Time to Unplug: WD My Book Live Hard Drives Hit With Data Deletion Exploit

Time to Unplug: WD My Book Live Hard Drives Hit With Data Deletion Exploit

Western Digital’s My Book Live devices offer the ability to set up a storage pool on your network without the hassle or expense of a full-fledged NAS box. That might seem like just what you need, but Western Digital appears to have missed a major, show-stopping bug. According to Ars Technica, My Book Live owners around the world are reporting their devices have been purged of all data, and Western Digital is advising that everyone disconnect their drives from the internet for now.

WD stopped selling the My Book Live devices several years ago, which connect to your router via Ethernet rather than USB. The issue came to light in a WD community forum thread earlier this week. Usually, these threads have a smattering of affected individuals, with everyone else offering possible solutions. Here, almost every reply is someone else saying their data simply disappeared on June 23. Even those who managed to reset their device passwords and gain access to the drives found their files were long gone.

At first, everyone speculated that WD had pushed a bad firmware update, but the truth is even worse. Several users were able to pull logs from the device that showed a “factoryRestore.sh” script running on the afternoon of June 23. Because My Book Live enclosures utilize encryption, there’s probably no way to recover the deleted data.

Time to Unplug: WD My Book Live Hard Drives Hit With Data Deletion Exploit

WD has confirmed that its cloud infrastructure has not been compromised, but the “threat actor” didn’t need to do that. It turns out the My Book Live devices have an unpatched vulnerability, known as CVE-2018-18472. This is a type of severe exploit know as a Remote Command Execution bug. All someone needs is the IP address of the drive, and they can trigger a factory reset. Western Digital is recommending that the drives be disconnected from the internet until further notice.

Sadly, disconnecting the drives will only help those not already hit by the wave of remote access deletions. You could argue these people should have had backups, and leaving an unsupported device connected to the internet is a bad idea, but this is a consumer device. Most people don’t think about the security implications when devices like the My Book Live go out of support. It might be an older product, but WD really dropped the ball by letting this vulnerability remain unpatched on the My Book Live.

Continue reading

Chromebooks Gain Market Share as Education Goes Online
Chromebooks Gain Market Share as Education Goes Online

Chromebook sales have exploded in the pandemic, with sales up 90 percent and future growth expected. This poses some challenges to companies like Microsoft.

SpaceX Launches ‘Better Than Nothing’ Starlink Beta
SpaceX Launches ‘Better Than Nothing’ Starlink Beta

Those lucky few who have gotten invitations to try the service will have to pay a hefty up-front cost, and the speeds aren't amazing. Still, it's a new generation of satellite internet.

Samsung, Stanford Built a 10,000 PPI Display That Could Revolutionize VR, AR
Samsung, Stanford Built a 10,000 PPI Display That Could Revolutionize VR, AR

Ask anyone who has spent more than a few minutes inside a VR headset, and they'll mention the screen door effect. This could eliminate it for good.

NASA Created a Collection of Spooky Space Sounds for Halloween
NASA Created a Collection of Spooky Space Sounds for Halloween

NASA's latest data release turns signals from beyond Earth into spooky sounds that are sure to send a chill up your spine.