A critical zero-click security flaw has been discovered in popular storage devices around the world. It potentially affects millions of people.
When we talk about security breachyou should know that its type influences its severity. THE “zero-day” for example, are particularly serious since they designate those for which no patch exists at the time of their discovery.
There are also so-called “zero-click” vulnerabilities. Also very dangerous, they are vulnerabilities that hackers can exploit without you having to do anything. No downloading an infected attachment, no installing disguised malware, nothing.
The one discovered by cybersecurity researchers at Midnight Blue is one of them. She was spotted as part of the concours de hacking Pwn2Ownwhich aims precisely to reveal as many flaws as possible so that they can be quickly filled.
Here, these are millions of storage devices who are affected. More precisely, branded NAS Synology. Network attached storage servers are a particularly interesting target as they contain a lot of data.
Zero-click security flaw affects millions of storage devices
The vulnerability lies in theapplication BeePhotos installed and enabled by default on many Synology NAS. It allows attackers toaccess the machine and steal what it containsbut alsoimplant malware or a hidden access door (a “backdoor”). Models in the BeeStation range are affected. Those who have downloaded the photos application in question from others are also affected.
The researchers were able to identify NAS used by the French police for example, but also by transport companies or law firms in the United States or even in South Korea. Alert, Synology has deployed fixes, except they are not applied automatically.
You must therefore make sure to manually update the BeePhotos app to avoid any risk of infection. If they weren't aware of it, hackers can now use the patch to figure out how to exploit the flaw, so don't delay.
Source : Wired
Related News :