Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    What’s next for Apple after the iPhone 17?

    September 14, 2025

    Rolling Stone’s parent company sues Google over AI Overviews

    September 14, 2025

    Nintendo Drops Surprise Trailer for New ‘Super Mario Galaxy Movie’

    September 14, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack
    Security

    Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack

    News RoomBy News RoomNovember 5, 20243 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    The researchers also said the photo application, which helps users organize photos, provided easy access whether customers connect their NAS device directly to the internet themselves or through Synology’s QuickConnect service, which allows users to access their NAS remotely from anywhere. And once attackers find one cloud-connected Synology NAS, they can easily locate others due to the way the systems get registered and assigned IDs.

    “There are a lot of these devices that are connected to a private cloud through the QuickConnect service, and those are exploitable as well, so even if you don’t directly expose it to the internet, you can exploit [the devices] through this service, and that’s devices in the order of millions,” says Wetzels.

    The researchers were able to identify cloud-connected Synology NASes owned by police departments in the United States and France, as well as a large number of law firms based in the US, Canada, and France, and freight and oil tank operators in Australia and South Korea. They even found ones owned by maintenance contractors in South Korea, Italy, and Canada that work on power grids and in the pharmaceutical and chemical industries.

    “These are firms that store corporate data … management documents, engineering documents and, in the case of law firms, maybe case files,” Wetzels notes.

    The researchers say ransomware and data theft aren’t the only concern with these devices—attackers could also turn infected systems into a botnet to service and conceal other hacking operations, such as a massive botnet that Volt Typhoon hackers from China had built from infected home and office routers to conceal their espionage operations.

    Synology did not respond to a request for comment, but the company’s web site posted two security advisories related to the issue on October 25, calling the vulnerability “critical.” The advisories, which confirmed that the vulnerability was discovered as part of the Pwn2Own contest, indicate that the company released patches for the vulnerability. Synology’s NAS devices do not have automatic update capability, however, and it’s not clear how many customers know about the patch and have applied it. With the patch released, it also makes it easier for attackers to now figure out the vulnerability from the patch and design an exploit to target devices.

    “It’s not trivial to find [the vulnerability] on your own, independently,” Meijer tells WIRED, “but it is pretty easy to figure out and connect the dots when the patch is actually released and you reverse-engineer the patch.”

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleOceanGate Faces Federal Investigation a Year After the Titan Submersible Implosion
    Next Article Hori’s officially licensed Steam controller is coming to the US

    Related Posts

    Apple’s Big Bet to Eliminate the iPhone’s Most Targeted Vulnerabilities

    September 13, 2025

    Defense Department Scrambles to Pretend It’s Called the War Department

    September 12, 2025

    US Investment in Spyware Is Skyrocketing

    September 11, 2025

    Cindy Cohn Is Leaving the EFF, but Not the Fight for Digital Rights

    September 11, 2025

    Massive Leak Shows How a Chinese Company Is Exporting the Great Firewall to the World

    September 10, 2025

    ICE Has Spyware Now

    September 9, 2025
    Our Picks

    Rolling Stone’s parent company sues Google over AI Overviews

    September 14, 2025

    Nintendo Drops Surprise Trailer for New ‘Super Mario Galaxy Movie’

    September 14, 2025

    Phone batteries are getting more compact, but the US is missing out

    September 14, 2025

    The iPhone to get this year

    September 14, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    Science

    Falcon 9 Milestones Vindicate SpaceX’s ‘Dumb’ Approach to Reuse

    By News RoomSeptember 14, 2025

    As SpaceX’s Starship vehicle gathered all of the attention this week, the company’s workhorse Falcon…

    Save 50 percent on Paramount Plus subscriptions, and get $60 off a solar-powered dash cam

    September 13, 2025

    Spotify Lossless is an inconvenient improvement

    September 13, 2025

    Apple’s Big Bet to Eliminate the iPhone’s Most Targeted Vulnerabilities

    September 13, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.