Hackers exploited zeroday that had been in My Book Live HDDs since 2011

Spread the love

Western Digital says the hackers behind the malicious software in My Book Live and Live Duo hard drives that caused users of the drives to lose their data en masse when connecting to the internet were using a zero day and not a 2018 bug.

Western Digital advised users five days ago to disconnect the WD My Book Live and WD My Book Live Duo from the Internet to prevent data loss after learning that the devices may contain malicious software that resets the drives to factory settings and destroys all clears user data.

Initially, it was thought that a vulnerability was being used that had been known since 2018. In an update on their website, Western Digital writes that further investigation shows that it is a zero-day, a previously undiscovered vulnerability that was introduced to My Book Live in 2011 as part of a refactor of the authentication logic in the hard drive’s firmware. The vulnerability made it possible to execute code remotely via an administrator API, which allows a factory reset to be set without a login. Next CVE-2018-18472 WD has too CVE-2021-35941 registered.

Western Digital is offering a data recovery service to all My Book Live users starting in July. They can also trade in their My Book hard drive for a My Cloud device. The company will announce more details about this at the beginning of July.

You might also like