Skip to main content

5 lines of code allowed attackers to wipe tons of data from popular hard drive

Western Digital My Book Live was hit with an attack last week that led to countless drives being factory reset, resulting in petabytes of lost data. Originally, reports showed that the main attack exploited a security vulnerability from 2018, and although that is still one of the attack vectors, there was another one at play. And it came down to only five lines of code.

An investigation by Ars Technica revealed that a second exploit was at work in at least some of the affected drives. This second exploit allowed attackers to factory reset the drives remotely without a password. Curiously, the investigation revealed that five lines of code would have protected the reset command with a password, but they were removed from the running code.

Related Videos

Even stranger, this vulnerability wasn’t critical to the data loss. The original exploit (CVE-2018-18472) allowed attackers to gain root access to drives, stealing the data off of them before wiping the drive. This vulnerability was discovered in 2018, but Western Digital ended support for My Book Live in 2015. The security flaw was never fixed.

“We have reviewed log files which we have received from affected customers to understand and characterize the attack,” Western Digital wrote in a statement. “Our investigation shows that in some cases, the same attacker exploited both vulnerabilities on the device, as evidenced by the source IP. The first vulnerability was exploited to install a malicious binary on the device, and the second vulnerability was later exploited to reset the device.”

These two exploits achieved the same goal but with different means, leading an investigation from security firm Censys to speculate that they were the work of two different groups of hackers. The investigation says it’s possible that an original group of attackers exploited the root access vulnerabilities to loop the drives into a botnet (a network of computers that hackers can draw resources from). However, a possible second group of attackers came in and exploited the password reset vulnerability to lock out the original attackers.

The two exploits apply to My Book Live and My Book Live Duo storage devices. These drives give users a few terabytes of network-attached storage, which is why these attacks were able to happen in the first place. Western Digital says anyone with a My Book Live or My Book Live Duo should immediately disconnect the drive from the internet, even if it hasn’t come under attack.

Western Digital, a computer hard disk drive manufacturer and data storage company, is offering affected customers data recovery services, which will begin in July. A Western Digital spokesperson told Ars Technica that the services will be free. It is also offering customers a trade-in program to upgrade to a newer My Cloud device, though Western Digital hasn’t said when the program is launching.

Editors' Recommendations

After reaping the rewards, Nvidia turns its back on cryptocurrency
A cryptocurrency mining rig from a computer graphic card.

Nvidia has just shared an interesting opinion on cryptocurrencies. According to the chipmaker, crypto doesn't "bring anything useful for society." The computational power of the best graphics cards is better spent elsewhere, says Nvidia.

What's a better use for Nvidia GPUs? Like many others right now, Nvidia seems to be all about AI, and it appears to have a special interest in chatbots like ChatGPT and Bing Chat.

Read more
AI-generated videos have arrived, and they’re evolving fast
Robot holding a video camera, generated by Bing.

In a few short months, the world of generative AI has evolved from chatbots like ChatGPT to photorealistic images created by Midjourney. In case you thought things were slowing down any time soon, AI-generated videos might be about to have their big moment in the spotlight.

As highlighted by a tweet from Philipp Tsipman, the founder of a marketing platform for such videos, there have been five new AI video generators launched in just the last seven days. The quality varies, but it's clear that the technology is moving at a relentless pace. So, let's break down the five AI video generators, which range from janky to seriously impressive.

Read more
Possible Windows 12 hardware system requirements revealed
windows 11 taskbar third party app pinning

After the debacle over the controversial Windows 11 system requirements, the question of how they would change in future versions remains a point of interest.

And now, some of the first details about Windows 12's system requirements are beginning to surface despite its prospective launch still being some time away.

Read more