Results 1 to 5 of 5
  1. #1
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,552

    *** urgent *** unplug mybook live drives from internet

    No, it's not a late April Fools.

    Western Digital, maker of the popular My Disk external hard drives, is recommending that customers unplug My Book Live storage devices from the Internet until further notice while company engineers investigate unexplained compromises that have completely wiped data from devices around the world.
    “I’m totally screwed.” WD My Book Live users wake up to find their data deleted | Ars Technica


    The incident is under active investigation from Western Digital. We do not have any indications of a breach or compromise of Western Digital cloud services or systems.


    We have determined that some My Book Live devices have been compromised by a threat actor. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live device received its final firmware update in 2015.

    At this time, we are recommending that customers disconnect their My Book Live devices from the Internet to protect their data on the device.


    We have issued the following statement to our customers and will provide updates to this thread when they are available:
    https://community.wd.com/t/action-required-on-my-book-live-and-my-book-live-duo/268147

  2. #2
    Thailand Expat havnfun's Avatar
    Join Date
    Mar 2021
    Last Online
    @
    Location
    Happy Land
    Posts
    1,695
    And a stupid old dickhead like me, still believes in keeping all my data offline.

  3. #3
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,552
    Quote Originally Posted by havnfun View Post
    And a stupid old dickhead like me, still believes in keeping all my data offline.
    That's remarkably prescient of you.

  4. #4
    Thailand Expat havnfun's Avatar
    Join Date
    Mar 2021
    Last Online
    @
    Location
    Happy Land
    Posts
    1,695
    Quote Originally Posted by harrybarracuda View Post
    That's remarkably prescient of you.

    Especially for such a dumb c u n t.

  5. #5
    Thailand Expat harrybarracuda's Avatar
    Join Date
    Sep 2009
    Last Online
    @
    Posts
    96,552
    Last Updated: June 25, 2021

    Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability. In some cases, the attackers have triggered a factory reset that appears to erase all data on the device.

    We are reviewing log files which we have received from affected customers to further characterize the attack and the mechanism of access. The log files we have reviewed show that the attackers directly connected to the affected My Book Live devices from a variety of IP addresses in different countries. This indicates that the affected devices were directly accessible from the Internet, either through direct connection or through port forwarding that was enabled either manually or automatically via UPnP.


    Additionally, the log files show that on some devices, the attackers installed a trojan with a file named “.nttpd,1-ppc-be-t1-z”, which is a Linux ELF binary compiled for the PowerPC architecture used by the My Book Live and Live Duo. A sample of this trojan has been captured for further analysis and it has been
    uploaded to VirusTotal.


    Our investigation of this incident has not uncovered any evidence that Western Digital cloud services, firmware update servers, or customer credentials were compromised. As the My Book Live devices can be directly exposed to the internet through port forwarding, the attackers may be able to discover vulnerable devices through port scanning.


    We understand that our customers’ data is very important. We do not yet understand why the attacker triggered the factory reset; however, we have obtained a sample of an affected device and are investigating further. Additionally, some customers have reported that data recovery tools may be able to recover data from affected devices, and we are currently investigating the effectiveness of these tools.


    The My Book Live series was introduced to the market in 2010 and these devices received their final firmware update in 2015.


    Advisory Summary

    At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device by following these instructions on our Knowledge Base.

    We have heard customer concerns that the current My Cloud OS 5 and My Cloud Home series of devices may be affected. These devices use a newer security architecture and are not affected by the vulnerabilities used in this attack. We recommend that eligible My Cloud OS 3 users
    upgrade to OS 5 to continue to receive security updates for your device



    CVE Number:
    CVE-2018-18472

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •