- #Wd 1tb my book live personal cloud storage 1tb black update#
- #Wd 1tb my book live personal cloud storage 1tb black Patch#
- #Wd 1tb my book live personal cloud storage 1tb black full#
- #Wd 1tb my book live personal cloud storage 1tb black code#
While it’s still a ‘My Book’ product, the new hardware looks much more like what it truly is a tiny desktop server. The new My Book Duo has diverged in one major way from the previous designs the rather lame ‘Book’ analogy has finally been terminated. While the first attack may have gone undetected by the drive owner/user indefinitely, the second attack was very blatant.Įither way, the advice is the same: Take your WD My Book Live networked hard drive off the internet.The inherent advantage of a dual-drive solution is that you can either have double the capacity or twice the security, depending on how you choose to configure it.Īnd, by providing a solution where the drives are accessible, your storage solution can be repaired if a drive fails, or be upgraded to larger capacity storage when you need that. The second attacker used this new, previously unknown flaw to factory-reset the drives, perhaps as part of a personal dispute with the first attacker or as part of an attempt to "steal" them into a different botnet. Factory-resetting the drives would have wiped the botnet malware as well.
#Wd 1tb my book live personal cloud storage 1tb black code#
The first used the known vulnerability mentioned above to embed botnet code on the drives, but did not wipe the drives. In fact, the Censys post argues that the WD My Book Live drives were hit by two different attackers. The last firmware updates for these drives was in 2015. It is not clear why such an important function in the WD My Book Live's firmware would have been deliberately disabled, either during initial release or during a firmware update, but that is what appears to have happened. It has been simply "commented out" with special characters so that it is readable but will not execute. This is possible because protective code that forces a remote user to enter a password before factory-resetting a drive has been disabled. The second flaw is what permits a remote user to factory-reset the drive. Update: A second, zero-day flaw usedĪrs Technica, together with the security firm Censys, took a closer look at the log files from wiped My Book Live drives and found evidence that a second flaw, one previously unknown to Western Digital, was used in the attacks.įurthermore, the wiping of the drives may have been the result of an attempt by a second attacker to sabotage or steal the work of the first attacker.
#Wd 1tb my book live personal cloud storage 1tb black Patch#
It’s unclear if a patch will be made available to prevent this problem from escalating further.
WD’s official advice is still to disconnect your My Book Live drives from the internet, and prevent your data being wiped.
#Wd 1tb my book live personal cloud storage 1tb black update#
WD states in its official statement that the affected drives received their last firmware update in 2015. To make matters worse, it seems as though the problem was never patched when it was discovered and publicized in 2018. WD has confirmed that this issue is the result of the vulnerability being exploited on a large scale. This vulnerability allows for root remote command execution by anyone who knows the IP address of any unpatched device - which can be learned from an internet scan. Instead, the resets are being blamed on “malicious software," and WD clarified in a statement to BleepingComputer that affected devices have been “comprised by a threat actor."Įvidently, the wiped WD My Book Live devices are being affected by someone exploiting a known vulnerability in the device’s software. However, WD’s official statement claims that its cloud services and servers do not appear to have been compromised. This is a very reasonable concern to have. Others have confirmed that their drives only have the default folder that’s present when you switch it on for the very first time.īecause WD My Book devices are stored behind their own firewalls, and allow remote access via the My Book Live cloud servers, some users have expressed concerns that WD’s servers have been hacked.
#Wd 1tb my book live personal cloud storage 1tb black full#
Weirdly, some users have reported that their file structure appears to be intact, leaving the drive full of empty folders.