Nuisance which resulted in remote formatting and severe data loss
Bad surprise for NAS users WD My Book Live and My Book Live Duo : May be due to a security breach erase all data is present on the drive if it is connected to the Internet. If you haven’t already, you should Disconnect your player from the network as soon as possible To avoid the worst.
June 25Western Digital, manufacturer of multiple storage solutions (internal hard drives, external drives, NAS, etc.), recommends that users of WD My Book Live and My Book Live Duo devices use them. Disconnect from the Internet until further notice, following various messages posted on June 24 by users on the WD Support Forum indicating that they have lost all your data.
WD My Book Live Series Hard Drive Quite popular NAS released since 2010. They have one usb connection as well as asa ethernet port that allows them to connect to the local network, or even to the Internet if you activate the option for Access your data remotely. Unfortunately, WD has End of support for these NAS in 2015 and therefore no longer provides security updates.
massive data loss
For users of these WD drives, waking up must have been difficult. If all the folders were still on the disk, the files inside are all gone. Several users have indicated on the forum that their NAS had to deal with a return to factory settings, or reset their machine, a process often used reset an electronic device, obviously resulting in the deletion of all stored data.
24 hours after the incident was reported, Western Digital posted the following official message on its platform: “Immediately disconnect your My Book Live device from the Internet to protect your data from ongoing attacks.” You can disconnect the device and continue to access your data locally ”. The manufacturer thus noted that these storage media were Target of attacks that take advantage of several existing vulnerabilities.
A data recovery program offered by WD
Following the scale of the attack, Western Digital published a page in which product concerned even the attack More information.
WD has investigated and says that cloud services, firmware update servers, or its users’ login data have not been compromised.
We learn that the firmware of My Book Live is “one.” is sensitive to Remotely exploitable command injection vulnerability When remote access is enabled on the device. This vulnerability can be exploited to execute arbitrary commands with root privileges. Additionally, My Book Live is vulnerable to an unauthorized factory reset operation that allows an attacker to reset the device to factory settings without authentication. “
According to Western Digital, these vulnerabilities are Introduced in 2011 after an overhaul of the authentication logic Present in the firmware update. The least we can say is that it sows Doubts about the security of connected products From the WD brand: Although the MyBook Live line has not been supported since 2015, the hardware reliability of these NAS means that many people or even businesses always use these connected systems To store and share data.
To address the (well-established) concerns of its users, the manufacturer will offer Free data recovery services from early July, an exchange program to find any files deleted on the hard drive, as well as to switch to a new device at a preferential rate. Yes the damage is done For some users, support from this manufacturer is always welcome.
In the meantime, we advise affected users to disconnect your disk from the network via the ethernet port, or if it is already too late Do not try to modify the contents of their disc, under penalty of further complicating this restoration. This is because even if the data is “erased” from the drive, it is still present but inaccessible, and saving new data to the media may make recovery impossible.
We also take this opportunity to recall thatA NAS, even if it is made up of several internal drives, is not a sufficient backup solution for your data.. Even more so if this NAS is connected to the Internet, which makes it potentially vulnerable to remote attacks, as this case shows.
My Cloud OS 3: Consider updating
Following this flaw, the researchers also discovered My Cloud OS 3 operating system faults WD My Cloud NAS. the latter is from My Cloud OS 5.Updated with And the manufacturer recommends upgrading to the latest version.
But some users prefer MyCloud OS 3 – which offers features that are no longer in MyCloud OS 5 – or have a NAS that cannot update to MyCloud OS 3. In this case, Western Digital only has one Answer: Buy a new drive that works with My Cloud OS 5, a basic security update.