Security News > 2021 > June > Zero-Day Used to Wipe My Book Live Devices

Zero-Day Used to Wipe My Book Live Devices
2021-06-30 16:08

The company is also planning to offer a trade-in program to get customers onto the cloud - specifically, onto a supported My Cloud device - and off of old My Book Live and My Book Live Duo devices, an indeterminate number of which were remotely eviscerated in an attack that exploited what turns out to have been a zero-day vulnerability.

Besides the unauthenticated factory-reset operation, Western Digital said that the firmware for My Book Live is also vulnerable to a remotely exploitable command-injection vulnerability when the device has remote access enabled.

Log files from customers who lost data show that attackers directly connected to their My Book Live devices from a variety of IP addresses in different countries, Western Digital said.

One user in Western Digital's support forum reported that their My Book Live was infected with this malware, which makes devices part of a botnet called Linux.

"As the My Book Live devices can be directly exposed to the internet through port forwarding, the attackers may be able to discover vulnerable devices through port scanning," according to Western Digital's update.

As far as moving to the company's My Cloud Live devices goes, Abdine told Ars that the replacement devices don't have the bugs that were exploited last week.


News URL

https://threatpost.com/zero-day-wipe-my-book-live/167422/