Western Digital says the hackers behind the malicious software in My Book Live and Live Duo hard drives, which caused users of the drives to lose their data massively when connecting to the Internet, were using a zero-day and not a 2018 bug.
Five days ago, Western Digital recommended that users disconnect the WD My Book Live and WD My Book Live Duo from the Internet to prevent data loss after discovering that the devices may contain malicious software that resets drives to factory settings and removes all data. delete user data.
Initially, it was thought that use was made of a vulnerability that had been known since 2018. In an update on their website, Western Digital writes that further investigation indicates a zero-day, a previously undiscovered vulnerability that was introduced to My Book Live in 2011 as part of a refactor of the authentication logic in the firmware of the hard disk. disk. The vulnerability made it possible to remotely execute code via an administrator api, so that a factory reset can be set without logging in. In addition to CVE-2018-18472, WD has also registered CVE-2021-35941.
Western Digital will be offering a data recovery service to all My Book Live users beginning in July. They can also trade in their My Book hard drive for a My Cloud device. The company will announce more details about this in early July.