MyBook users urged to disconnect devices from the Internet – Krebs on Security
Hard drive giant Western digital urges its users MyBook Live brand of network storage drives to disconnect them from the internet, warning that malicious hackers erase drives remotely using a critical vulnerability that can be triggered by anyone knowing the internet address of an affected device.
Earlier this week, Bleeping Computer and Ars Technica reported a lively discussion thread on the Western Digital User Forum where many customers complained about finding their MyBook Live and MyBook Live Duo devices completely erased from their data.
“Western Digital has determined that certain My Book Live and My Book Live Duo devices are compromised by exploiting a remote command execution vulnerability,” the company said in a June 24 statement. “In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live and My Book Live Duo devices received their last firmware update in 2015. We understand that the Our customer’s data is very important. We are actively investigating the issue and will provide an updated notice when we have more information. “
Western Digital’s brief advisory includes a link to an entry in the National Vulnerability Database for CVE-2018-18472. The NVD article states that Western Digital WD My Book Live and WD My Book Live Duo (all versions) have a root remote command execution bug.
“It can be triggered by anyone with knowledge of the affected device’s IP address, as it was exploited in the wild in June 2021 for factory reset commands,” NVD wrote.
Examine the CVE attached to this flaw and you will notice that it was released in 2018. NVD’s notice credits the VPN reviewer Wizcase.com by reporting the bug to Western Digital three years ago, in June 2018.
In some ways, it’s remarkable that it took so long for vulnerable MyBook devices to be attacked: The 2018 Wizcase article on the vulnerability includes a proof of concept code that allows anyone to execute commands on devices as the almighty “root” user. .
Western Digital’s response at the time was that affected devices were no longer supported and customers should avoid connecting them to the Internet. This response also suggested that this bug had been present in its devices for at least a decade.
“Vulnerability report CVE-2018-18472 affects My Book Live devices initially introduced to the market between 2010 and 2012,” reads a response from Western Digital that Wizcase posted on its blog. “These products have been discontinued since 2014 and are no longer covered by our device software support lifecycle. We encourage users who wish to continue using these legacy products to configure their firewalls to prevent remote access to these devices and to take steps to ensure that only trusted devices on the local network have access to the. apparatus.
Wizcase said the flaw it found in MyBook devices may also be present in some models of WD MyCloud network attached storage (NAS) devices, although Western Digital’s review does not mention that its MyCloud line is affected.
Vulnerable MyBook devices are popular among home users and small businesses because they are relatively feature rich and inexpensive, and can be upgraded with additional storage quite easily. But these products also allow users to easily access their files remotely over the Internet using a mobile application.
I’m guessing it’s mostly the users who have their MyBooks set up to be accessible remotely who experience these unfortunate drive erasures. Either way, it’s probably safer to follow Western Digital’s advice and disconnect any MyBooks you have from Ethernet access.
If you still want to keep your MyBook connected to your local network (at least until you can find a suitable backup for your backups), make sure that Remote Access is not enabled in your settings. device (see screenshot above).