Western Electronic has verified that its My E book Stay network-hooked up storage devices are being specific with destructive application able of wiping terabytes of info.
The assertion follows complaints from various end users who reported their NAS drives experienced been mysteriously wiped overnight.
On additional investigation, buyers unveiled their My Reserve Stay NAS drives experienced been given a remote command to initiate a manufacturing unit reset. It can be considered instructions began heading out at about 3 pm PDT (11 pm BST) on Wednesday, with a person user detailing how they “tried to accessibility some information by using the iPhone app but bought an mistake concept stating ‘unable to connect’”.
At 1st, the user “assumed it was just a Wi-Fi/network issue”.
“But when I tried to accessibility the push from my Computer system working with a shortcut every little thing was long gone other than for (vacant) default Public folders: Shared Tunes, Shared Pics, Shared Movies and Software package. The time stamps on individuals folders say they were developed at 00:16 (UK time) this early morning. There is also a .tickle file developed at 00:17. I can’t log into the UI on the unit as it suggests my password is invalid,” they added.
Another My Ebook Dwell consumer claimed that they discovered the following script in the person.log of their generate:
“Jun 23 15:14:05 MyBookLive factoryRestore.sh: start off script:
Jun 23 15:14:05 MyBookLive shutdown: shutting down for program reboot
Jun 23 16:02:26 MyBookLive S15mountDataVolume.sh: commence script: get started
Jun 23 16:02:29 MyBookLive _: pkg: wd-nas
Jun 23 16:02:30 MyBookLive _: pkg: networking-common
Jun 23 16:02:30 MyBookLive _: pkg: apache-php-webdav
Jun 23 16:02:31 MyBookLive _: pkg: date-time
Jun 23 16:02:31 MyBookLive _: pkg: alerts
Jun 23 16:02:31 MyBookLive logger: hostname=MyBookLive
Jun 23 16:02:32 MyBookLive _: pkg: admin-rest-api”
Following the issues, Western Electronic published a publish on the WD Local community forum confirming that “some My Book Are living units are becoming compromised by malicious software” and advisable that users disconnect their products as before long as doable.
“In some scenarios, this compromise has led to a manufacturing unit reset that appears to erase all information on the machine,” the enterprise mentioned. “The My Book Are living gadget acquired its last firmware update in 2015. We recognize that our customers’ info is very crucial. At this time, we endorse you disconnect your My Guide Live from the Internet to safeguard your information on the product. We are actively investigating and we will supply updates to this thread when they are accessible.”
Nonetheless, Western Digital didn’t elaborate on who could possibly be responsible for distributing the computer software, or no matter whether the corporation alone has been compromised by a cyber attack.
IT Pro has contacted the company and will update this story when much more details gets available.
Some elements of this posting are sourced from: