Disconnect Now! Remote Exploit Destroying Data on Western Digital’s WD My Book Live and WD My Book Live Duo

If there’s one thing that’s sacred in the world of digital media, it is backup storage.

And a recent wave of exploits that are impacting owners of Western Digital backup solutions is a reminder of just how precious and fragile these storage devices can be.

A remote exploit is destroying the data on WD My Book Live and WD My Book Live Duo devices and the company is advising owners to disconnect these devices immediately.

It looks like it’s a pretty serious issue, too, because Western Digital issued no less than a lengthy response to the exploit and, when the advice is to basically turn the device off, you know things are dire.

An excerpt from the official post detailing the issue:

“Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability. In some cases, the attackers have triggered a factory reset that appears to erase all data on the device.

We are reviewing log files which we have received from affected customers to further characterize the attack and the mechanism of access. The log files we have reviewed show that the attackers directly connected to the affected My Book Live devices from a variety of IP addresses in different countries. This indicates that the affected devices were directly accessible from the Internet, either through direct connection or through port forwarding that was enabled either manually or automatically via UPnP.”

In somewhat of a silver lining to this story, this does seem to just be a virus and not a compromise of a user’s personal data or anything like that.

“Our investigation of this incident has not uncovered any evidence that Western Digital cloud services, firmware update servers, or customer credentials were compromised. As the My Book Live devices can be directly exposed to the internet through port forwarding, the attackers may be able to discover vulnerable devices through port scanning.

We understand that our customers’ data is very important. We do not yet understand why the attacker triggered the factory reset; however, we have obtained a sample of an affected device and are investigating further. Additionally, some customers have reported that data recovery tools may be able to recover data from affected devices, and we are currently investigating the effectiveness of these tools.”

As Western Digital outlines, the affected products were released in 2010 and the last firmware update for them was uploaded in 2015.

Check out some of our other photography news at this link.

[Western Digital]