Although it’s not comfortable for those who own a Western Digital My Book Live NAS drive Wiped last week, It seems they were attacked by one Combination of two vulnerabilities, And may fall into the consequences of a competition between two different hacker teams.
Initially, after the news came out on Friday, It is believed to be blamed on a known vulnerability in 2018 that allowed attackers to gain root access to the device. However, it now appears that previously unknown vulnerabilities have also been triggered, allowing hackers to remotely perform factory reset and install malicious binary files without a password.
A statement From Western Digital, updated today, the content is as follows: “My Book Live and My Book Live Duo devices are attacked by multiple vulnerabilities in the devices… My Book Live firmware is vulnerable to remotely exploitable command injection vulnerabilities The attacking device has enabled remote access. The vulnerability can be exploited to run arbitrary commands with root privileges. In addition, My Book Live is vulnerable to unauthenticated factory reset operations, which allows an attacker to do without authentication Factory reset the device. Unverified factory reset vulnerability [has] CVE-2021-35941 has been assigned. “
analysis WD’s firmware indicates that the code designed to prevent the problem has been commented out by WD itself, preventing it from running, and that the authentication type is not added to Component configuration file This results in the drive not requiring authentication before performing a factory reset.
So the question is, why would a hacker use two different vulnerabilities, especially when they have obtained root access through command injection vulnerabilities, using an undocumented authentication bypass, which is similar to the ancient technology website Ars Technica Speculation There may be more than one group working here, a group of bad guys trying to take over or destroy another person’s botnet.
Western Digital’s response is admirable, starting in July to provide data recovery services and provide a trade-in plan to convert outdated My Book Live drives into more modern My Cloud devices.
If you own one of the affected devices, please do not connect it to the Internet and contact Western Digital for support.