I read in a couple of places the last few days about search engines picking up data stored on poorly configured consumer routers acting as a NAS. This isn’t a case of being evil; rather it’s a case of people accidentally posting stuff in public where search engines will find it. Finding difficult-to-find data is what search engines do for a living, so I don’t fault any of the search engine companies for this. Keeping your NAS off Google is probably something you want. Here’s how to do it.
The solution is to know what you’re doing when you need to access your data both at home and on the road. I apologize for the snark, but there are consumer-friendly ways to do it, like using a cloud provider.
The problem with routers is that you plug a USB drive into them and share them to the network, and there’s usually a simple checkbox to enable sharing over the public Internet as well, with no explanation that there are security implications for doing so. Unfortunately when you make something easy, people are going to do it, and when something is really easy there isn’t much time for the thought that it might be a bad idea to cross anyone’s mind.
I’m more comfortable with the idea of sharing a printer via a router than storage; routers are infrequently updated and tend to have way too many vulnerabilities in them, so there’s less threat in having them host a printer than files. Then again, it seems logical that something that’s worth printing is more likely to be worth stealing and it wouldn’t be terribly difficult to sit on a router and wait for incoming print jobs, so I think I’ve just talked myself out of that idea as well.
If you think you may have accidentally exposed your USB device to the world via your router, the previously linked story has good advice near the end regarding how to check, and how to get it removed.