placeholder

Hasnain says:

The underlying issue seems to be an RCE (per WD’s latest update) which was reported in 2019 and has been unpatched since the product hit end of life in 2016. I expect there to be litigation here, this is definitely not a good look and really sucks for those people who just lost data.

And I just bought a WD drive this week (not using any internet capabilities though).

“The My Book is a popular storage device for consumers and businesses. It plugs into computers, typically through USB. The affected model here, known as My Book Live, uses an ethernet cable to connect to a local network. From there, users can remotely access their files and make configuration changes through Western Digital cloud infrastructure. Western Digital stopped supporting the My Book Live in 2015. The support forum thread was first reported by Bleeping Computer.

On its website, Western Digital advised customers to disconnect their My Book Live devices to prevent further attacks while the company investigates the mass wiping.”

Posted on 2021-06-25T07:22:12+0000