CAI Managed IT blog
Unpatched Vulnerability Leads to Remote Factory Resets in Western Digital My Book NAS Devices
Imagine going to log into one of your devices only to find that it has been completely wiped of any files located on it. Furthermore, imagine trying to log into your online account to manage the settings of said device, only to find that the password you know is correct is being identified as incorrect. This is the experience that many users of Western Digital’s My Book NAS device are currently going through, and it’s suspected that it is all because of an unpatched vulnerability.
The device in question, the Western Digital My Book, is a network-attached storage device that gives users the ability to remotely access files and manage devices. This is notable, as they can do so even if the NAS device is secured with a firewall or router. Bleeping Computer reports that some users are unable to log into their NAS devices, the reason being an “Invalid Password.” Since the devices appeared to be factory reset, some users tried the default login credentials but had no luck accessing their devices or recovering their files.
After some investigation, users discovered that the devices received a remote command to perform factory resets. Bleeping Computer reports that this attack is an odd one in terms of remote command attacks, mostly because the device in question is secured behind a firewall and communicates exclusively through the My Book Live cloud servers to issue remote access. Therefore, it makes sense for some users to assume that Western Digital’s servers were hacked, although they do mention that it is strange that the attack deleted files rather than issuing ransoms, such as with other threats like ransomware which are designed to steal data or encrypt files.
Although Western Digital is investigating the attack, Bleeping Computer does detail a statement issued by the company, stating the following:
- “If you own a WD My Book Live NAS device, Western Digital strongly recommends that you disconnect the device from the Internet. ‘At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device,’ Western Digital said in an advisory.”
These WD My Book Live devices have not received updates since 2015, so it’s unsurprising that a vulnerability surfaced. Still, this situation should be a reminder that it is beneficial to consider upgrading from unsupported devices to those that are actively receiving patches and security updates. That said, failing to administer patches and security updates as they are released is just as bad as using unsupported devices, so the responsibility falls on your shoulders to make sure that you are using technology that isn’t putting your organization at risk.
Need a Hand with Upgrading?
CAI Managed IT can help your organization take care of any updates to its technology infrastructure. Especially in today’s age of massive security breaches and considerable cyberthreats, it has never been more important to make sure that your network is protected in every conceivable way. To learn more about what we can do for your business, reach out to us at (800) 422-4782.