If you own a piece of Western Digital storage hardware, particularly the My Book Live and My Book Live Duo, you may want to heed the advise of the company and disconnect said devices.
This as earlier int he week, owners of the hardware reported that their internet-connected devices were wiped remotely overnight.
“Western Digital has determined that Internet-connected My Book Live and My Book Live Duo devices are under attack by exploitation of multiple vulnerabilities present in the device. In some cases, the attackers have triggered a factory reset that appears to erase all data on the device,” the company explained in an updated statement.
It went on to explain the nature of the vulnerability, which has been assigned the designation CVE-2021-35941.
“The My Book Live firmware is vulnerable to a remotely exploitable command injection vulnerability when the device has remote access enabled. This vulnerability may be exploited to run arbitrary commands with root privileges. Additionally, the My Book Live is vulnerable to an unauthenticated factory reset operation which allows an attacker to factory reset the device without authentication,” says Western Digital.
“We have reviewed log files which we have received from affected customers to understand and characterize the attack. The log files we reviewed show that the attackers directly connected to the affected My Book Live devices from a variety of IP addresses in different countries,” it adds.
Given that the big selling point of the My Book Live devices is the fact that they are internet-connected, this is a less than ideal situation for users. Naturally, Western Digital has advised that users disconnect their devices in the interim.
“Immediately disconnect your My Book Live and My Book Live Duo from the Internet to protect your data from ongoing attacks,” the statement continues.
“For customers who have lost data as a result of these attacks, Western Digital will provide data recovery services. My Book Live users will also be offered a trade-in program to upgrade to a supported My Cloud device. Both programs will be available beginning in July, and details on how to take advantage of these programs will be made available in a separate announcement,” it concluded.
We have reached out to Western Digital locally to find out if any reports have been made regarding the attacks and whether a similar trade-in will be offered to customers next month. We shall update this story when we have feedback.