Last week, users of My Book Live hard drives discovered to their horror that their stored data had been completely erased, without their having done anything. Now, Western Digital has confirmed the method used by attackers to access drives, and is again asking users to disconnect their drives from the Internet to avoid further problems.
It all started when the Western Digital forums were filled with users asking why their My Book Live and My Book Live Duo drives had been erased . These external hard drives stand out for having a network connection, with which it is possible to connect them to the Internet to manage them remotely with an app.
Initially, the suspicion was that the disks had a security hole, which allowed to enter the internal system and initiate the erasure, in addition to changing the password. However, now Western Digital has revealed that the attack was made possible by a mistake it made in 2011 and that until now has not been discovered.
The fatal flaw
This flaw allows an attacker to connect to the device and erase all the contents of the hard drive, initiating a factory reset without needing to know the password ; therefore, it is different from the initially suspected bug, which gave complete control over the device. In reality, the attacker or attackers could not control the hard drive, they only recovered the factory settings, including deleting data and the set password.
A year after launching the My Book Live, Western Digital released an update that made some changes to the system; As security researchers have discovered, the new code had a function that prevented this type of access to do a factory reset, but it had been disabled.
Now, Western Digital has confirmed that it turned this feature off on purpose . It seems weird, but you had to do this because you wanted to change the way user authentication was done within the system; that’s where the crash occurred, as the developers forgot, or couldn’t, add the correct authentication type. As a result, these devices suddenly allowed anyone who connected to start the factory reset process.
A hacker war?
But why are the discs being erased right now? Censys security analysts have a curious theory: it would be the result of a war between hackers. A group could have taken control of hard drives to form a “botnet”, a network of infected devices that can be used to carry out DDoS (denial of service) attacks by all connecting to a server at the same time.
In response, the rival group reportedly used Western Digital’s ruling to force a factory reset and thus eliminate the botnet. However, none of this has been confirmed by the manufacturer.
Western Digital will attempt to recover data
Western Digital has indeed presented its plan to help users affected by these attacks. The company has guaranteed that it will provide data recovery services for the attacked My Book Live drives, although it has not clarified if it will entail an additional cost; Support for these devices ended in 2015, but the nature of this failure has motivated the company to make this promise.
Additionally, WD will also offer a new trade-in program, which will allow users to purchase a new discounted My Cloud in exchange for their My Book Live; the My Cloud is the successor and has more functionalities and is better supported.
Both initiatives will begin next July, with details yet to be confirmed.
Erik Brady is a news media and fitness professional with a strong experience in online journalism as well as he is a well-known fitness instructor. He strength includes knowledge of sports, health, yoga, meditation, and proficiency. From a young age, Erik has interest in Football and he is YourMiningNews Contributor.