Claroty Named a Strong Performer in The Forrester Wave™: Operational Technology Security Solutions, Q2 2024
Download the Report
Claroty Toggle Search


A Pain in the NAS: Exploiting Cloud Connectivity to PWN Your NAS

In this on-demand webinar, Team82 Vulnerability Researcher Noam Moshe and Editorial Director Mike Mimoso will take a deep dive into Claroty Team82’s research into the security of NAS devices sold by two of the biggest network-attached storage vendors, Western Digital and Synology. You’ll learn about how Team82 researchers were able to uncover and exploit vulnerabilities that allowed them to enumerate and impersonate edge devices, steal cloud proxy authentication tokens, and access files stored on the devices.

Topics covered will include:

  • Team82's NAS research journey, which began at Pwn2Own Toronto in 2022 and culminated with an impressive coordinated disclosure with both affected vendors and ZDI to address all of the issues

  • How Team82 broke the cloud-based authentication schemes of both vendors' NAS devices — which would put the data of millions at risk if carried out by an adversary

  • Why existing NAT/firewall protections could be bypassed to achieve remote code execution on both vendors’ NAS devices when connected to the cloud

Interested in learning about Claroty's Cybersecurity Solutions?

Watch the Webinar

Please complete the form to view the Webinar.

LinkedIn Twitter YouTube Facebook