Network Attached Storage (NAS) makes storage available on a network. Synology, the leader in the small-business and home NAS area, offers a wide range of network-attached storage choice for every occasion. In this talk, we choose Synology NAS as the target and describe our journey into bug hunting on the device.
First, we will show how to prepare the environment for later security research. Then the device fingerprint will be given to identify the model/version of the device. Next, some local services used to manage the device will be discussed, as well as a wireshark plugin dissecting the syno_finder protocol. Further, the login flow and the internal process flow will be depicted for remote access. Finally, we will share some vulnerabilities found from both the local attack perspective and the remote attack perspective, which may be used to compromise the device.