A proof-of-concept worm that can hunt network attached storage (NAS) devices has been created by a security researcher. According to Tech World, the worm can target devices created by three different manufacturers.
Jacob Holcomb discovered that NAS devices from 10 manufacturers were "all susceptible to root compromise", and that half of those did not need authentication. From there, he built a proof-of-concept worm, demonstrated at the Black Hat Europe security conference in Amsterdam, that can infect the Western Digital MyCloud EX4, TRENDnet TN-200/TN-200T1 and D-LINK DNS-345 devices automatically by "exploiting command injection and authentication bypass vulnerabilities," explains TechWorld, adding that "as far as he knows are still unpatched."
The BBC reports that Holcomb's original research uncovered "30 separate undocumented vulnerabilities in the NAS devices". Some of these would "give an attacker complete control over a device, letting them plunder the data on it, or use it as a way to get at other devices on that home network and spy on what people did online," the report adds.
The real danger, PC World notes, is that NAS devices tend not to have their own security or anti-virus software, meaning that even if the original malware is removed from the computers connected, the "compromise would allow attackers to maintain a foothold in the network."
The Black Hat Europe demonstration was done within a local area network, but there is scope for similar malware to be propagated to internet connected devices, making them vehicles for distributed denial-of-service attacks (DDoS) or other unwanted acts.
At this stage Holcomb has not released the code for the worm publicly, but PC World reports he plans to do so "after the affected vendors patch the vulnerabilities and users have a chance to upgrade." The BBC quotes Holcomb as stating that risks of this kind of exploit were reduced by "turning off unwanted features and services and ensuring the device can only be administered from within a home network."