He selected popular devices from 10 manufacturers and found that they were all were susceptible to root compromise.
To his further indignation, he found that exploiting half of them did not require any authentication.
What is a connection-attached-storage unit?
It can serve a company, institution or even government.
To prove his point, he has created a proof-of-concept worm that can infect devices from three different manufacturers.
It then downloads and runs a binary copy of itself and begins scanning from the new rig.
Devices still unpatched
As of now all the devices tested by Jacob remain vulnerable and unpatched.
Jacob plans to release the worm in future after the affected vendors have released fixes for the vulnerability.
source: www.techworm.net
