Hackers use two vulnerabilities to remotely wipe Western Digital devices

Western Digital My Book Live users around the world report their devices Remote wipe Overnight, the company release A statement attributing the incident to a specific vulnerability (CVE-2021-35941).An external investigation by Ars Technica with Derek Abdin | (The chief technology officer of the security company Censys) revealed that, however, criminals exploited another undocumented vulnerability in a file called system_factory_restore.

Generally, users must enter their password to perform a factory reset on their device. In fact, the script in the file contains lines for password-protected reset commands. However, someone in Western Digital “commented out” or, in non-technical terms, canceled the command by adding the double character / at the beginning of each line.Security expert HD Moore Als This will not make the company’s situation look good. “It’s like they deliberately enabled bypass,” Moore said, because the attacker must know the script format that triggered the reset in order to exploit the vulnerability.

A device attacked with the CVE-2021-35941 vulnerability was infected with malware. In at least one case, it was the malware that made the device part of a botnet. Since it doesn’t make sense to turn the My Book Live storage device into a botnet and then clear it, Abdine’s theory is that a hacker exploited the CVE-2021-35941 vulnerability. After that, a second (probably a competitor) hacker used a previously unknown reset vulnerability to control the device, and then used these devices as part of the botnet, or cancelled the work of the first hacker.

Either way, this incident just shows that the My Book Live storage device is currently not as secure as anyone hoped. Those who still have it should follow Western Digital’s advice and disconnect it from the Internet as soon as possible.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you purchase goods through one of these links, we may earn member commissions.

Leave a Reply

Your email address will not be published. Required fields are marked *