News

Western Digital My Book Live and WD My Book live Duo compromised

Photo of Simon Lüthje Simon Lüthje26. June 2021

Hard drive and storage product manufacturer Western Digital is issuing a security warning for its WD My Book Live and WD My Book Live Duo NAS systems. Some of the devices appear to be compromised, according to the information.

Cause research underway

With the vulnerability found, it should be possible for attackers to execute remote commands. Here, the first cases have probably already become known. Thus, the devices have been reset to factory state and all stored data on the NAS systems have been deleted. According to Western Digital, the last firmware update for the mentioned systems was released in 2015. This means that the installed firmware on the devices is already six years old. WD is now conducting cause research and wants to find out how the vulnerability came about. The manufacturer will release more information as soon as further findings are known.

Apart from the scenario of resetting the NAS systems to factory settings and deleting the data, there was another type of attack on the systems. In this case, the storages were password-protected, so that access to one’s own data is no longer possible. So far, these attack scenarios have not resulted in any ransom demands or are not yet known. However, there is a possibility that cyber criminals will exploit the vulnerability and use automated scans to identify Western Digital’s vulnerable devices in order to then lock them and subsequently demand a ransom for unlocking them.

Further action

Currently, it is not yet clear what will happen next for users of the affected devices. Western Digital says it is actively working on the incident and plans to announce more information as soon as possible. It is recommended that users of a WD My Book Live or WD My Book Live Duo disconnect the device from the Internet. If for some reason this is not possible, it is strongly recommended to back up all files to avoid complete data loss.

NAS storage should basically not be easily connected to the Internet unless it is really necessary. If the system is only used in the local network, then this should also only have access to the Internet for a short time to make the necessary updates here. However, firmware updates can also be downloaded from the manufacturer’s website and then just as well installed manually.

Tags
Photo of Simon Lüthje Simon Lüthje26. June 2021
Photo of Simon Lüthje

Simon Lüthje

I am co-founder of this blog and am very interested in everything that has to do with technology, but I also like to play games. I was born in Hamburg, but now I live in Bad Segeberg.

Related Articles

QNAP TVS-h874

QNAP TVS-h874: NAS with Intel Core i9-12900 and two times 10 GbE

13. January 2023
qnap

QNAP security vulnerability: Firmware update is ready

31. January 2023

Western Digital Black SN750 NVMe SSD Brings Gaming Mode for Lower Latency

19. January 2019

QNAP TS-855X-8G: High-performance NAS with SSD caching, PCIe slots and 10 GBit/s connectivity

4. July 2023

No replies yet

Beginne die Diskussion →

Neue Antworten laden...

Avatar of Basic Tutorials
Basic Tutorials

Neues Mitglied

1,941 Beiträge 949 Likes
Angeheftet Jun 26, 2021

Hard drive and storage product manufacturer Western Digital is issuing a security warning for its WD My Book Live and WD My Book Live Duo NAS systems. Some of the devices appear to be compromised, according to the information. Cause research underway With the vulnerability found, it should be possible for attackers to execute remote … (Weiterlesen...)

Antworten 1 Like

Beteilige dich an der Diskussion in der Basic Tutorials Community →

Back to top button