WD My Book NAS devices being remotely wiped clean
26-06-2021, 00:09
|
#1
|
Dr Pepper Addict
Cable Forum Team
Join Date: Oct 2003
Location: Nottingham
Age: 61
Services: Flextel SIP : Sky Mobile : Sky Q TV : VM BB (1000 Mbps) : Aquiss FTTP (330 Mbps)
Posts: 27,707
|
WD My Book NAS devices being remotely wiped clean
If you have one, it may be too late, but disconnect it from the internet.
https://www.bleepingcomputer.com/new...ean-worldwide/
Quote:
Western Digital My Book NAS owners worldwide found that their devices have been mysteriously factory reset and all of their files deleted.
|
__________________
Baby, I was born this way.
|
|
|
29-06-2021, 17:03
|
#2
|
cf.mega poster
Join Date: Apr 2004
Location: Northampton
Services: Virgin Media TV&BB 350Mb,
V6 STB
Posts: 7,862
|
Re: Western Digital - Security issue
It's official.
WD site
Quote:
Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability. In some cases, the attackers have triggered a factory reset that appears to erase all data on the device.
|
Quote:
Advisory Summary
At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device by following these instructions on our Knowledge Base.
We have heard customer concerns that the current My Cloud OS 5 and My Cloud Home series of devices may be affected. These devices use a newer security architecture and are not affected by the vulnerabilities used in this attack. We recommend that eligible My Cloud OS 3 users upgrade to OS 5 to continue to receive security updates for your device
|
Link
Quote:
In general, we recommend using Internet-isolated solutions for creating and storing backups of important information. The isolation will prevent you from accessing backups remotely, but it will also prevent anyone else from accessing them remotely.
|
I could be wrong, but I think that attaching it to something other than the VM superhub might be a solution. I was looking into remotely accessing my WD Cloud NAS setup(24Tb RAID5), where it's connected to a separate router which is then connected to the superhub(not in modem mode). It wasn't going to be straight forward.
Known as Double NAT.
Quote:
Double NAT is when you connect your router behind another router creating two different private networks. For example, connecting your NETGEAR router behind a modem/router provided by your ISP. Double NAT does not prevent your devices access to the internet but may cause problems with playing online games, opening a specific service port, connecting to a VPN tunnel, or visiting secure sites with SSL. Also, the devices connected to the first private network may not be able to communicate to the devices connected to the other private network.
|
Last edited by nomadking; 29-06-2021 at 17:18.
|
|
|
29-06-2021, 17:04
|
#3
|
cf.mega poster
Join Date: Jun 2003
Posts: 8,899
|
Re: Western Digital - Security issue
This looks genuine. It's also on WD's website:
https://www.westerndigital.com/suppo...-mybookliveduo
I suggest you leave it disconnected (and powered off?) until they publish further info.
|
|
|
30-06-2021, 08:04
|
#4
|
CF Resident Dog
Join Date: Mar 2005
Posts: 14,259
|
Re: Western Digital - Security issue
Disconnect from the internet or risk losing everything on the drive.
__________________
PSN: Snoopzster
|
|
|
30-06-2021, 10:18
|
#5
|
Mum 15/08/46 - 30/09/20
Join Date: Mar 2004
Location: Galactic Sector ZZ9 Plural Z Alpha, www.daves-world.co.uk. A secret Moonbase (shh don't tell anybody)
Age: 55
Services: 1 V6, 2x1TB TiVo, SH3. Samsung Galaxy Note 10+ 5G, Ton's of Smart Home stuff, & Cuddy Toy
Posts: 16,872
|
Re: WD My Book NAS devices being remotely wiped clean
I have received an email from WD telling me to disconnect my that NAS drive from my network.
