Western Digital: Disconnect WD My Book Live External HDDs From the Internet Immediately

The_King

Level 12
Thread author
Verified
Top Poster
Well-known
Aug 2, 2020
542
Western Digital has issued a recommendation for all owners of the company's My Book Live and My Book Live Duo products - immediately disconnect them from the Internet or risk full data loss. The warning has come after reports started surfacing on distraught users of WD's My Book Live having their entire data deleted without any sort of user interaction or intervention. The recommendation will stay until the company can investigate and solve the issue that has led to the deletion of terabytes of data around the world.

Apparently, factory resets were undertaken on the drives without any sort of user interaction. Some users have shared logs on what exactly happened. Western Digital stopped supporting their My Book Live products back in 2015, which means there are now six full years of operation (at the least) without any security updates. WD seems to believe that individual user accounts were compromised, and the company issued a statement regarding the ongoing investigation. If you have one of these products, take heed, and disconnect them from your network.
 

The_King

Level 12
Thread author
Verified
Top Poster
Well-known
Aug 2, 2020
542

Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices​

Western Digital removed code that would have prevented the wiping of petabytes of data.
Last week’s mass-wiping of Western Digital My Book Live storage devices involved the exploitation of not just one vulnerability but a second critical security bug that allowed hackers to remotely perform a factory reset without a password, an investigation shows.

The vulnerability is remarkable because it made it trivial to wipe what is likely petabytes of user data. More notable still was that, according to the vulnerable code itself, a Western Digital developer actively removed code that required a valid user password before allowing factory resets to proceed.
Click the link to get more detailed info about this bug.
 

CyberTech

Level 44
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
After a security vulnerability led to some WD NAS owners having their data wiped, a new vulnerability has been discovered in more of WD’s devices (via KrebsOnSecurity). The vulnerability, discovered by security researchers Pedro Ribeiro and Radek Domanski, is seemingly present on Cloud OS 3 devices and not on the newer Cloud OS 5, which WD recently released as an update. The problem is that, according to Ribeiro and Domanski, many of WD’s users don’t like the new version. That’s because it’s missing certain functions and features that were available in Cloud OS 3. WD has said it won’t be updating Cloud OS 3 with security patches.

There’s also the possibility that some users won’t be able to upgrade to Cloud OS 5. According to WD’s supported devices page, the updated software isn’t available for the MyCloud EX2, EX4, or certain versions of the My Cloud and My Cloud Mirror.

If you own a device that can’t be updated to Cloud OS 5, WD’s advice is to upgrade to one that can. The other option, according to a statement WD gave to Comparitech last year, is to turn off remote dashboard access to the device.

The rest
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top