Hackers leave SSH keys in hacked QNAP servers to gain backdoor access after ShellShock patch

FireEye has published a shocking report which claims that QNAP NAS boxes are vulnerable to the ShellShock attack. The ShellShock attack uses a vulnerability which can be found in outdated Shell/Bash environments in Linux, Unix and Windows Systems which run third-party applications that use Linux and Unix Shell terminals.

FireEye explains in the blog report that they have evidence that hackers and cybercriminals are currently exploiting the QNAP environments by storing their SSH key in the autorized_keys file, so they will have access after the “ShellShock” patch.

Virtually all of their devices run an embedded Linux OS that is vulnerable to CVE-2014-6271 if left unpatched. This includes personal and business network storage as well as professional video surveillance systems used in a variety of industries.