You are here
Home > Technology >

Western Digital My Book Live Drives Attacked By New Exploit

Western Digital My Book Live was hit with an attack final week that led to numerous drives being manufacturing unit reset, leading to petabytes of misplaced information. Originally, experiences confirmed that the primary assault exploited a safety vulnerability from 2018, and though that’s nonetheless one of many assault vectors, there was one other one at play. And it got here all the way down to solely 5 traces of code.

An investigation by Ars Technica revealed {that a} second exploit was at work in at the very least a number of the affected drives. This second exploit allowed attackers to manufacturing unit reset the drives remotely with out a password. Curiously, the investigation revealed that 5 traces of code would have protected the reset command with a password, however they had been faraway from the working code.

Even stranger, this vulnerability wasn’t crucial to the info loss. The unique exploit (CVE-2018-18472) allowed attackers to achieve root entry to drives, stealing the info off of them earlier than wiping the drive. This vulnerability was discovered in 2018, however Western Digital ended help for My Book Live in 2015. The safety flaw was by no means mounted.

“We have reviewed log files which we have received from affected customers to understand and characterize the attack,” Western Digital wrote in a statement. “Our investigation shows that in some cases, the same attacker exploited both vulnerabilities on the device, as evidenced by the source IP. The first vulnerability was exploited to install a malicious binary on the device, and the second vulnerability was later exploited to reset the device.”

These two exploits achieved the identical objective however with completely different means, main an investigation from security firm Censys to take a position that they had been the work of two completely different teams of hackers. The investigation says it’s attainable that an unique group of attackers exploited the basis entry vulnerabilities to loop the drives right into a botnet (a community of computer systems that hackers can draw sources from). However, a attainable second group of attackers got here in and exploited the password reset vulnerability to lock out the unique attackers.

The two exploits apply to My Book Live and My Book Live Duo storage units. These drives give customers just a few terabytes of network-attached storage, which is why these assaults had been capable of occur within the first place. Western Digital says anybody with a My Book Live or My Book Live Duo ought to instantly disconnect the drive from the web, even when it hasn’t come beneath assault.

Western Digital, a pc arduous disk drive producer and information storage firm, is providing affected clients information restoration companies, which can start in July. A Western Digital spokesperson instructed Ars Technica that the companies will likely be free. It can be providing clients a trade-in program to improve to a more moderen My Cloud machine, although Western Digital hasn’t stated when this system is launching.

Editors’ Recommendations

Leave a Reply