A vulnerability in Synology Photos app
Synology NAS hard drive owners are advised to update their device as soon as possible should they be using it currently. As reported by Wired last week, a team of Dutch security researchers found a zero-click vulnerability in the Synology Photos app. It is perhaps stunning to the uninitiated such bugs let a hacker exploit a system without the target audience clicking on anything at all.
It means that millions of users can be at potential risk.
Security firm Midnight Blue, which found the bug, believes that as many as tens of millions of Synology users may be affected. However, Synology’s NAS devices do not opt to download security patches automatically, though the company has presented a recent update for this problem. “Actually engaging it can be a very lonely experience, especially when it is not possible to do so in company,” Carlo Meijer,of the research team told Wired.
The tendencies that could stem out of this weakness
Midnight Blue also reports that this zero-click vulnerability is located in an unauthenticated portion of the Synology Photos app. Therefore, attackers can get into this bug directly through the internet without the need to penetrate a gateway. This make it possible for them to gain root access and implant some kind of malicious code into the affected machine. After that, everything is absolutely endless for a rogue individual, they even turn the device into a botnet. As much as the foregoing is theory, the likelihood of a ransomware gang taking an interest in Synology devices is real. According to some of the users of DiskStation, they suffered from ransomware attack earlier this year.
