WD My Book NAS devices are being remotely wiped clean worldwide

Discussion in 'other security issues & news' started by guest, Jun 24, 2021.

  1. guest

    guest Guest

    WD My Book NAS devices are being remotely wiped clean worldwide
    June 24, 2021
    https://www.bleepingcomputer.com/ne...ces-are-being-remotely-wiped-clean-worldwide/
     
  2. zapjb

    zapjb Registered Member

    Joined:
    Nov 15, 2005
    Posts:
    5,554
    Location:
    USA still the best. But barely.
    WD is lying.
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    14,881
    Location:
    Slovenia, EU
    My Book Live Users Wake Up to Wiped Devices, Active RCE Attacks
    https://threatpost.com/my-book-live-wiped-rce-attacks/167270/
     
  4. JRViejo

    JRViejo Super Moderator

    Joined:
    Jul 9, 2008
    Posts:
    97,440
    Location:
    U.S.A.
  5. EASTER

    EASTER Registered Member

    Joined:
    Jul 28, 2007
    Posts:
    11,126
    Location:
    U.S.A. (South)
    The ONLY safe and secure storage solution is one that cannot communicate on-air with live internet. Or even have a wireless apparatus involved. Just makes common sense to keep those storages/backups isolated period. It's like not the last time such a matter will crop up again and not only WD. But you gotta know those customers/owners of MyBook are up against it from this debacle. Malware or otherwise (internal malfunction)

     
    Last edited: Jun 25, 2021
  6. waking

    waking Registered Member

    Joined:
    Jan 25, 2016
    Posts:
    176
    These incidents are already being attributed to the long-known
    unpatched vulnerability at sites documenting that CVE. Examples:

    NATIONAL VULNERABILITY DATABASE
    https://nvd.nist.gov/vuln/detail/CVE-2018-18472

    "Current Description

    Western Digital WD My Book Live and WD My Book Live Duo (all versions)
    have a root Remote Command Execution bug via shell metacharacters in
    the /api/1.0/rest/language_configuration language parameter. It can be
    triggered by anyone who knows the IP address of the affected device,
    as exploited in the wild in June 2021 for factory reset commands,"


    (Emphasis added.)

    Also at:

    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18472

    https://www.cvedetails.com/cve/CVE-2018-18472/

    https://www.opencve.io/cve/CVE-2018-18472
     
  7. waking

    waking Registered Member

    Joined:
    Jan 25, 2016
    Posts:
    176
    Note that the original BleepingComputer page cited in the
    opening post of this thread has been updated a few times
    since this thread was started.

    Update 6/25/21: Added information about vulnerability and recovery options.
    Update 6/26/21: Added full updated statement.

    This includes information from WD about a trojan that has
    been installed on some affected drives, and a link to a
    Virus Total analysis of this trojan.

    Affected or interested followers of this thread should
    reread the BleepingComputer page occasionally to follow
    the latest developments.
     
  8. guest

    guest Guest

    Hackers exploited 0-day, not 2018 bug, to mass-wipe My Book Live devices
    Western Digital removed code that would have prevented the wiping of petabytes of data
    June 29, 2021
    https://arstechnica.com/gadgets/202...t-2018-bug-to-mass-wipe-my-book-live-devices/
     
  9. waking

    waking Registered Member

    Joined:
    Jan 25, 2016
    Posts:
    176
    Recommended Security Measures for WD My Book Live
    and WD My Book Live Duo


    https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo

    "Last Updated: June 29, 2021

    Western Digital has determined that Internet-connected My Book Live and
    My Book Live Duo devices are under attack by exploitation of multiple
    vulnerabilities present in the device. In some cases, the attackers have
    triggered a factory reset that appears to erase all data on the device.

    Data Recovery and Product Trade-In Programs

    To help customers who have lost data as a result of these attacks,
    Western Digital will provide data recovery services, which will be
    available beginning in July. My Book Live customers will also be offered
    a trade-in program to upgrade to a supported My Cloud device.

    Analysis of Newly Identified Vulnerability CVE-2021-35941

    The My Book Live firmware is vulnerable to a remotely exploitable
    command injection vulnerability when the device has remote access
    enabled. This vulnerability may be exploited to run arbitrary commands
    with root privileges. Additionally, the My Book Live is vulnerable to an
    unauthenticated factory reset operation which allows an attacker to
    factory reset the device without authentication. The unauthenticated
    factory reset vulnerability [has] been assigned CVE-2021-35941."
     
  10. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,072
    Location:
    Texas
    https://krebsonsecurity.com/2021/07/another-0-day-looms-for-many-western-digital-users/
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.