back to article Ooooh, that's NASty. Security-watchers warn over man-in-the-middle risk

Vulnerabilities in a network attached storage (NAS) devices made by QNAP Systems create a potential means for hackers to steal data and passwords, execute commands or drop malware on vulnerable kit, say security researchers. Researchers at F-Secure claim they have found a series of weaknesses in the firmware update process of …

  1. sitta_europea Bronze badge

    So what has everybody been doing since last February??

  2. Hans 1 Silver badge
    Boffin

    Don't update!!!! No, don't update!!!!

    Use the vulnerability to flash FreeBSD or Linux onto the boxes ... we need firmware, anybody ?

    Then, you'll have a NAS box as safe as can get!

    1. Anonymous Coward
      Anonymous Coward

      Re: Don't update!!!! No, don't update!!!!

      I guess off topic, but I like a lot of the little boxes these 1 off NAS machines come in, I kust never like the hardware they run. I've seen $500 boxes that look neat, but they basically are running a raspi. A lot of them don't even list if the RAM is ECC, which seems trivial to list. I keep an eye out for gutted ones on Ebay just for the cases.

    2. Youngone Silver badge

      Re: Don't update!!!! No, don't update!!!!

      I'm pretty sure the QNAP machines are pretty much all x86, so it would be pretty easy to install Linux or FreeBSD. The one I have is anyway.

      1. Mark 65

        Re: Don't update!!!! No, don't update!!!!

        I seem to recall reading a guide on the webs that someone wrote detailing how to install Ubuntu with ZFS support.

  3. John Smith 19 Gold badge
    FAIL

    Another network connected appliance mfg that doesn't think it's their problem.

    I'm sort of amazed there isn't some little company that can supply a turn key verified package that can handle this. Accept update requests securely, process them, send them out and check they've been installed properly.

    Who'd pay for something like that?

    Who should pay for something like that is anyone too f**king incompetent to do it themselves.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019