Jump to content

Recommended Posts

Just read this, lately QNAP has frequently ransomware problems !

As some of use use Roon on their Linn system, this may be helpful. 

Vulnerability in Roon Server

  • Release date: May 14, 2021
  • Security ID: QSA-21-17
  • Affected products: QNAP NAS running Roon Server
  • Status: Investigating

Summary

The QNAP security team has detected an attack campaign in the wild related to a vulnerability in Roon Server. QNAP NAS running the following versions of Roon Server may be susceptible to attack:

  • Roon Server 2021-02-01 and earlier

We have already notified Roon Labs of the issue and are thoroughly investigating the case. We will release security updates and provide further information as soon as possible.

Recommendation

QNAP recommends users not to expose their NAS to the internet. Before a security update is available from Roon Labs, we also recommend disabling Roon Server to prevent potential attacks.

  • Like 2
Link to post
Share on other sites

Thanks for the warning. I issued a similar warning a few weeks back when my QNAP NAS was attacked by ransomeware. I am seriously thinking of getting another NAS from another company and putting the QNAP on eBay. I have an old HP microserver that I could use as well. The security issues with QNAP are becoming a major concern.

  • Like 1
Link to post
Share on other sites
Quote
The security issues with QNAP are becoming a major concern.

I have the same impression !

Also thinking to replace the NAS with a Mac Mini. 
LD

  • Like 2
Link to post
Share on other sites
Posted (edited)
10 hours ago, Billz said:

I have an old HP microserver that I could use as well. 

I used an HP Microserver for years with first WHS 2011 and then Win10, and Asset. Worked very well indeed. I use an Intel NUC for music now, but the Microserver is still doing sterling work as a Plex server and for backups. I even bought a second one cheaply on ebay so I had spares!

Mick

Edited by MickC
  • Like 1
  • Upvote 1
Link to post
Share on other sites
1 hour ago, LudwigD said:

I have the same impression !

Also thinking to replace the NAS with a Mac Mini. 
LD

I’m very happy with my Synology DS716 running Roon. 4 years old NAS but stable and good.

However, the Roon for Synology is not official from Roon. But, is recognised and directed to by them…

  • Like 1
Link to post
Share on other sites
Quote

This vulnerability is not caused by Roon Server.
It is located in the web interface of the QNAP Roon Server app.

The Synology Diskstations do not have this web interface (QNAP). Due to that, there is no related threat on disk stations....

From Roonlabs Community. 

Link to post
Share on other sites
Posted (edited)
1 hour ago, LudwigD said:

I have the same impression !

Also thinking to replace the NAS with a Mac Mini. 
LD

Exactly what I did and no regrets at all. Mine was Synology: I never got on with it. I use a 2012 Mac mini with Thunderbolt Attached Storage as a music server. The only way I can think I could suffer from Ransomeware is if it came bundled with JRiver or XLD or an Apple update, which I sincerely hope will never happen. There is no other reason for it to connect to the Internet. 

How does the Ransomeware get on to the QNAP? Does Roon use get things from the Internet even if you're playing music stored on your NAS to a DS sitting next to it? Has a nasty so-and-so managed to embed the Ransomeware in the the web interface of the QNAP Roon Server app? 

Edited by Nestor Turton
Link to post
Share on other sites
Posted (edited)
On 14/05/2021 at 22:30, Billz said:

I am seriously thinking of getting another NAS from another company and putting the QNAP on eBay.

Be careful which way you jump. These things tend to be cyclical. A vulnerability is found in manufacturer A, attacks begin, manufacturer A fixes vulnerabilities, manufacturer A ups its security game, a vulnerability is found in manufacturer B....

You might end up bolting to a different stable just as your stable is being more firmly locked.

Edited by entdgc
  • Like 1
  • Upvote 1
Link to post
Share on other sites
12 hours ago, Nestor Turton said:

How does the Ransomeware get on to the QNAP?

If it is connected to the internet (which most NAS are via your router - as is probably your MAC mini) then it is more or less vulnerable. Yes you can lock things down as much as possible by not deliberately opening it up to the web (no external access for you, no hosting of web sites for you, no sharing data with others etc) but it is still theoretically open (but much less so) to attack via exploitation of obscure bugs in the OS.

  • Upvote 1
Link to post
Share on other sites
Posted (edited)

There is no route from a host on the Internet to a device connected to home LAN. Most home LANs use the same private address space 192.168.0.0 – 192.168.255.255. So when my Mac mini connects to the Internet, its address is translated to a routable IP address in my ISP’s unique address space. Network Address Translation enables a host on the Internet  to respond to requests from a host on the home LAN (https://en.wikipedia.org/wiki/Network_address_translation#One-to-many_NAT

A host on the Internet cannot initiate a communication with my Mac mini: assuming no forwarding to my Mac mini has been configured in to the router as could be done if I wanted to access my music library from the Internet, not something I would ever set up. So my Mac mini must initiate the connection. So to pick up ransomeware, a device on my network would need to initiate the request. And yes a malicious application that had gotten on to my Mac mini could do this, but the only applications on my Mac mini music server are ones from Apple and JRiver (in my case as I do not use any Internet streaming services), the only time my Mac mini needs to attach to the Internet is for updates (JRiver can do Internet lookups, but I have removed these links so I don’t use them inadvertently). 

So if my logic is correct then something on the QNAP server must be requesting the ransomware. I don’t know who supplies the QNAP Roon Web App, but if it has been compromised then it could do this. Makes me glad I’m not a Roon user. 

if I were running Roon on QNAP then I would use a service like Shields Up (https://www.grc.com/shieldsup) to do a quick scan of my network. If I found it was listening for incoming connections from the Internet this would worry me. I am far too paranoid to use cloud services or trust proxy servers from Internet VPN providers. 

It is a while since my time in the industry and I have not kept myself up to date with trends so there may be ways to circumvent NAT that I no nothing about. 

Edited by Nestor Turton
Link to post
Share on other sites
Posted (edited)

Synology had a ransomware attack in the mid early part of this decade said Google, so yes, this is cyclical. I did a bit of reading and shut off, disabled, or deleted all the QNAP services I didn't need, and were implicated in this latest exploit. It was a useful exercise to go into my NAS and root around under the hood. It is a shame though. I'd love to create my own Dropbox clone with my NAS....dad gum hackers!

Edited by Jail4CEOs2
Link to post
Share on other sites
Posted (edited)
1 minute ago, Jail4CEOs2 said:

Synology had a ransomware attack in the mid early part of this decade said Google, so yes, this is cyclical. I did a bit of reading and shut off, disabled, 

Edited by Jail4CEOs2
Edit function broken!
Link to post
Share on other sites

I'm running Roon core with QNAP TS-253D NAS. I did all the safety procedures recommended here and shut down connection to internet. Can't stream my music collection on the go through Plex server for now but I read on Roon forums that fix is already submitted to QNAP and should be released any day now. 

  • Like 2
Link to post
Share on other sites
7 hours ago, Patu said:

I read on Roon forums that fix is already submitted to QNAP

@Nestor Turton This quote from Patu seems to imply that Roon have ultimate responsibility for the software in question...

  • Upvote 1
Link to post
Share on other sites
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...