QNAP has extended protection for select end-of-life (EOL) network-attached storage (NAS) devices and will continue to issue security updates until October 2022. Customers with unsupported devices should be able to upgrade and have their data safeguarded from “evolving security threats” due to this.
“EOL models may lack computational capabilities, be short on operational memory, be unable to receive up-to-date component drivers, or possess other technical constraints or deprecated technology,” said the Taiwan-based NAS maker. Because of these factors, QNAP typically keeps security updates for four years following a product’s end-of-life date. This extension is part of a dedicated commitment to helping customers secure their devices from today’s security risks.
While the support date has been pushed out to October, the firm stated that these EOL devices would only receive security updates that address high severity and serious flaws. QNAP also said that customers should not connect EOL NAS systems to the Internet to avoid being hacked using exploits that target unpatched vulnerabilities.
This alert is similar to one sent in January, just before the Qlocker and DeadBolt ransomware outbreaks began affecting Internet-connected devices. Customers were cautioned that if their devices were exposed to the Internet, they were in great danger of being attacked. The System Administration service was easily accessible from external IP addresses.
According to QNAP, the following precautions should be taken to protect against attacks:
- Disable the Port Forwarding function of the router: Go to the management interface of the router, check the Virtual Server, NAT, or Port Forwarding settings. Then, disable the port forwarding setting of the NAS management service port (port 8080 and 433 by default).
- Disable the UPnP function of the QNAP NAS: Go to myQNAPcloud on the QTS menu, click the “Auto Router Configuration,” and unselect “Enable UPnP Port forwarding.”
QNAP also asked consumers to follow the company’s security advice for NAS devices in order to prevent malware and other sorts of cyberattacks.