Skip to main content

5 lines of code allowed attackers to wipe tons of data from popular hard drive

Western Digital My Book Live was hit with an attack last week that led to countless drives being factory reset, resulting in petabytes of lost data. Originally, reports showed that the main attack exploited a security vulnerability from 2018, and although that is still one of the attack vectors, there was another one at play. And it came down to only five lines of code.

An investigation by Ars Technica revealed that a second exploit was at work in at least some of the affected drives. This second exploit allowed attackers to factory reset the drives remotely without a password. Curiously, the investigation revealed that five lines of code would have protected the reset command with a password, but they were removed from the running code.

Recommended Videos

Even stranger, this vulnerability wasn’t critical to the data loss. The original exploit (CVE-2018-18472) allowed attackers to gain root access to drives, stealing the data off of them before wiping the drive. This vulnerability was discovered in 2018, but Western Digital ended support for My Book Live in 2015. The security flaw was never fixed.

Please enable Javascript to view this content

“We have reviewed log files which we have received from affected customers to understand and characterize the attack,” Western Digital wrote in a statement. “Our investigation shows that in some cases, the same attacker exploited both vulnerabilities on the device, as evidenced by the source IP. The first vulnerability was exploited to install a malicious binary on the device, and the second vulnerability was later exploited to reset the device.”

These two exploits achieved the same goal but with different means, leading an investigation from security firm Censys to speculate that they were the work of two different groups of hackers. The investigation says it’s possible that an original group of attackers exploited the root access vulnerabilities to loop the drives into a botnet (a network of computers that hackers can draw resources from). However, a possible second group of attackers came in and exploited the password reset vulnerability to lock out the original attackers.

The two exploits apply to My Book Live and My Book Live Duo storage devices. These drives give users a few terabytes of network-attached storage, which is why these attacks were able to happen in the first place. Western Digital says anyone with a My Book Live or My Book Live Duo should immediately disconnect the drive from the internet, even if it hasn’t come under attack.

Western Digital, a computer hard disk drive manufacturer and data storage company, is offering affected customers data recovery services, which will begin in July. A Western Digital spokesperson told Ars Technica that the services will be free. It is also offering customers a trade-in program to upgrade to a newer My Cloud device, though Western Digital hasn’t said when the program is launching.

Jacob Roach
Former Digital Trends Contributor
Jacob Roach is the lead reporter for PC hardware at Digital Trends. In addition to covering the latest PC components, from…
This iBuyPower gaming PC with RTX 4060 is under $1,000 — for now
The iBUYPOWER Trace 7 Mesh gaming desktop on a white background.

Gaming PC deals worth buying still usually cost more than $1,000 after the discounts, but here's an offer from Best Buy that's available for a more affordable price. The iBuyPower Trace 7 Mesh, which is originally sold for $1,300, is down to just $900 following a $400 discount. We're not sure how much time is remaining before this bargain ends, so if you're interested in this gaming desktop, you need to push forward with your purchase immediately if you want to secure the savings.

Why you should buy the iBuyPower Trace 7 Mesh gaming PC
The iBuyPower Trace 7 Mesh is a relatively affordable gaming PC, but it doesn't sacrifice much in terms of performance. It runs on the AMD Ryzen 7 5700 processor and the Nvidia GeForce RTX 4060, which is in our list of the best graphics cards as our recommendation for 1080p gaming. It has 16GB of RAM, which is the best place to start for a gaming PC, according to our guide on how much RAM do you need. With these components, you won't have trouble playing the best PC games, though you'll have to go with medium settings for the more demanding titles.

Read more
Google gives memory superpowers to Gemini for more natural chats
Google Gemini running on an Android phone.

Google is finally bringing a crucial new feature to Gemini that will solve a key pain point of interacting with its AI chatbot. The company is enabling a memory feature which allows Gemini to pull up details from a past conversation.

“Whether you’re asking a question about something you’ve already discussed, or asking Gemini to summarize a previous conversation, Gemini now uses information from relevant chats to craft a response,” says a Google update.

Read more
Apple is working on a mini-LED Studio Display, but the iMac Pro is nowhere to be found
A person using a Mac Studio with an Apple Studio Display.

If you’ve been craving a souped-up Studio Display that improves on the original model released in 2022, there’s been some good news: it looks like a new model with a mini-LED panel and a ProMotion 120Hz refresh rate is on the way. Yet it’s left me with more questions than answers about Apple’s long-lost iMac Pro.

In the world of Apple leaks, you quickly learn that there are two sources whose reliability stands above the rest: Bloomberg reporter Mark Gurman and display industry expert Ross Young. When these two agree on something, it’s pretty much nailed on, and that’s exactly what just happened regarding Apple’s Studio Display.

Read more