"There are a lot of these devices that are connected to a private cloud through the QuickConnect service, and those are exploitable as well, so even if you don't directly expose it to the internet, you can exploit [the devices] through this service, and that's devices in the order of millions," says Wetzels.
"These are firms that store corporate data ... management documents, engineering documents and, in the case of law firms, maybe case files," Wetzels notes.
The researchers say ransomware and data theft aren't the only concern with these devices-attackers could also turn infected systems into a botnet to service and conceal other hacking operations.
Synology's web site posted two security advisories related to the issue on October 25, calling the vulnerability "critical" and confirming its discovery as part of the Pwn2Own contest.
Collection
[
|
...
]