Hackers are Remotely Erasing Western Digital Hard Drives
The whole goal of using a network-attached storage device is to have a hard drive where you can back up vital data and then retrieve the files when you're out and about. Unknown hackers, on the other hand, are turning Western Digital My Book NAS hard drives into nightmare backup tools by infiltrating users' computers and deleting all of their data. The My Books are controlled by WD My Book Live, an app that allows consumers to access their data and manage their NAS from anywhere.
Last week, the drive manufacturer stated that certain owners' network-connected storage had been accessed unofficially and a complete reset had been triggered, though specifics on how seriously individuals should be concerned are still emerging. Western Digital said the WD My Book Live and WD My Book Live Duo drives are affected. They were first introduced in 2010, and the most recent firmware update was in 2015. The business has not stated how many drives are in circulation or estimated how many people are still using them.
“Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability,” the company said in a security bulletin. "In some cases, the attackers have triggered a factory reset that appears to erase all data on the device.”
There is currently no proof that Western Digital's cloud services, firmware update servers, or client credentials have been compromised. Rather, the My Book Live drives were left directly available over the internet, “either through direct connection or by port forwarding that was enabled either manually or automatically via UPnP,” according to the report. According to the firm, hackers employed port scanning to identify possible victims.
“We do not yet understand why the attacker triggered the factory reset; however, we have obtained a sample of an affected device and are investigating further,” Western Digital added. “Additionally, some customers have reported that data recovery tools may be able to recover data from affected devices, and we are currently investigating the effectiveness of these tools.”
While Western Digital advises customers to disconnect hard drives from the internet for safety, Reddit users' suggestions are much more cautious. On the assumption that hackers may have already loaded a malware or other exploit on the drives, the advice is to switch them off completely. This may then be set to activate, wiping the drive even if it isn't connected at the time.
from E Hacking News - Latest Hacker News and IT Security News https://ift.tt/3A5CS9x
Comments