Concept Worm Could Spread Between Networked Attached Storage Systems

Kelly Jackson Higgins over at Dark Reading has a really interesting story about a researcher who is building a NAS worm. That’s right: some automated malware that will be capable of roaming the Internet finding and compromising consumer network attached storage (NAS) devices.

A researcher has created a worm that spreads between network attached storage (NAS) devices, like this one from Synology.
A researcher has created a worm that spreads between network attached storage (NAS) devices, like this one from Synology.

Higgins interviewed Jacob Holcomb, a security analyst at the firm Independent Security Evaluators, has rolled more than two dozen previously unknown and undiscovered (‘zero day’) software vulnerabilities in NAS products into a proof-of-concept, self-replicating worm.

According to Higgins, the worm scans for vulnerable services running on NAS systems — mostly web servers — and identifies the type of NAS device and whether it harbors the bugs. If a known, vulnerable platform is discovered, the worm launches the corresponding exploit from its quiver to take control of the device.

Compromised devices are then used to scan for other, similar devices. Holcomb has already informed affected vendors – a list that includes names like Seagate, D-Link, Lenovo, Western Digital, Netgear, HP, and Synology, among others.

“I wanted to actually develop a POC myself and present it so people can understand the ramifications as my findings are being demonstrated and publicly disclosed, versus six months later when adversarial attackers are trying to exploit it for profit,” Holcomb told Dark Reading.

NAS products are among a range of always-on connected home devices that have increasingly come under fire from malicious attackers. In August, some customers using Synology NAS products found their devices compromised by the Synolocker (TM) malware, which encrypted the device’s contents and held it for a ransom (payable in BitCoin, of course).

NAS devices are increasingly common, as home users look to consolidate photos, video and other digital possessions. Many also include ‘private cloud’ features that let users set up their own equivalent of commercial cloud hosting services like DropBox. However, attackers have discovered that remotely accessible NAS devices are often loosely managed and are easy targets for compromise. Attacks on NAS devices stand alongside similar attacks aimed at broadband routers, which are being enlisted as part of criminal botnets or used to direct home users to malicious web sites that harvest online banking and e-commerce credentials as part of identity theft scams.

Read more via Worm Illuminates Potential NAS Nightmare.

Comments are closed.