Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices

alimac

alimac

VIP Member
VIP Member
Joined
Feb 21, 2013
Messages
10,473
Reaction score
13,899

Western Digital removed code that would have prevented the wiping of petabytes of data.​


Last week’s mass-wiping of Western Digital My Book Live storage devices involved the exploitation of not just one vulnerability but also a second critical security bug that allowed hackers to remotely perform a factory reset without a password, an investigation shows.

The vulnerability is remarkable because it made it trivial to wipe what is likely petabytes of user data. More notable still was that, according to the vulnerable code itself, a Western Digital developer actively removed code that required a valid user password before allowing factory resets to proceed.

Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices
 
Bloody hell lucky as i only had movies and none blue :eek: :eek: :eek: :(:(:(:(:(
 
Interesting read.

Being honest I found it hard to understand why anyone would have there HDD exposed to the internet.
 
Recommended Security Measures for WD My Book Live
and WD My Book Live Duo

WDC-21008 Recommended Security Measures for WD My Book Live and WD My Book Live Duo | Western Digital

Last Updated: June 29, 2021

Western Digital has determined that Internet-connected My Book Live and
My Book Live Duo devices are under attack by exploitation of multiple
vulnerabilities present in the device. In some cases, the attackers have
triggered a factory reset that appears to erase all data on the device.

Data Recovery and Product Trade-In Programs

To help customers who have lost data as a result of these attacks,
Western Digital will provide data recovery services, which will be
available beginning in July. My Book Live customers will also be offered
a trade-in program to upgrade to a supported My Cloud device.
The My Book Live firmware is vulnerable to a remotely exploitable
command injection vulnerability when the device has remote access
enabled. This vulnerability may be exploited to run arbitrary commands
with root privileges. Additionally, the My Book Live is vulnerable to an
unauthenticated factory reset operation which allows an attacker to
factory reset the device without authentication. The unauthenticated
factory reset vulnerability [has] been assigned CVE-2021-35941."
 
You must log in or register to reply here.
Back
Top