Skip to main content

5 lines of code allowed attackers to wipe tons of data from popular hard drive

Western Digital My Book Live was hit with an attack last week that led to countless drives being factory reset, resulting in petabytes of lost data. Originally, reports showed that the main attack exploited a security vulnerability from 2018, and although that is still one of the attack vectors, there was another one at play. And it came down to only five lines of code.

An investigation by Ars Technica revealed that a second exploit was at work in at least some of the affected drives. This second exploit allowed attackers to factory reset the drives remotely without a password. Curiously, the investigation revealed that five lines of code would have protected the reset command with a password, but they were removed from the running code.

Recommended Videos

Even stranger, this vulnerability wasn’t critical to the data loss. The original exploit (CVE-2018-18472) allowed attackers to gain root access to drives, stealing the data off of them before wiping the drive. This vulnerability was discovered in 2018, but Western Digital ended support for My Book Live in 2015. The security flaw was never fixed.

“We have reviewed log files which we have received from affected customers to understand and characterize the attack,” Western Digital wrote in a statement. “Our investigation shows that in some cases, the same attacker exploited both vulnerabilities on the device, as evidenced by the source IP. The first vulnerability was exploited to install a malicious binary on the device, and the second vulnerability was later exploited to reset the device.”

These two exploits achieved the same goal but with different means, leading an investigation from security firm Censys to speculate that they were the work of two different groups of hackers. The investigation says it’s possible that an original group of attackers exploited the root access vulnerabilities to loop the drives into a botnet (a network of computers that hackers can draw resources from). However, a possible second group of attackers came in and exploited the password reset vulnerability to lock out the original attackers.

The two exploits apply to My Book Live and My Book Live Duo storage devices. These drives give users a few terabytes of network-attached storage, which is why these attacks were able to happen in the first place. Western Digital says anyone with a My Book Live or My Book Live Duo should immediately disconnect the drive from the internet, even if it hasn’t come under attack.

Western Digital, a computer hard disk drive manufacturer and data storage company, is offering affected customers data recovery services, which will begin in July. A Western Digital spokesperson told Ars Technica that the services will be free. It is also offering customers a trade-in program to upgrade to a newer My Cloud device, though Western Digital hasn’t said when the program is launching.

Jacob Roach
Former Lead Reporter, PC Hardware
Jacob Roach is the lead reporter for PC hardware at Digital Trends. In addition to covering the latest PC components, from…
Apple loses AI whiz to Meta with an offer that will make your eyes water
Meta AI widget on Home Screen.

It was just last month that OpenAI boss Sam Altman claimed that Meta had been trying to poach his top AI engineers by offering hiring bonuses of as much as $100 million.

There was renewed interest in the matter earlier this week when it emerged that Ruoming Pang, an esteemed AI engineer who oversaw Apple’s AI models, had jumped ship to Meta.

Read more
I found the best Prime Day deal on a tablet hidden beyond Amazon
Microsoft Surface Pro 12-inch, stylus, and keyboard.

A good tablet can take your productivity to the next level, but a boring one will find a niche use and eat dust on a table or couch for most of its time. I love iPads and have been pushing them – as far as I can — to act as my primary computing machine for nearly half a decade now. It has never managed to replace a proper laptop, like a MacBook Air or a Windows machine. 

Why not buy a Windows laptop, you might ask? Well, Windows-powered tablets, especially those Surface devices sold by Microsoft, are pretty expensive. I love the new 12-inch Surface Pro, but at $799, it felt like a steep purchase despite its impressive specifications. 

Read more
Prime Day is over, but this powerful Dell laptop is still at its lowest price
The Dell Vostro 3530 laptop on a white background.

Prime Day is already over, but that doesn't mean that there are no more laptop deals for you to shop on Amazon. Here's one that caught our eye -- the Dell Vostro 3530 with 32GB of RAM for its lowest-ever price of $649, following a 28% discount on its original price of $899. This limited-time offer of $250 off may not last much longer though, so if you want to take advantage of this bargain, we highly recommend that you finalize your purchase for this device as soon as you can.

Buy Now

Read more