Hard drive and storage product manufacturer Western Digital is issuing a security warning for its WD My Book Live and WD My Book Live Duo NAS systems. Some of the devices appear to be compromised, according to the information.
Cause research underway
With the vulnerability found, it should be possible for attackers to execute remote commands. Here, the first cases have probably already become known. Thus, the devices have been reset to factory state and all stored data on the NAS systems have been deleted. According to Western Digital, the last firmware update for the mentioned systems was released in 2015. This means that the installed firmware on the devices is already six years old. WD is now conducting cause research and wants to find out how the vulnerability came about. The manufacturer will release more information as soon as further findings are known.
Apart from the scenario of resetting the NAS systems to factory settings and deleting the data, there was another type of attack on the systems. In this case, the storages were password-protected, so that access to one’s own data is no longer possible. So far, these attack scenarios have not resulted in any ransom demands or are not yet known. However, there is a possibility that cyber criminals will exploit the vulnerability and use automated scans to identify Western Digital’s vulnerable devices in order to then lock them and subsequently demand a ransom for unlocking them.
Currently, it is not yet clear what will happen next for users of the affected devices. Western Digital says it is actively working on the incident and plans to announce more information as soon as possible. It is recommended that users of a WD My Book Live or WD My Book Live Duo disconnect the device from the Internet. If for some reason this is not possible, it is strongly recommended to back up all files to avoid complete data loss.
NAS storage should basically not be easily connected to the Internet unless it is really necessary. If the system is only used in the local network, then this should also only have access to the Internet for a short time to make the necessary updates here. However, firmware updates can also be downloaded from the manufacturer’s website and then just as well installed manually.