A recent security exploit has rendered an entire range of My Book Live and My Book Live Duo useless. The Network Attached Storage hard drives, made by Western Digital, were affected by a vulnerability that was first discovered in 2018. Sadly the devices that were affected hadn’t been updated since 2015.
Recently, owners of MyBook Live and My Book Live Duo networked attached storage (NAS) devices discovered that their data has been wiped through a factory reset! An unknown cyberattack exploited a remote command execution (RCE) vulnerability which was first discovered in 2018. The NAS drives were accessed by a direct connection or through ports that had been forwarded manually or using UPnP.
Customers have been emailed and have been told to disconnect My Book Live from their network. Further advice has been given on how to access their device manually. Additionally, data recovery tools may be able to restore user’s data. Some customers have reported that they have managed to retrieve their data.
What about the latest devices?
Western digital assured customers that the latest devices use a newer security architecture and are not affected. Currently, there has been no sign of any data being compromised.
From a customer standpoint; I owned one of these devices. After western digital stopped updating the firmware I chose to find an alternative homemade solution, which I update regularly.
The downsides to technology are that as it advances companies want to build better products. As a result, older technology is always going to be vulnerable to attacks. Sadly this is at the expense of the previous model(s). This is understandable if we are talking about things like a microwave or a toaster. With something as precious as a hard drive that can contain your life’s precious memories it’s just not acceptable!
My Book Live Exploit Conclusion
Sadly, people who are not necessarily tech-savvy may have these devices and ultimately they pay the price. Shame on Western Digital I say! Now customers will have expensive Unattached Network Storage devices which defeat the purpose.
Are you one of the customers that was affected by this exploit? Have you managed to recover your data? Feel free to have your say.