New
#1
I believe this is an exploit that finds its way onto the MyBook Live and triggers a Wipe on the disk.
I have 2 x 4TB My Book USB-connected and 2 x 2TB My Cloud NAS Ethernet-connected, no issues. The My Book Live drives are a different model that, from what I read on WD, can be USB or Ethernet connected, the problem seems to be with the IP.
I'll never trust cloud-based storage, or storage devices that have become part of a network of devices. The more standalone they remain, the more secure they are.
It's scarier than that. It was nothing to do with cloud storage even though the devices concerned are 'associated' with cloud services.
- These are local hard drives - things that sit on people's desks and that just happen to be plugged in to computers that are connected to the internet.
- Hackers managed to promulgate a malicious firmware update [just as other hackers might try to install ransomware].
WD's response seems very good to me. They are going to provide data recovery services for the device owners even though the devices are well over six years old.
Recommended Security Measures for WD My Book Live and WD My Book Live Duo - WDC
I never connect any backup drive while I'm online.
Those people affected must be distraught.
Denis
So if the drives were detected through port scanning, it would seem that this kind of vulnerability doesn't affect "offline" drives at all unless they are compromized by a software layer like an OS that gets hacked or infected. I've never had a drive that had internet capable software already installed on it, mostly just encryption related. That paragraph sure makes it sound like these affected Live drives were all directly connected to the internet via WD cloud software.Our investigation of this incident has not uncovered any evidence that Western Digital cloud services, firmware update servers, or customer credentials were compromised. As the My Book Live devices can be directly exposed to the internet through port forwarding, the attackers may be able to discover vulnerable devices through port scanning. The vulnerabilities being exploited in this attack are limited to the My Book Live series, which was introduced to the market in 2010 and received a final firmware update in 2015. These vulnerabilities do not affect our current My Cloud product family.
It's related to what IT experts have been saying for years, that all insecure ports that are rarely used should be closed.
Some detail of the attack and the vulnerability:
Western Digital Removed Code That Would Have Prevented Widespread Hard Drive Hacks - ExtremeTech
https://krebsonsecurity.com/2021/06/...from-internet/