Western Digital has alerted customers to a critical bug in its My Book Live storage drives, warning them to disconnect devices from the Internet to protect drives from remote wipe.
In one advisory, the storage company said the My Book Live and My Book Live Duo devices were “compromised by the exploitation of a remote command execution vulnerability.” CVE-2018-18472. The exploit is described as a root remote command execution bug that can be triggered by anyone knowing the IP address of the affected device – and is currently “exploited in the wild in June 2021 for commands factory reset “.
Reports of the issue emerged on Thursday after owners of NAS devices turned to Western Digital support forum to complain.
“All of my data is gone as well. The message in the GUI says it was a ‘factory reset’ today! I’m totally screwed without this data … years,” one wrote. user.
“I kept all my documents on this drive. All files are gone,” said another.
Device logs posted on the Western Digital Forums show the devices were reset remotely, although the culprits have not been found. In a statement released earlier today, the company said it does not believe its own servers are compromised.
The Western Digital My Book Live connects to a host computer via USB, with Internet access through an Ethernet port on the back. Remote access is obtained through Western Digital’s own cloud servers.
NAS drives have a long history of being victimized by malicious actors. In April, Taiwanese storage giant QNAP urged customers to update their drives in the face of two specifically targeted strains of ransomware, Qlocker and eCh0raix.
The previous year, authorities in the US and UK warned of a massive data theft malware infection targeting QNAP drives. Dubbed Qsnatch, the attack compromised around 62,000 aircraft. Once inside, the malware opened several backdoors, including SSH and a webshell, and resisted attempts by the owner to deploy firmware updates that would have resolved the issue.
Lenovo has also been caught with the pants down in the past, hastily releasing a firmware patch in 2019 for its Iomega-branded storage devices after a security breach could have potentially seen the contents of the drives exposed to the internet.
While details of the “how” and “why” of this particular incident are thin on the ground, Western Digital has noted that its My Book Live NAS devices received a final firmware update in 2015. In practice , that means nearly seven years of security vulnerabilities that have not been addressed, leaving users at risk.
While Western Digital has not disclosed the extent of the problem, a quick search on Shodan shows over 200 My Book Live devices publicly accessible from the Internet.
The register asked Western Digital for comment. ®