Zero-Day Vulnerability for My Book Live Users
The latest information from Western Digital (the Hard Disk Manufacturing Data storage company) is that a zero-day vulnerability has been exploited by hackers who can remotely wipe its customers’ My Book Live drives. Just in case you are wondering what a zero-day vulnerability is, it’s a vulnerability in a system or device that has been disclosed but is not yet patched. An exploit that attacks a zero-day vulnerability is called a zero-day exploit.
This apparently was discovered last week (end of June 2021) when owners of the said above device discovered a drive that had been working fine and had data stored on it was now “suddenly blank”, with “all the data gone”. In some cases, the directories are still there but the files in those directories (folders) have been erased. It would appear to some victims that the devices had been “factory reset” as well as passwords being reset and changed from the factory default.
Western Difital Response
Western Digital soon after responded by publishing an advisory about the incident warning its My Book Live users of the device, to disconnect their devices from the Internet and offering support services.
They stated, “for customers who have lost data as a result of these attacks, Western Digital will provide data recovery services”. They also added the following, “for customers who have the My Book Live devices will be also be offered a trade-in program to upgrade to a supported “My Cloud Device”.
The way My Book Live devices worked was that they sat behind a firewall and provided remote access through a My Book Live cloud service.
Censys, a Cloud security company, scanned the Internet shortly afterward and found that Western Digital customers had around 55,000 My Book Live device certificates with around 1200 here in Australia.
My Book Live Unsupported Since 2015
The Western Digital My Book Live device first went on sale in 2010 with the last firmware update in 2015, since then they have been basically unsupported. They first presented an issue when in 2018 a vulnerability was reported by Wizcase when they discovered a remote execution issue which “lets anyone run commands on the device as root” – root being a user with administrative rights – meaning they can run or do anything. Western Digital at the time stated that the devices “were no longer covered under our device software support lifecycle”, as they had been discontinued. Mistakes by Western Digital in firmware updates then allowed a simple POST request to the My Book Live device that it should trigger a factory restore process in this latest hack.
There has been conjecture that the 2018 vulnerability had already been exploited by bad actors and such was the extent that Censys estimates that 13000 units had already been compromised around that time. It may be that one lot of bad actors were “fighting” another lot of bad actors and so to stop them they decided the best way was to wipe all their My Book Live units. Maybe so, perhaps we will never know.
If you are affected by this latest hack on your Western Digital My Book Live then please contact Western Digital as soon as possible so that they can possibly assist you in your data recovery.
This article was provided to you by Affordable Computer Repairs and Service in Brisbane.