Last week, we learned that a vulnerability has begun affected Western Digital's My Book Live and My Book Live Duo devices, leading to data loss for users when these devices are connected to the internet. Now, WD has discovered that there is also a second exploit affecting these drives.
In a security bulletin update, Western Digital has confirmed that internet-connected My Book Live and My Book Live duo drives are being targeted using multiple vulnerabilities. In some cases, these vulnerabilities have been used to trigger a factory reset of the drive, erasing all data.
The My Book Live firmware is vulnerable to a remotely exploitable command injection vulnerability when the device is configured with remote access enabled. The My Book Live is also vulnerable to an unauthenticated factory reset operation, which is how attackers have been seemingly wiping these drives when they are connected to the internet.
WD has found that the unauthenticated factory reset vulnerability was introduced to the My Book Live in an April 2011. However, Western Digital Cloud Services, firmware update servers and customer credentials have not been impacted by these vulnerabilities.
Due to the data loss that customers have suffered, Western Digital is providing a data recovery service, which will be available starting in July. Those who own a My Book Live will also be offered a trade-in program to upgrade to a WD My Cloud device, which is still supported with firmware updates.
Anyone who owns a My Book Live or My Book Live Duo should immediately disconnect the device from the internet in order to keep data protected.
KitGuru Says: Hopefully customers that were impacted by this can get their data recovered, but we'll have to wait and see. Do any of you own a My Book Live or My Book Live Duo? Were you impacted by these recent attacks?