Data loss problem of WD NAS, involvement of multiple hostile hackers? WD to provide recovery and trade-in response
About five days ago, people around the world using Western Digital (WD) NAS "My Book Live" reported that the data they had stored suddenly disappeared. was. This issue was found to include not only a single vulnerability, but also the exploitation of a second critical security bug that allowed hackers to perform factory resets remotely without a password. increase.
My Book Live is a NAS with Internet access function, which is excellent for wirelessly backing up external computers and accessing files saved on the NAS from any device such as a smartphone even when you are away from home. However, if the data stored there is erased by someone, the loss to the user will be enormous.
Initially, it was discovered that this issue exploited a zero-day vulnerability (CVE-2021-35941) that existed in NAS systems. However, according to a survey by information security company Censys, some of the affected devices have been exploited by a vulnerability in the PHP script "system_factory_restore" used to restore the NAS to its factory state. It was newly discovered.
My Book Live allows users to enter a password when it is shipped from the factory, and that password is encrypted. However, the protection was disabled because someone added a comment-out code to the relevant processing part of the above script. Censys said that this tampering "needs the attacker to know the format of the script that triggers the reset," pointing out the possible involvement of someone inside (or once inside) the WD. increase.
On the other hand, on some of the devices where CVE-2021-35941 was exploited, it was infected with malware. The malware embeds My Book Live in a botnet called Linux.Ngioweb.
So why did an attacker who succeeded in incorporating so many My Book Lives into a botnet bothered to reset the device to factory defaults?
A possible story is that the attacker who exploited the zero-day vulnerability and the attacker who returned to the factory state are probably in a hostile position, the second attacker against the actions of the first attacker. May have tried to take control of a rival botnet, or just wanted to interfere.
In any case, this issue shows that the My BookLive storage device, which is no longer supported in 2015, is no longer a safe device. If you are still using it, you should disconnect from the internet as soon as the manufacturer requests.
The latest information reveals that WD will offer data recovery services as a manufacturer, and will also offer My Book Live users a trade-in program to upgrade to the new supported My Cloud products.
This issue involves various factors related to clothes colanders, but I can say for sure that it is safe to replace storage devices with network functions as soon as the product support period expires.
Source: Western Digital
via: Ars Technica
This content is not available in your privacy settings. Please change your settings here. This content is not available in your privacy settings. Please change your settings here. This content is not available in your privacy settings. Please change your settings here. This content is not available in your privacy settings.Please change the setting here