Un-Patched Synology NAS Devices Used to Mine Dodge Coin

There is an interesting story that is making the rounds on the internet that relates to Synology NAS devices, but so far has not really gotten the right press coverage. As with many things, the rush to get the story out often means a lack of data to properly cover the incident. In the case of the Synology boxes that were taken over to mine dodge coin this appears to be the case. So with that in mind let’s take a look at the story as it transpired.

Back in September of 2013 there was a report that Synology NAS devices were being hacked and used to mine dodge coin. The boxes in question were running Disk Station Manager (DSM) 4.3 and 4.2. Synology was contacted and on the 23rd they were able to issue a patch for those versions of their NAS OS. In February of 2014 they also patched the beta version of DSM 5.0 for the same problem and followed up with a press release about the issue and what to do.

At the same time Synology found that a large number of users had still not updated their NAS devices which allowed hackers to expand their network and amass around $620,000 from this network of NAS boxes. The flaw was fairly simple and could get you into NAS boxes that were exposed to the internet and were running unpatched versions of DSM. In many cases this was due to the lack of a firewall or the installation of certain applications that respond to external commands. Using the search string site:synology.me in Google would yield a number of results that would allow access. This flaw is what allowed a hacker with the nick name Folio to install his mining application onto the devices.

Now remember that the flaw was patched for DSM 4.3 and 4.2 back in September, but in many cases individual (and SMB) users did not update in a timely manner. This kept them exposed to the threat and allowed the hack to expand. Synology also patched the beta version of DSM 5.0 which meant the bug was fixed in the final release. Anyone running the final version of DSM 5.0 already has the patch and does not need to worry about this flaw.

According to Synology they have now made auto-updating the default so that security issues can be fixed much more rapidly and cover a much larger user base. You can still turn auto updates off if you need to, but they recommend that you check to make sure you are not missing any updates for critical security issues.

In the end the flaw was not a good thing for the users that had their NAS boxes hijacked, but it did expose a flaw in the design of a popular product which is now secured from access. This issue along with a few others from 2013 show that embedded operating systems can be a cause for concern. It is important not to assume that any device which can grant access from the outside world via an app or simply through a website is secure. Synology did a good job of securing their production operating system when this flaw was first identified, the problem came from a lack of end user understanding that there was a problem and that a simple patch fixed it.

Tell us what you think in our Forum

No comments

Leave your comment

In reply to Some User