The Download
A new zero-click vulnerability in Synology Network Attached Storage (NAS) devices exposes users to remote exploitation risks. This flaw allows attackers to execute code remotely without user interaction, hence 'no click', leading to unauthorized data access, control over the device, or even launching further attacks on network-connected systems. Since no action is needed from the user for exploitation, the vulnerability heightens risk for critical infrastructure and data privacy, particularly in businesses reliant on NAS devices for data storage and backup. The vulnerability stems from a photo app called SynologyPhotos which comes pre-installed and enabled by default with Synology BeeStation storage devices. Users of the DiskStation devices also download the app. Synology servers are a popular target by ransomware groups because it often serves as the primary onsite backup storage for companies' devices.
What You Can Do
IT administrators should apply the latest firmware updates for Synology NAS devices immediately to patch the zero-click vulnerability. They should also review and limit network exposure, disable any unnecessary remote access options, and ensure NAS devices are segmented from sensitive network resources. Monitoring device logs for suspicious activity and enabling alerts can further assist in detecting potential compromise attempts quickly.
Run ThreatMate to determine if your Synology NAS is vulnerable to attack.
To Learn More: