Western Digital My Book Live Devices Wiped Remotely by Hackers

The My Book Live is a networked attached storage device manufactured by data storage company Western Digital. Over the last few days, the Internet has been rife with warnings about attacks on My Book Live devices that triggered a factory reset and a complete data wipe.

Western Digital published an official advisory late last week, urging customers to disconnect their My Book Live and My Book Live Duo devices from the Internet as soon as possible to prevent data loss. The attack on the devices abused a remote code execution vulnerability.

The hackers behind the attacks that took place all over the world abused the vulnerability and then executed a remote command that essentially completely resets the storage devices to factory condition and settings, wiping all data in the process. The log files discovered on some devices showed that the attackers ran a shell script that triggered the wipe.

There was no ransomware installed on any of the affected devices, data was not encrypted, it was simply wiped clean, which seems a little strange, as the attack is purely destructive and cannot possibly result in any profit for the hackers behind it, beyond attempting to damage Western Digital's reputation.

The vulnerability abused in the hack is codified as CVE-2018-18472 and is ranked with a extremely high severity rating of 9.8 out of 10, due to the fact that it includes a root remote command execution bug.

Western Digital specifically stated that they found no evidence of any of their cloud services, update servers or their customer credential databases being breached or illegally accessed.

On the bright side, some but not all users reported successfully using data recovery software to restore some of their files on the My Book Live devices. Western Digital further underlined the fact that the My Book Live devices affected by the hack were 2010 models that stopped receiving any security and firmware updates back in 2015, essentially ending official support.

While a lot of users bemoaned the loss of lots of family photos and important data, this should be a great reminder that everyone should ideally keep their really important digital data in at least one offline storage device, whether you go for a flash drive or a more durable and lasting external hard drive.

Any Internet-connected storage device will always bear the inherent risk of attacks and remote tampering and the only thing that can damage your data on offline storage is mechanical failure, which is extremely unlikely with today's technology.

June 28, 2021