously (see this link for example).
For the single bay My Cloud units (know you mentioned you have a Mirror) there were two separate discussions on the various security issues with the single bay/drive firmware.
https://community.wd.com/t/endgadet-warns-about-security-problem/198086
https://community.wd.com/t/latest-firmware-still-vulnerable/96743
Short answer, no one knows for certain until the various My Cloud units updated firmware is tested against the various (and many) exploits previously publicly announced.
Thanks for the reply.
So, what do I do in the interim?
Note that this is generally a user to user support forum. As such what people suggest here are just that, suggestions and in no way are supported or recommended by WD. That said, the choice is yours. It all depends on how serious you want to treat the issue. You could leave remote access on. You can choose to turn it off. You can even choose to remove the My Cloud from the network entirely. It all depends on your needs.
There are also a number of ways (that may be discussed in the other discussions posted above) to isolate the My Cloud from other network users and from the internet to try and reduce the access to the My Cloud. These may include segmenting the local LAN. Or instituting rules to block traffic to the My Cloud.
No matter what you choose, the general consensus in the other discussion threads is that once you disable Remote Access and FTP (or other similar access) through the My Cloud Dashboard that would typically limit the My Cloud attack vector through the local computer being compromised, or through someone compromising your WiFi or wired network (physical access) to gain access to the My Cloud.
It will all depend on how security conscious you want to be.