News

QNAP Releases Firmware Update That Fixes Man-in-the-Middle Vulnerability

By admin
Spread the love

QNAP released an update to its QTS firmware last weekend, which runs many of its NAS devices. The patch closes a vulnerability that made it possible for an attacker to steal user data with a mitm attack.

QTS 4.2.3 build 20170121 is the version in which the problem should be solved. It is estimated by F-Secure, which identified the issue, that more than 1.4 million devices are actually running on the QTS firmware. However, it is not known exactly how many different models run on QTS and whether they can all download the latest version of the OS at the time of writing.

The Finnish security company F-Secure made the vulnerability public last week. At that time, the security holes were still in the QNAP products. Although it is not normally the intention to publicize such a threat until it is solved, the Finns say that they reported the security hole to QNAP almost a year ago, but nothing has happened since then.

The problem with QTS was that the NAS devices contacted the update server without encryption. If this request was intercepted and a fake response is returned, a fake firmware update could be installed that gives an outside attacker administrative privileges, after which he or she has free rein and can, for example, steal sensitive data from an owner.

QNAP Turbo vNAS TVS-663

You might also like
News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Xbox Community CEO Larry ‘Major Nelson’ Hryb is leaving Microsoft after…

News

AMD: Intel’s proposal for 64bit-only x86 architecture is very interesting