Thursday, June 12, 2025
LBNN
  • Business
  • Markets
  • Politics
  • Crypto
  • Finance
  • Energy
  • Technology
  • Taxes
  • Creator Economy
  • Wealth Management
  • Documentaries
No Result
View All Result
LBNN

Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack

Simon Osuji by Simon Osuji
November 2, 2024
in Artificial Intelligence
0
Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack
0
SHARES
2
VIEWS
Share on FacebookShare on Twitter


The researchers also said the photo application, which helps users organize photos, provided easy access whether customers connect their NAS device directly to the internet themselves or through Synology’s QuickConnect service, which allows users to access their NAS remotely from anywhere. And once attackers find one cloud-connected Synology NAS, they can easily locate others due to the way the systems get registered and assigned IDs.

“There are a lot of these devices that are connected to a private cloud through the QuickConnect service, and those are exploitable as well, so even if you don’t directly expose it to the internet, you can exploit [the devices] through this service, and that’s devices in the order of millions,” says Wetzels.

The researchers were able to identify cloud-connected Synology NASes owned by police departments in the United States and France, as well as a large number of law firms based in the US, Canada, and France, and freight and oil tank operators in Australia and South Korea. They even found ones owned by maintenance contractors in South Korea, Italy, and Canada that work on power grids and in the pharmaceutical and chemical industries.

“These are firms that store corporate data … management documents, engineering documents and, in the case of law firms, maybe case files,” Wetzels notes.

The researchers say ransomware and data theft aren’t the only concern with these devices—attackers could also turn infected systems into a botnet to service and conceal other hacking operations, such as a massive botnet that Volt Typhoon hackers from China had built from infected home and office routers to conceal their espionage operations.

Synology did not respond to a request for comment, but the company’s web site posted two security advisories related to the issue on October 25, calling the vulnerability “critical.” The advisories, which confirmed that the vulnerability was discovered as part of the Pwn2Own contest, indicate that the company released patches for the vulnerability. Synology’s NAS devices do not have automatic update capability, however, and it’s not clear how many customers know about the patch and have applied it. With the patch released, it also makes it easier for attackers to now figure out the vulnerability from the patch and design an exploit to target devices.

“It’s not trivial to find [the vulnerability] on your own, independently,” Meijer tells WIRED, “but it is pretty easy to figure out and connect the dots when the patch is actually released and you reverse-engineer the patch.”



Source link

Related posts

How Waymo Handles Footage From Events Like the LA Immigration Protests

How Waymo Handles Footage From Events Like the LA Immigration Protests

June 12, 2025
An Experimental New Dating Site Matches Singles Based on Their Browser Histories

An Experimental New Dating Site Matches Singles Based on Their Browser Histories

June 12, 2025
Previous Post

Africa Regional Certification Commission for Polio Eradication urges heightened efforts in 2025 to restore immunity and make polio history

Next Post

Forest therapy for wildfire survivors

Next Post
Forest therapy for wildfire survivors

Forest therapy for wildfire survivors

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

RECOMMENDED NEWS

EU approves controversial AI Act to mixed reactions

EU approves controversial AI Act to mixed reactions

1 year ago
M-KOPA and Bolt partner to launch e-bike initiative in Kenya

M-KOPA and Bolt partner to launch e-bike initiative in Kenya

1 year ago
Who wrote this? Engineers discover novel method to identify AI-generated text

Who wrote this? Engineers discover novel method to identify AI-generated text

1 year ago
Africa’s Former Richest Woman Speaks Out Against ‘Dirty Money’ Accusations

Africa’s Former Richest Woman Speaks Out Against ‘Dirty Money’ Accusations

6 months ago

POPULAR NEWS

  • Ghana to build three oil refineries, five petrochemical plants in energy sector overhaul

    Ghana to build three oil refineries, five petrochemical plants in energy sector overhaul

    0 shares
    Share 0 Tweet 0
  • When Will SHIB Reach $1? Here’s What ChatGPT Says

    0 shares
    Share 0 Tweet 0
  • Matthew Slater, son of Jackson State great, happy to see HBCUs back at the forefront

    0 shares
    Share 0 Tweet 0
  • Dolly Varden Focuses on Adding Ounces the Remainder of 2023

    0 shares
    Share 0 Tweet 0
  • US Dollar Might Fall To 96-97 Range in March 2024

    0 shares
    Share 0 Tweet 0
  • Privacy Policy
  • Contact

© 2023 LBNN - All rights reserved.

No Result
View All Result
  • Home
  • Business
  • Politics
  • Markets
  • Crypto
  • Economics
    • Manufacturing
    • Real Estate
    • Infrastructure
  • Finance
  • Energy
  • Creator Economy
  • Wealth Management
  • Taxes
  • Telecoms
  • Military & Defense
  • Careers
  • Technology
  • Artificial Intelligence
  • Investigative journalism
  • Art & Culture
  • Documentaries
  • Quizzes
    • Enneagram quiz
  • Newsletters
    • LBNN Newsletter
    • Divergent Capitalist

© 2023 LBNN - All rights reserved.