Hacking the Western Digital MyCloud NAS

As we often discuss, your data is not private anymore. This is a sad reality that some people try and avoid by managing their own personal cloud - whether it be through a full NAS, a Lima device or any other means. The fact is that pretty much everything can be hacked if someone tries hard enough. Another sad reality is that if you have a MyCloud NAS from Western Digital, people don't have to try too hard at all.

In the middle of last year I (Zenofex) began looking for a NAS that provided hardware decoding through my currently prefered media player, Plex. After a bit of research I ordered a Western Digital “MyCloud” PR4100. This device met all the requirements of what I was looking for and came highly recommended by a friend. After adding the NAS to my network and visiting the device’s admin page for the first time, I grew weary of adding a new device to my network without giving it a proper audit. So, I logged in, enabled SSH access, and looked at how the web server functionality of the device worked.

Source: Exploitee