Some NAS Devices Are Being Exploited By Remote Hackers
Do you have any network-attached storage (NAS) devices attached to your home or corporate network? If so, be advised that they've become the new favorite inroad for hackers around the world. According to a report recently published by researchers at 360 Netlab, hacking groups are increasingly exploiting weaknesses in some NAS devices running a variety of QNAP firmware versions that suffer from command injection vulnerabilities.
The good news is that this vulnerability has already been addressed by QNAP with their release of firmware version 4.3.3. The better news is that the company addressed this back in July of 2017.
Unfortunately, not many people are good about keeping their firmware up to date, so you may have one or more vulnerable devices and not even realize it. Both QNAP and the researchers at 360 Netlab recommend checking the version number of the firmware you're using, and upgrading immediately if you are at risk.
If you're looking for additional technical details about what caused the problem and how it was addressed, see below.
QNAP had this to say about version 4.3.3 of their firmware:
"This release replaced the system function with qnap_exec, and the qnap_exec function is defined in the /usr/lib/libuLinux_Util.so.0," 360 Netlab said. By using the execv to execute custom command, command injection has been avoided."
Sadly, this isn't the first time QNAP has been the target of hackers. In fact, there's an ongoing ransomware campaign that utilizes eChoraix ransomware to encrypt NAS devices. Just last month, the US's CISA and the UK's NCSC issued a joint malware alert about a malware strain called QSnatch that also targets QNAP NAS devices.
In any event, although this issue has long been resolved, it's clear that there are a great number of vulnerable devices out there, both on home and office networks. Kudos to 360 Netlab for shining a light on them, and to QNAP for moving swiftly to correct the issue.