- Joined
- Feb 21, 2013
- Messages
- 10,473
- Reaction score
- 13,899
Western Digital removed code that would have prevented the wiping of petabytes of data.
Last week’s mass-wiping of Western Digital My Book Live storage devices involved the exploitation of not just one vulnerability but also a second critical security bug that allowed hackers to remotely perform a factory reset without a password, an investigation shows.
The vulnerability is remarkable because it made it trivial to wipe what is likely petabytes of user data. More notable still was that, according to the vulnerable code itself, a Western Digital developer actively removed code that required a valid user password before allowing factory resets to proceed.
Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices