Western Digital My Book Live Devices Remotely Wiped By Malicious Software, But Who Is To Blame?
If you own a Western Digital My Book Live, unplug it from the internet as soon as possible. WD has reported that people have been waking up to find their My Book Live devices completed wiped of installed data due to malicious software performing a factory reset.
On June 23rd, WD Community Forum user sunpeak made a post explaining that he found that all his data is gone and the owner password for device management had been changed. At the time of writing, this thread has had over 15,800 views and over 177 responses, many of which echo similar issues. Sunpeak then further elaborated on his issue later in the thread, showing logs of what appears to be a factory restore script being run.
After the initial forum post took off, there was a resounding silence from WD and outraged users who also posted on Reddit. Since then, though, WD has made its own forum post explaining that the company “has determined that some My Book Live devices are being compromised by malicious software,” leading to “a factory reset that appears to erase all data on the device.” To stop this from happening, WD “recommend[s] you disconnect your My Book Live from the Internet to protect your data on the device” and is actively investigating. Interestingly, the post also mentioned that the My Book Live got its final firmware update in 2015, so this is no fault of WDs, or is it?
Yesterday, a product security post on Western Digital’s website was updated with similar information to the forum post. Within that product security post, a common vulnerability enumeration (CVE) number was linked, dating back to 2019 with an assigned CVSS score of 9.8 out of 10, making it a quite critical vulnerability. That CVE then links to the WizCase Research Team, who, in 2020, researched the vulnerability and seemingly reported it to Western Digital. The response they reportedly received states that as the CVE only affects My Book Live devices, and Western Digital has no concern as “these products have been discontinued since 2014 and are no longer covered under our device software support lifecycle.”
Western Digital continued, explaining that if users wanted to continue to use the device that they “configure their firewall to prevent remote access to these devices, and to take measures to ensure that only trusted devices on the local network have access to the device.” Ironically, the response also mentions that “Western Digital takes the security of our customers’ data seriously,” but requesting customers tinker with their firewall settings and ensure that only local access to the device is possible is quite a tall task.
Moreover, a CVE with a 9.8 CVSS score is nothing to scoff at, so WD probably should have gone back and made an exception to the software support lifecycle. However, this is not what happened, and now the company is in something of a pickle where users are losing data with little recourse. Moreover, there are still My Book Live devices for sale on places like Amazon, so new customers could be getting into the issue in the future as well.
In any case, make what you will of Western Digital, but if you find your data is gone from a My Book Live device, remove it from the internet and unplug it, so none of the data is overwritten accidentally. Then through either a professional service like WeRecoverData.com or self-run software, you may be able to get some things back in due time, provided you can pay for this. Either way, let us know what you think of this debacle and leave any tips or ideas for other My Book Live users in the comments below.
(Former Western Digital HQ Image Courtesy Of @alwaysfaded)