I'm hoping they release some update soon
__________________
STAY AT HOME: I found out that mum will never walk again as the coronavirus attacked her nervous system. She died on September 30th, wearing a mask and she still might be alive today.
|
|
|
01-07-2021, 17:10
|
#6
|
cf.addict
Join Date: Dec 2003
Location: Glasgow & France
Age: 75
Services: VM phone , 2xV6 (Full house XL), ViViD200 Optical fibre BB. Stream - Netflix, iPlayer,
Posts: 106
|
Re: WD My Book NAS devices being remotely wiped clean
Latest info from Western Digital :
Western Digital has an important announcement for registered My Book Live or My Book Live Duo customers.
Immediately disconnect your My Book Live device from the Internet to protect your data from ongoing attacks. You can disconnect the device and continue to access your data locally by following these instructions on our Knowledge Base.
Some My Book Live devices connected to the Internet are being compromised by attackers and in some cases, the attackers have triggered a factory reset that appears to erase all data on the device.
We are here to help. Although this product family is no longer sold or supported by Western Digital, we know some of our customers have been impacted and we want to help. If you have lost your data as a result of these attacks, we will provide data recovery services which will be available beginning in July.
We know how important your data is to you and are committed to helping you protect it. We are launching a trade-in program that will allow you to upgrade from your My Book Live to one of our supported My Cloud devices.
We will provide details about how to take advantage of these programs in a separate email.
In case you are concerned about other products and services from Western Digital, our investigation of this incident has not found any evidence that our cloud services, firmware update servers, or customer credentials were compromised. The vulnerabilities being exploited are limited to the My Book Live devices, which were introduced to the market in 2010 and received a final firmware update in 2015. These vulnerabilities do not affect our current My Cloud product family.
The latest information about this incident will be available on our Product Security Portal. If you need any additional help, please contact our Customer Support team.
Very commendable, but let's wait & see.
__________________
|
|
|
01-07-2021, 19:16
|
#7
|
Dr Pepper Addict
Cable Forum Team
Join Date: Oct 2003
Location: Nottingham
Age: 61
Services: Flextel SIP : Sky Mobile : Sky Q TV : VM BB (1000 Mbps) : Aquiss FTTP (330 Mbps)
Posts: 27,707
|
Re: WD My Book NAS devices being remotely wiped clean
Very much [reputation] damage limitation, but well done to them anyway.
__________________
Baby, I was born this way.
|
|
|
02-07-2021, 10:49
|
#8
|
cf.mega poster
Join Date: Jul 2008
Location: Coventry
Services: Vodafone/City Fibre Gigafast 900
Posts: 1,781
|
Re: WD My Book NAS devices being remotely wiped clean
I take it that Western Digital external USB drives attached to my ASUS router are unaffected, and that this problem only affects WD NAS devices.
__________________
Join Date: Jul 2008
Location: Coventry
Services: FACTCO/CityFibre 1GB FTTP; Asus GT-AX11000 +3 iMesh nodes; Humax 2Tb TV boxes x2; Synology DS920+ used as Plex server
|
|
|
05-07-2021, 16:47
|
#9
|
Mum 15/08/46 - 30/09/20
Join Date: Mar 2004
Location: Galactic Sector ZZ9 Plural Z Alpha, www.daves-world.co.uk. A secret Moonbase (shh don't tell anybody)
Age: 55
Services: 1 V6, 2x1TB TiVo, SH3. Samsung Galaxy Note 10+ 5G, Ton's of Smart Home stuff, & Cuddy Toy
Posts: 16,872
|
Re: WD My Book NAS devices being remotely wiped clean
Quote:
Originally Posted by roughbeast
I take it that Western Digital external USB drives attached to my ASUS router are unaffected, and that this problem only affects WD NAS devices.
|
Yeah ATM.
__________________
STAY AT HOME: I found out that mum will never walk again as the coronavirus attacked her nervous system. She died on September 30th, wearing a mask and she still might be alive today.
|
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
|
|
Posting Rules
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
HTML code is Off
|
|
|
All times are GMT +1. The time now is 09:49.
|