Tech News

Western Digital drives remotely wiped: What experts say to do now

Owners of some Western Digital external hard drives should disconnect them from the internet and probably turn them off completely, as reports of remotely wiped data continue. The drive-maker confirmed last week that some owners had seen their network-connected storage accessed unofficially and a complete reset triggered, though details on just how much people should be concerned continue to emerge.

The affected drives, Western Digital says, are the WD My Book Live and WD My Book Live Duo. They were first released in 2010, and received their last firmware update in 2015. The company has not said how many are in circulation, nor given an estimate on how many people are still using their drives.

“Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability,” the company said in a security bulletin. In some cases, the attackers have triggered a factory reset that appears to erase all data on the device.”

Western Digital insists that there’s no current evidence that its own cloud services, firmware update servers, or customer credentials were compromised. Instead, it suggests, the My Book Live drives were left directly accessible via the internet, “either through direct connection or through port forwarding that was enabled either manually or automatically via UPnP.” Hackers then used port scanning to spot potential victims, the company theorizes.

“We do not yet understand why the attacker triggered the factory reset; however, we have obtained a sample of an affected device and are investigating further,” Western Digital added. “Additionally, some customers have reported that data recovery tools may be able to recover data from affected devices, and we are currently investigating the effectiveness of these tools.”

While Western Digital recommends owners disconnect their drives from the internet for safety, the suggestions over among users at Reddit is more cautious still. There, the advice is to turn the drives off altogether, on the assumption that hackers could have already loaded a trojan or some other exploit on there. That might then be scheduled to activate, wiping the drive even if it’s not online at the time.

Although doing that would mean no access to files – and would run counter to inclinations among owners to make a second backup of what’s on the My Book Live drive as soon as possible – it’s likely to be the safest route as further investigation continues.

For those who do want to try to extract what data might remain after a full reset wipe was initiated, the Reddit thread also includes plenty of discussion about which are the best tools for that. It’s unclear just how effective – or consistently effective – they are at this stage. Unless you’re familiar with data recovery software, it might be best to sit it out until Western Digital comes up with an official route to follow.

More broadly, anybody relying on networked drives should probably take a moment to consider their security settings. Open ports, set up through a router or cable modem, are an obvious point of entry for hackers, though many connected hard drives also have some sort of remote access software that relies on a username and password to make logging in while away from home more straightforward. If that’s the case, now would be a good time to check the strength of that password, in addition to enabling two-factor authentication if offered. Or, indeed, to consider whether or not you actually need the drive to be online in the first place.

Repost: Original Source and Author Link


Unplug your WD My Book Live, or you might find your drive’s data wiped

If you own a WD My Book Live NAS, you should immediately disconnect it from your network — users have discovered that their data has seemingly been deleted off the device, with no action on their part (via Ars Technica). In a post on its community forum, WD says that the data loss appears to be the result of “malicious software,” and advises any My Book Live or My Book Live Duo owners to disconnect their devices from the internet to protect their data.

Some users on WD’s forum report that their devices appear to have been factory reset, while others report seeing a page requesting a password they don’t know.

In most cases, those who have been affected say that all of the data on the device appears to be gone, with their file structure either remaining intact, but with empty folders, or no folders at all except the ones that come by default on the device.

We’ve reached out to WD to ask for comment, and we’ve explicitly asked whether the company will offer data recovery services to affected users, but we haven’t yet gotten a response. The company sent statements to both BleepingComputer and Ars Technica, which largely mirrored its community post, saying that WD is investigating the incident, and doesn’t believe its servers were compromised.

Repost: Original Source and Author Link