Time to Unplug: WD My Book Live Hard Drives Hit With Data Deletion Exploit

Time to Unplug: WD My Book Live Hard Drives Hit With Data Deletion Exploit

Western Digital’s My Book Live devices offer the ability to set up a storage pool on your network without the hassle or expense of a full-fledged NAS box. That might seem like just what you need, but Western Digital appears to have missed a major, show-stopping bug. According to Ars Technica, My Book Live owners around the world are reporting their devices have been purged of all data, and Western Digital is advising that everyone disconnect their drives from the internet for now.

WD stopped selling the My Book Live devices several years ago, which connect to your router via Ethernet rather than USB. The issue came to light in a WD community forum thread earlier this week. Usually, these threads have a smattering of affected individuals, with everyone else offering possible solutions. Here, almost every reply is someone else saying their data simply disappeared on June 23. Even those who managed to reset their device passwords and gain access to the drives found their files were long gone.

At first, everyone speculated that WD had pushed a bad firmware update, but the truth is even worse. Several users were able to pull logs from the device that showed a “factoryRestore.sh” script running on the afternoon of June 23. Because My Book Live enclosures utilize encryption, there’s probably no way to recover the deleted data.

Time to Unplug: WD My Book Live Hard Drives Hit With Data Deletion Exploit

WD has confirmed that its cloud infrastructure has not been compromised, but the “threat actor” didn’t need to do that. It turns out the My Book Live devices have an unpatched vulnerability, known as CVE-2018-18472. This is a type of severe exploit know as a Remote Command Execution bug. All someone needs is the IP address of the drive, and they can trigger a factory reset. Western Digital is recommending that the drives be disconnected from the internet until further notice.

Sadly, disconnecting the drives will only help those not already hit by the wave of remote access deletions. You could argue these people should have had backups, and leaving an unsupported device connected to the internet is a bad idea, but this is a consumer device. Most people don’t think about the security implications when devices like the My Book Live go out of support. It might be an older product, but WD really dropped the ball by letting this vulnerability remain unpatched on the My Book Live.

Continue reading

Protect Your Online Privacy With the 5 Best VPNs
Protect Your Online Privacy With the 5 Best VPNs

Investing in a VPN is a smart choice right now, but the options are vast. To help narrow things down a bit, we've rounded up five of our very favorite consumer services.

RISC-V Tiptoes Towards Mainstream With SiFive Dev Board, High-Performance CPU
RISC-V Tiptoes Towards Mainstream With SiFive Dev Board, High-Performance CPU

RISC V continues to make inroads across the market, this time with a cheaper and more fully-featured test motherboard.

The PlayStation 5 Will Only Be Available Online for Launch Day
The PlayStation 5 Will Only Be Available Online for Launch Day

The PlayStation 5 isn't going to be available in stores on launch day, and if you want to pick up an M.2 SSD to expand its storage, you'll have some time to figure out that purchase.

ARMing for War: New Cortex-A78C Will Challenge x86 in the Laptop Market
ARMing for War: New Cortex-A78C Will Challenge x86 in the Laptop Market

ARM took another step towards challenging x86 in its own right with the debut of the Cortex-A78C this week. The new chip packs up to eight "big" CPU cores and up to an 8MB L3 cache.