QNAP: Update Photo Station to the latest version now to protect your NAS

QNAP: Update Photo Station to the latest version now to protect your NAS


QNAP, through the section dedicated to the security news of its site, has invited its users to update Photo Station as soon as possible to the latest version just released.

The company, in fact , identified an exploit of a Photo Station vulnerability by the security threat known as DEADBOLT. In essence, the flaw allows DEADBOLT to encrypt QNAP NAS directly connected to the internet.

QNAP's Product Security Incident Response Team (PSIRT) has assessed the situation and released a patch for the Photo app Station within 12 hours.

Photo Credits - QNAP In addition, the company suggested the use of QuMagie, as an efficient and simple alternative to Photo Station, within its NAS.

We remind you that the best VPNs also provide the possibility to configure the service inside the NAS, both natively through the app and through specially detailed configuration procedures on the related websites or on the knowledge base pages.

In addition, the security packages of the best antivirus brands on the market offer tools for monitoring the network and connected devices, therefore it is advisable to adopt one of these solutions together with the others suggested, to prevent possible violations by malicious actors , even serious.

QNAP NAS customers told to update now to protect against attack

Audio player loading…

QNAP customers are again being warned of DeadBolt ransomware attacks against NAS drives, which this time is affecting photo storage management tools.

This isn’t the first time that QNAP customers have had the security of their data threatened. Several attacks have been launched throughout 2022 focusing on varying zero-day vulnerabilities.

In a security notice on the QNAP website (opens in new tab), customers are urged to “take immediate action”, with the company saying it “detected the security threat DEADBOLT leveraging exploitation of Photo Station vulnerability to encrypt QNAP NAS that are directly connected to the Internet.”

Initially uncovered on September 3, 2022, “QNAP Product Security Incident Response Team (QNAP PSIRT) had made the assessment and released the patched Photo Station app for the current version within 12 hours.”

Bleeping Computer (opens in new tab) reports the following security updates that fix the vulnerability:

  • QTS 5.0.1: Photo Station 6.1.2 and later
  • QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later
  • QTS 4.3.6: Photo Station 5.7.18 and later
  • QTS 4.3.3: Photo Station 5.4.15 and later
  • QTS 4.2.6: Photo Station 5.2.14 and later
  • “We recommend using QuMagie to efficiently manage photo storage in your QNAP NAS”, QNAP added, noting that this is a “simple and powerful alternative to Photo Station.”

    Along with keeping their NAS drives up-to-date, QNAP has also advised that its customers avoid directly connecting their devices to the Internet. By placing a drive behind a firewall - such as the company’s own myQNAPcloud Link feature or a VPN - users can reduce their chances of being subject to a ransomware attack. 

    Other steps you can take if you are worried that your data may be affected is to take regular snapshots and backups, and to regularly change your password keeping in mind what makes a good password. 

    Via Bleeping Computer (opens in new tab)