Research on NAS Devices and Exposure of their Vulnerabilities

The home routers are considered to have less security and vulnerable code but recently it has been found that the NAS (Network Attached Storage) devices. In fact are more vulnerable.

NASThe NAS devices from ten such manufacturers has been identified and it was analysed on the basis of the preliminary findings, that vulnerabilities were to be found to all of them and that at least 50 % of them could be exploited without any sort of authentication.

Some of the devices which were subject to such evaluation were Asustor’s D-LINK’s DNS-345, AS-602T, Western Digital’s MyCloud EX4, Buffalo’s TeraStation 5600,TRENDnet’s TN-200 and TN-200T1, Seagate’s BlackArmor 1BW5A3-570 QNAP’s TS-870, Netgear’s ReadyNAS104, Lenovo’s IX4-300D and ZyXEL’s NSA325 v2.

The issue has caught the attention of MITRE, the security organization, which thereby has issued 22 CVE (Common Vulnerabilities and Exposures) Identifiers based on this issue. The research is still on going and the researcher is expecting to find more such findings based on these vulnerabilities.

Some of the issues that were found in the NAS systems were:

  • Overflowing Buffers

  • Bypasses and Failures linked to Authentication

  • Command Injection

  • Disclosure of Information

  • Request Forgery Cutting across Sites

  • Backdoor Accounts

  • Low Quality Session Management

  • Directory Traversal

The vulnerabilities were all communicated to the respective vendors, but the problem is that the release of the rectifying patches can take a long time.

Let us now try to find what happens with the compromise of such NAS devices and what happens when the routers are compromised.

When there is an attack on the router, the basic purpose served can be a control of the internet traffic but when the device in question is the NAS device, then the exposure happens to the more sensitive information stored on such devices.The router is always more accessible from the internet, but this in any way does not mean that the NAS devices are subjected less to such attacks.

There have been instances of hackers minting cryptocurrency, by virtue of such NAS devices. Some Synology NAS device owners have reported such cases like file-encrypting Malware programs by the name of Synolocker.

Traffic hijacking from other devices from the same network set up can also be possible by the attackers, with the help of such techniques like ARP spoofing. The cause is the compromise of the NAS device.The use of the same code in the high-end and low-end devices by these NAS vendors makes them more vulnerable. The same vulnerabilities can be found in the low-cost home based product as well as the high cost, Enterprise NAS systems. This leads to the inference that just paying more money does not ensure that we are not buying a device, which is less vulnerable or compromising.

A SOHO Router hacking contest has been organized by Independent Security Evaluators in partnership with the Electronic Frontier Foundation. The purpose is to raise more awareness on this issue and make the users aware of such compromising situations, due to the poor level of security features for these types of devices.