QNAP keeps quiet on critical flaw that corrupts data

By on
QNAP keeps quiet on critical flaw that corrupts data

Network-attached storage vendor QNAP has fixed a critical flaw in its NAS drives that corrupted user data, but has not yet updated partners and customers about the issue.

The problem was spotted by IT consultant and founder of Sydney's Correct Solutions Wayne Small, who detailed his investigation into the failed drives in a blog post.

Small was running StorageCraft's ShadowProtect for his client's backup, which was stored on four QNAP drives in a RAID 5 configuration. He began investigating a suspected firmware bug when a customer's data became corrupted after a drive failure.

He found that if a drive fails in a RAID 5 array, the QNAP device will resort to recalculating the missing data, causing errors in calculations and corrupting data. If the failed drive is replaced, it will use the same calculations to repopulate the drive with corrupted data.

"Basically if you have a QNAP with a RAID 5 array and you have a drive fail, you will have an issue with data corruption," Small wrote.

Small noted that not all files were corrupted, and that some users might not notice corrupted data immediately depending on how they use the drives. He also noted that some users with Synology NAS devices had similar issues, meaning the flaw could stem from an issue with Linux-based NAS devices.

QNAP issued a firmware update in April that fixed the flaw. However, the vendor made no mention of the corruption flaw in its release notes. Small said that QNAP believes the issue lies with StorageCraft, however, users running Veeam software with QNAP devices have also complained about similar issues on Veam's forums.

"Why would they choose to place their clients' data at risk when all they need to do is include a recommendation in the release notes along the lines of 'This update resolves a potential data corruption issue should a disk in a RAID 5/6 array fail and is regarded as highly important,' Small wrote.

"A note like that would prompt most IT professionals to get this update out to their clients ASAP. One can only wonder what other issues QNAP are fixing under the covers and not advising us about in their release notes."

Small recommends QNAP users running a version before 4.3.3.0154 20170413 or 4.2.5 20170413 to update their firmware immediately.

A QNAP spokesperson told CRN: "The R&D team has been working with the client to identify the root cause by reproducing the scenario along with StorageCraft Shadow Copy.  The latest QTS 4.3 firmware release has resolved the addressed matter."

Copyright © CRN Australia. All rights reserved.
Tags:

Most Read Articles

You must be a registered member of CRN to post a comment.
| Register

Poll

Is it OK to sell cybersecurity using fear, uncertainty and doubt?
Yes, because the FUD is real
No, there's a better way
View poll archive

Log In

Username / Email:
Password:
  |  Forgot your password?