Photo Corners headlinesarchivemikepasini.com
A S C R A P B O O K O F S O L U T I O N S F O R T H E P H O T O G R A P H E R
Enhancing the enjoyment of taking pictures with news that matters, features that entertain and images that delight. Published frequently.
WD Updates My Book Live Warning
1 July 2021
In a statement released yesterday, Western Digital updated its warning to WD My Book Live and WD My Book Live Duo owners that the multiple exploits are ongoing. The company offered both a data recovery and trade-in program to deal with the issue.
"Western Digital has determined that Internet-connected My Book Live and My Book Live Duo devices are under attack by exploitation of multiple vulnerabilities present in the device," the company said.
Tp analyze the attacks, the company reviewed customer log files.
The log files we reviewed show that the attackers directly connected to the affected My Book Live devices from a variety of IP addresses in different countries. Our investigation shows that in some cases, the same attacker exploited both vulnerabilities on the device, as evidenced by the source IP. The first vulnerability was exploited to install a malicious binary on the device and the second vulnerability was later exploited to reset the device.
WD also found its cloud services, firmware update servers and customer credentials were not compromised.
Our investigation of this incident has not uncovered any evidence that Western Digital cloud services, firmware update servers or customer credentials were compromised. As the My Book Live devices can be directly exposed to the Internet through port forwarding, the attackers may be able to discover vulnerable devices through port scanning. The vulnerabilities being exploited in this attack are limited to the My Book Live series, which was introduced to the market in 2010 and received a final firmware update in 2015. These vulnerabilities do not affect our current My Cloud product family.
WD said a data recovery program will begin this month. "My Book Live customers will also be offered a trade-in program to upgrade to a supported My Cloud device," the statement continued.
For more information see the Recommended Security Measures for WD My Book Live and WD My Book Live Duo.