ReadyCLOUD discover reveals more than I bargained for
I visited ReadyCLOUD, selected 'Set up a new ReadyNAS', and was a bit surpeised to see so many devices - none of which are mine. Are these real devices of other users?
Model: RN21400|ReadyNAS 214 Series 4- Bay (Diskless)
Re: ReadyCLOUD discover reveals more than I bargained for
I disconnected my phone from the WiFi network, so on the public carrier, and repeated the procedure. To my surprise, my serial number was discoverable publicly on ReadyCLOUD, along with my device name.
Why am I surprised? Because I do not have ReadyCLOUD enabled at this time, so why is it discoverable - seems to be a security flaw.
Ok that's worrying, however, clicking on 'Manage' directs to the local IP address inside my network, which of course does not resolve publicly.
I disconnected my phone from the WiFi network, so on the public carrier, and repeated the procedure. To my surprise, my serial number was discoverable publicly on ReadyCLOUD, along with my device name.
Why am I surprised? Because I do not have ReadyCLOUD enabled at this time, so why is it discoverable - seems to be a security flaw.
Ok that's worrying, however, clicking on 'Manage' directs to the local IP address inside my network, which of course does not resolve publicly.
Tagging @DaneA to call his attention to this thread.
Re: ReadyCLOUD discover reveals more than I bargained for
Fair enough - but issues like this should certainly have a better vehicle to report. Corporations have decided that making it nearly impossible to reach a person without paying is a good idea.
Re: ReadyCLOUD discover reveals more than I bargained for
There are plenty, well a few at least, Netgear official members here too, so any response would be good, even if this is 'by design with no plan to change it', or whatever. Silence is more painful 😯.
Re: ReadyCLOUD discover reveals more than I bargained for
Yes it’s a customer community but the software is broken in so many ways and has no features compared to other manufacturers. Sometimes I really ask myself why Iam still hurting myself with using Netgear NAS hardware since years, over 3 different models now. It seems I have a masochistic streak otherwise I would use something which is improving and not getting worse and worse.
Re: ReadyCLOUD discover reveals more than I bargained for
Did you complete the set-up and did your NAS then disappear from the list? If so (and I think it should, but I never really used ReadyCloud) then Netgear did not anticipate that so many would enable ReadyCloud and then never complete the set-up and has failed to warn users about potential consequences of doing so. But I'm not sure that's such a really terrible consequence unless there is a way to "hijack" somebody's ReadyNAS, which you seem to have determined cannot happen without knowing the NAS name, admin password, and having access to the network on which it resides.
Re: ReadyCLOUD discover reveals more than I bargained for
This is intriguing. So, I just visited https://readycloud.netgear.com, selected add new device, NAS, and low and behold, no devices are displayed at all now. I used search, and it did show my local NAS, but surely this is now functioning entirely as we'd expect?
Anyone from Netgear here to confirm the behaviour has been changed?
Re: ReadyCLOUD discover reveals more than I bargained for
I got curious about this and looked up what actually gets called when you 'search'... If you manually go to the API address and change the callback ID you'll see other devices than your own so yeah........
Not that it really matter much, it doesn't provide you access - at most you'll see the hostname + internal IP which obviously won't be reachable anyways.
