Skip to main content

5 lines of code allowed attackers to wipe tons of data from popular hard drive

Western Digital My Book Live was hit with an attack last week that led to countless drives being factory reset, resulting in petabytes of lost data. Originally, reports showed that the main attack exploited a security vulnerability from 2018, and although that is still one of the attack vectors, there was another one at play. And it came down to only five lines of code.

An investigation by Ars Technica revealed that a second exploit was at work in at least some of the affected drives. This second exploit allowed attackers to factory reset the drives remotely without a password. Curiously, the investigation revealed that five lines of code would have protected the reset command with a password, but they were removed from the running code.

Even stranger, this vulnerability wasn’t critical to the data loss. The original exploit (CVE-2018-18472) allowed attackers to gain root access to drives, stealing the data off of them before wiping the drive. This vulnerability was discovered in 2018, but Western Digital ended support for My Book Live in 2015. The security flaw was never fixed.

“We have reviewed log files which we have received from affected customers to understand and characterize the attack,” Western Digital wrote in a statement. “Our investigation shows that in some cases, the same attacker exploited both vulnerabilities on the device, as evidenced by the source IP. The first vulnerability was exploited to install a malicious binary on the device, and the second vulnerability was later exploited to reset the device.”

These two exploits achieved the same goal but with different means, leading an investigation from security firm Censys to speculate that they were the work of two different groups of hackers. The investigation says it’s possible that an original group of attackers exploited the root access vulnerabilities to loop the drives into a botnet (a network of computers that hackers can draw resources from). However, a possible second group of attackers came in and exploited the password reset vulnerability to lock out the original attackers.

The two exploits apply to My Book Live and My Book Live Duo storage devices. These drives give users a few terabytes of network-attached storage, which is why these attacks were able to happen in the first place. Western Digital says anyone with a My Book Live or My Book Live Duo should immediately disconnect the drive from the internet, even if it hasn’t come under attack.

Western Digital, a computer hard disk drive manufacturer and data storage company, is offering affected customers data recovery services, which will begin in July. A Western Digital spokesperson told Ars Technica that the services will be free. It is also offering customers a trade-in program to upgrade to a newer My Cloud device, though Western Digital hasn’t said when the program is launching.

Editors' Recommendations

Jacob Roach
Lead Reporter, PC Hardware
Jacob Roach is the lead reporter for PC hardware at Digital Trends. In addition to covering the latest PC components, from…
The best Copilot+ laptops that you can buy now
The two sizes of the Galaxy Book4 Edge on a table.

Copilot+ PCs represent a new era for Windows. Microsoft's implementation of AI is key to these new devices, of course, but so is the transition to Arm. Although Copilot+ isn't limited to Qualcomm's Arm chips, right now they have exclusivity because of the required 40 Tera Operations Per Second (TOPS) performance of the neutral processing unit (NPU) in these devices.

That means these new laptops are thin, powerful, and have fantastic battery life -- a fantastic antidote to the MacBook Air. Though we haven't reviewed any in-depth yet, here are our favorites from among the ones we've seen in person so far.
Microsoft Surface Laptop

Read more
This Alienware gaming laptop is currently on sale for $445 off
The Alienware m16 R2 on a table in front of a window.

Gamers who are planning to upgrade with the help of gaming laptop deals may want to turn their attention towards Dell's $445 discount for the Alienware m16 R2 gaming laptop. From the original price of $1,945 for this configuration with the Nvidia GeForce RTX 4060 graphics card, it's down to a more reasonable $1,500. It's still not cheap, but it's an excellent price for a device that's this powerful and reliable. The savings may disappear at any moment though, so you should complete your purchase immediately if you're interested.

Why you should buy the Alienware m16 R2 gaming laptop
The Alienware m16 R2 gaming laptop is designed to run the best PC games at their highest settings with its Intel Core Ultra 9 processor and Nvidia GeForce RTX 4060 graphics card, and it's equipped with 32GB of RAM that's the sweet spot for high-end gamers, according to our guide on how much RAM do you need. With these specifications, you'll even be prepared for the upcoming PC games of the next few years, and when you start to feel that the gaming laptop is lagging behind, it's upgradeable so you can swap out parts for better components.

Read more
What is Recall? Window’s controversial new AI feature, explained
Microsoft introducing the Recall feature in Windows 11.

When Microsoft went to launch its new Copilot+ PCs, it needed an AI feature that could showcase the power of the new NPU and AI models. That feature is Recall.

On one hand, it's a privacy nightmare wrapped in a glorified search bar. On the other, it could represent the biggest change to the way we use PCs in years.
What is Recall?

Read more