11/08/2024

Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack

A vulnerability on Synology could give attackers the ability to steal data and more

A popular device and application used by millions of individuals and businesses around the world to store documents is vulnerable to a zero-click flaw, a group of Dutch researchers have discovered.

The vulnerability, which is called zero-click because it doesn’t require a user to click on anything to be infected, affects a photo application installed by default on popular network-attached storage (NAS) devices made by the Taiwanese firm Synology. The bug would allow attackers to gain access to the devices to steal personal and corporate files, plant a backdoor or infect the systems with ransomware to prevent users from accessing their data.

The SynologyPhotos application package comes preinstalled and enabled by default on Synology's line of BeeStation storage devices but is also a popular application downloaded by users of its DiskStation storage systems, which allow users to augment their storage capacity with removable components. Several ransomware groups have targeted network-attached storage devices made by Synology and others in recent years, going back to at least 2019. Earlier this year, users of Synology’s DiskStation system specifically reported being hit with ransomware.

Please select this link to read the complete article from WIRED.