Company customers ignore whether this flaw brings more serious consequences
According to network
security and ethical hacking experts from the International Institute
of Cyber Security, multiple users of QNAP,
the manufacturer of storage systems connected to the network, report having
been affected by an unknown error that disables the automatic updating of users’
antivirus software.
The consequences that this incident caused are
still unknown, but the affected clients report that the most visible effect at
first sight is the aggregation of about 700 entries to the /etc/hosts file that redirects a request package to the
IP address 0.0.0.0.
A QNAP client, identified in the company’s
forum as ianch99, stated that this incident prevented their antivirus
software from updating automatically, as all requests for updating to
the vendor’s site were hidden. Some other users say that MalwareRemover, a tool
included in all QNAP devices, has multiple flaws, although specialists in
network security have not been able to confirm whether there is any relationship
between these two security issues.
“Updates can be installed if additional entries
are removed, but they will be re-activated after the system is rebooted,”
reports user ianch99. A Reddit user subsequently published a script, allegedly
developed by QNAP itself, to correct this error; apparently this is the only
known solution for this incident so far.
Multiple clients of the company externalized
their concern about the company’s lack of communication about this incident; “Many
of QNAP users might be able to do something to correct the problem if the
company shared more information,” a user posted in the company’s public chat.
Outstanding members of the cybersecurity
community have asked QNAP for an official statement, but the company has not
yet responded to these requests.
According to specialists in network security, a
couple of years ago a critical failure was discovered in the firmware of the
Taiwan established company, which caused severe damage to the data of the RAID
units “due to wrong performed calculations”. Weeks later this glitch was
corrected with a software update.
The /etc/hosts file causes domain searches made
from the host machine to go to specific IP addresses; the regular use that
customers give it on a regular basis is to force the blocking of unwanted
sites.
Although this is very easy to use, this same simplicity
makes it an interesting target for malicious program developers, who try to
disable anti-malware solution updates to have a greater rate of success in
their attacks.
