A decade-old vulnerability led to WD My Book Live devices getting wiped
WD admits to mistake
When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.
Western Digital has explained that an ongoingmalwarecampaign, which exploits multiple vulnerabilities in itsMy Book devices, led to theloss of masses of datalast week.
In its breakdown of the campaign against itsnetwork-attached storage (NAS)devices, WD revealed that the My Book firmware suffers from a remotely exploitable command injection vulnerability.
However, it was another vulnerability, accidentally introduced back in 2011 and now tracked as CVE-2021-35941, that led to factory resetting of the devices.
We’re looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won’t take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.
Click here to start the survey in a new window«
“Our investigation shows that in some cases, the same attacker exploited both vulnerabilities on the device, as evidenced by the source IP. The first vulnerability was exploited to install a malicious binary on the device, and the second vulnerability was later exploited to reset the device,”wrote WDin a blog post.
Caught in the crossfire
WD first blamed the factory reset on the remote command execution vulnerability, tracked as CVE-2018-18472 and initially reported in late 2018. Alarmingly, WD never fixed it, since it stopped supporting the My Book devices three years prior, in 2015.
However, an analysis of the log files of the attacks performed byArs Technicaand security researchers, led to the discovery of the unauthorized factory reset vulnerability.
However, it still doesn’t make sense that an attacker would want to wipe and reset a device that has already been commandeered.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Reportedly, the malware that WD found on the devices ties the drives to a botnet.Arstheorizes that the factory reset vulnerability was exploited by a rival threat actor in order to sabotage the botnet, perhaps after failing to take over it.
Whatever may be the case, WD has announced that it will offer complimentarydata recovery servicesto all affected customers.
With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.
Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics
This new phishing strategy utilizes GitHub comments to distribute malware
Arcane season 2 finally gave us the huge Caitlyn and Vi moment we’ve been waiting for – and its creators say ‘we couldn’t have done it in season one’
