Warning: WD My Book Live hard drives are hacked and erased over the Internet

The hard drive manufacturer Western Digital requests all users of the external storage media "WD My Book Live" and "WD My Book Live Duo" to immediately disconnect these NAS devices from the Internet. It should only be used if the computer to which the storage is connected is not communicating with the Internet or remote access is deactivated. This is because the “WD My Book Live” models may then be reset and deleted. The background is supposed to be a hacker attack. You can find official information on the topic in the relevant section Support document of the manufacturer who last received an update yesterday.

You should currently disconnect WD My Book Live hard drives or NAS systems from the Internet so that they are not deleted by a hacker attack. Here you can find official information about the firmware vulnerability CVE-2021-35941.

You should currently disconnect WD My Book Live hard drives or NAS systems from the Internet so that they are not deleted by a hacker attack. Here you can find official information about the firmware vulnerability CVE-2021-35941.

WD My Book Live with vulnerability CVE-2021-35941

Western Digital has identified the vulnerability in its external hard drive systems with the code CVE-2021-35941. "The My Book Live firmware is vulnerable to a remotely exploitable vulnerability for injectable commands when remote access is enabled on the device. This vulnerability can be exploited to execute arbitrary commands with root rights. In addition, the My Book Live is vulnerable to an unauthenticated factory reset, which could allow an attacker to reset the device to the factory settings without authentication“, It says (translated) in the document linked above.

Case description of the attack at Ars Technica: Read here

Western Digital offers data recovery for those affected

If you are one of those users who have lost their data due to an attack on the firmware of the WD My Book Live hard drives or NAS systems, then you can request a data recovery from the manufacturer. However, it is not 100 percent certain whether it can bring all of your folders and files back completely. If you want to start data recovery yourself or first want to find out whether and how much data can be recovered, then there are a few useful tools for this. Here is an overview (from the end of 2019): Top 5 Free Mac Data Recovery Apps. You can also read the articles via Disk Drill Pro in the human body and facts about the EaseUS Data Recovery Wizard consult.

-
Do you like my blog? Then I would be happy to receive a short review on Google. Easy leave something here for a moment - that would be great, thank you!

4 comments

  1. Martin Schellmoser says:

    The perfidious thing is that these old devices will probably no longer receive a firmware update, so that from now on you will be able to operate them without internet access, inevitably.

    • Jen Kleinholz says:

      Which of course drives the matter a bit of ad absurdum, since the hard drive (as I understood it) is supposed to be a cloud solution. And that without the Internet ??? Makes little sense ...

  2. Jens Helbing says:

    You can also operate these things as local NAS drives. Cloud is not absolutely necessary.

Leave a Comment

Your e-mail address will not be published. Required fields are marked with * .