Close Menu
Technology Mag

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    What's Hot

    The iPhone Air’s battery pack is slim, but not as slim as the iPhone Air

    September 9, 2025

    Verge staffers react to the iPhone Air: what we love and don’t love

    September 9, 2025

    ICE Has Spyware Now

    September 9, 2025
    Facebook X (Twitter) Instagram
    Subscribe
    Technology Mag
    Facebook X (Twitter) Instagram YouTube
    • Home
    • News
    • Business
    • Games
    • Gear
    • Reviews
    • Science
    • Security
    • Trending
    • Press Release
    Technology Mag
    Home » Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack
    Security

    Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack

    News RoomBy News RoomNovember 5, 20243 Mins Read
    Facebook Twitter Pinterest LinkedIn Reddit WhatsApp Email

    The researchers also said the photo application, which helps users organize photos, provided easy access whether customers connect their NAS device directly to the internet themselves or through Synology’s QuickConnect service, which allows users to access their NAS remotely from anywhere. And once attackers find one cloud-connected Synology NAS, they can easily locate others due to the way the systems get registered and assigned IDs.

    “There are a lot of these devices that are connected to a private cloud through the QuickConnect service, and those are exploitable as well, so even if you don’t directly expose it to the internet, you can exploit [the devices] through this service, and that’s devices in the order of millions,” says Wetzels.

    The researchers were able to identify cloud-connected Synology NASes owned by police departments in the United States and France, as well as a large number of law firms based in the US, Canada, and France, and freight and oil tank operators in Australia and South Korea. They even found ones owned by maintenance contractors in South Korea, Italy, and Canada that work on power grids and in the pharmaceutical and chemical industries.

    “These are firms that store corporate data … management documents, engineering documents and, in the case of law firms, maybe case files,” Wetzels notes.

    The researchers say ransomware and data theft aren’t the only concern with these devices—attackers could also turn infected systems into a botnet to service and conceal other hacking operations, such as a massive botnet that Volt Typhoon hackers from China had built from infected home and office routers to conceal their espionage operations.

    Synology did not respond to a request for comment, but the company’s web site posted two security advisories related to the issue on October 25, calling the vulnerability “critical.” The advisories, which confirmed that the vulnerability was discovered as part of the Pwn2Own contest, indicate that the company released patches for the vulnerability. Synology’s NAS devices do not have automatic update capability, however, and it’s not clear how many customers know about the patch and have applied it. With the patch released, it also makes it easier for attackers to now figure out the vulnerability from the patch and design an exploit to target devices.

    “It’s not trivial to find [the vulnerability] on your own, independently,” Meijer tells WIRED, “but it is pretty easy to figure out and connect the dots when the patch is actually released and you reverse-engineer the patch.”

    Share. Facebook Twitter Pinterest LinkedIn WhatsApp Reddit Email
    Previous ArticleOceanGate Faces Federal Investigation a Year After the Titan Submersible Implosion
    Next Article Hori’s officially licensed Steam controller is coming to the US

    Related Posts

    ICE Has Spyware Now

    September 9, 2025

    US Congressman’s Brother Lands No-Bid Contract to Train DHS Snipers

    September 9, 2025

    No, Trump Can’t Legally Federalize US Elections

    September 6, 2025

    SSA Whistleblower’s Resignation Email Mysteriously Disappeared From Inboxes

    September 6, 2025

    Automated Sextortion Spyware Takes Webcam Pics of Victims Watching Porn

    September 5, 2025

    How to Stop Using Passwords and Start Using Passkeys

    September 5, 2025
    Our Picks

    Verge staffers react to the iPhone Air: what we love and don’t love

    September 9, 2025

    ICE Has Spyware Now

    September 9, 2025

    Here’s a first look at the iPhone 17

    September 9, 2025

    Hands-on with all the new Apple Watches: Series 11, Ultra 3, and SE 3

    September 9, 2025
    • Facebook
    • Twitter
    • Pinterest
    • Instagram
    • YouTube
    • Vimeo
    Don't Miss
    News

    Apple barely talked about AI at its big iPhone 17 event

    By News RoomSeptember 9, 2025

    Apple’s hotly-anticipated Apple event was chock-full of news about updates to AirPods, the Apple Watch,…

    Our first look at the iPhone 17 Pro and 17 Pro Max

    September 9, 2025

    Apple will launch watchOS 26 on September 15th

    September 9, 2025

    Apple announces new entry-level Apple Watch SE 3

    September 9, 2025
    Facebook X (Twitter) Instagram Pinterest
    • Privacy Policy
    • Terms of use
    • Advertise
    • Contact
    © 2025 Technology Mag. All Rights Reserved.

    Type above and press Enter to search. Press Esc to cancel.