Time to Unplug: WD My Book Live Hard Drives Hit With Data Deletion Exploit

Time to Unplug: WD My Book Live Hard Drives Hit With Data Deletion Exploit

Western Digital’s My Book Live devices offer the ability to set up a storage pool on your network without the hassle or expense of a full-fledged NAS box. That might seem like just what you need, but Western Digital appears to have missed a major, show-stopping bug. According to Ars Technica, My Book Live owners around the world are reporting their devices have been purged of all data, and Western Digital is advising that everyone disconnect their drives from the internet for now.

WD stopped selling the My Book Live devices several years ago, which connect to your router via Ethernet rather than USB. The issue came to light in a WD community forum thread earlier this week. Usually, these threads have a smattering of affected individuals, with everyone else offering possible solutions. Here, almost every reply is someone else saying their data simply disappeared on June 23. Even those who managed to reset their device passwords and gain access to the drives found their files were long gone.

At first, everyone speculated that WD had pushed a bad firmware update, but the truth is even worse. Several users were able to pull logs from the device that showed a “factoryRestore.sh” script running on the afternoon of June 23. Because My Book Live enclosures utilize encryption, there’s probably no way to recover the deleted data.

Time to Unplug: WD My Book Live Hard Drives Hit With Data Deletion Exploit

WD has confirmed that its cloud infrastructure has not been compromised, but the “threat actor” didn’t need to do that. It turns out the My Book Live devices have an unpatched vulnerability, known as CVE-2018-18472. This is a type of severe exploit know as a Remote Command Execution bug. All someone needs is the IP address of the drive, and they can trigger a factory reset. Western Digital is recommending that the drives be disconnected from the internet until further notice.

Sadly, disconnecting the drives will only help those not already hit by the wave of remote access deletions. You could argue these people should have had backups, and leaving an unsupported device connected to the internet is a bad idea, but this is a consumer device. Most people don’t think about the security implications when devices like the My Book Live go out of support. It might be an older product, but WD really dropped the ball by letting this vulnerability remain unpatched on the My Book Live.

Continue reading

Intel’s Desktop TDPs No Longer Useful to Predict CPU Power Consumption
Intel’s Desktop TDPs No Longer Useful to Predict CPU Power Consumption

Intel's higher-end desktop CPU TDPs no longer communicate anything useful about the CPUs power consumption under load.

AMD’s New Radeon RX 6000 Series Is Optimized to Battle Ampere
AMD’s New Radeon RX 6000 Series Is Optimized to Battle Ampere

AMD unveiled its RX 6000 series today. For the first time since it bought ATI in 2006, there will be some specific advantages to running AMD GPUs in AMD platforms.

NASA: Asteroid Could Still Hit Earth in 2068
NASA: Asteroid Could Still Hit Earth in 2068

This skyscraper-sized asteroid might still hit Earth in 2068, according to a new analysis from the University of Hawaii and NASA’s Jet Propulsion Laboratory.

MSI’s Nvidia RTX 3070 Gaming X Trio Review: 2080 Ti Performance, Pascal Pricing
MSI’s Nvidia RTX 3070 Gaming X Trio Review: 2080 Ti Performance, Pascal Pricing

Nvidia's new RTX 3070 is a fabulous GPU at a good price, and the MSI RTX 3070 Gaming X Trio shows it off well.