Hackers exploited two flaws in event that remotely wiped Western Digital devices
After Western Digital My Book Live homeowners around the globe reported that their devices have been wiped remotely in a single day, the corporate issued a press release blaming a particular vulnerability (CVE-2021-35941) for the event. An exterior investigation performed by Ars Technica and Derek Abdine (CTO at safety agency Censys) has revealed, nonetheless, that the unhealthy actors exploited one other undocumented vulnerability in a file aptly named system_factory_restore.
Usually, customers must sort in their passwords to have the ability to carry out manufacturing facility resets on their devices. Indeed, the script in the file comprises traces to password shield the reset command. However, somebody in Western Digital “commented out” or, in non-technical parlance, canceled out the command by including the double / character initially of every line. HD Moore, a safety professional, defined to Ars that this does not make issues look good for the corporate. “It’s like they intentionally enabled the bypass,” Moore stated, for the reason that attackers must know the format of the script that triggers the reset to take advantage of the vulnerability.
Devices that have been hacked utilizing the CVE-2021-35941 vulnerability have been contaminated with malware, and in at the least one case, it was malware that makes a tool a part of a botnet. Since turning My Book Live storage devices into botnets after which wiping them clear is unnecessary, Abdine’s concept is that one hacker exploited the CVE-2021-35941 vulnerability. After that, a second (presumably rival) hacker exploited the beforehand unknown reset vulnerability to realize management of the devices, which have been then made a part of a botnet, or to undo the primary one’s work.
Either means, this event simply goes to indicate that the My Book Live storage devices aren’t as safe as anyone would love at this level. Those who nonetheless personal it ought to heed Western Digital’s recommendation and disconnect it from the web as quickly as attainable.
All merchandise really helpful by Engadget are chosen by our editorial staff, impartial of our guardian firm. Some of our tales embody affiliate hyperlinks. If you buy one thing by certainly one of these hyperlinks, we could earn an affiliate fee.
This Web site is affiliated with Amazon associates, Clickbank, JVZoo, Sovrn //Commerce, Warrior Plus etc.