PSA – WD My Book Live! vulnerability

I’m not sure if anyone on here uses Western Digital’s old “My Book Live!” NAS drives (we still have one) but apparently they’re vulnerable to a remote factory reset attack which wipes the data.

WD’s response seems a bit half hearted as they recommend disconnecting the device from the internet and accessing it directly from a computer (loosing most of the point of a NAS drive); they’re also offering data recovery tools and a trade up programme.

There’s no mention of new firmware (it’s a discontinued model) although they admit it’s a firmware vulnerability but I’d hope that they’d be looking at this.

Woah, heard the factory reset thing, but not that root privs could be gained. That is properly shite.

WD are such a bunch of ****. We ordered some enterprise drives a while back and they were completely different to the previous batch we had. Same part number and price, but much worse performance.

they recommend disconnecting the device from the internet and accessing it directly from a computer (loosing most of the point of a NAS drive)

I believe they just recommending disabling remote access. I know you’re losing some of the functionality you paid for but how often do you actually access your drive remotely? You’ll still have it on your LAN which is where the vast majority of people use a NAS device.

I had one of these, bricked itself after a couple months so effectively became a dumb drive, utter rubbish, wouldn’t touch their products again.

I’ve got the similar WD My Drive.

TBH my first thought was those hackers are probably able to access the data on it quicker and easier than I can.

It’s the most hatefully frustrating, user unfriendly POS I’ve ever spent money on.

Supposedly all our phones back up to it, but they don’t. And supposedly it’s got hours of downloaded video and ripped music on it, but the TV can’t access it. If someone could just hack it and wipe it then I’d have an excuse to bin it rather than spend a whole evening trying to get a computer to access it next time I want to recover some Holliday snaps.

It’s the most hatefully frustrating, user unfriendly POS I’ve ever spent money on

Desperately low transfer rate locally too, f*** knows how bad it’d be remotely, I can’t remember ever trying.

I believe they just recommending disabling remote access.

Actually, yes, I think you’re right. I’ve just done that so hopefully we’re covered.

I don’t know what the likelihood is of a secure firmware update, we’ll have to wait an see.

I had one, the Drive rather than the Live. Horrible, horrible thing. I prised the case apart, liberated the drive and repartitioned/reformatted to use in my son’s desktop PC.

I mean,

Having a local drive exposed to the Internet just sounds like an astonishingly bad idea generally to me. If you need access to data on the go there’s a dozen better ways of doing it in this day and age.

I saw an article on Arse back when this first broke, people crying about losing years’ worth of data. The concept of backups has existed for about as long as electricity and having spent far too many hours of my life with knackered hard drives attempting data recovery for folk I now consider this a learning opportunity.

Storage is cheap. Back up your shit.

I don’t know what the likelihood is of a secure firmware update, we’ll have to wait an see.

The fact that WD are offering an upgrade replacement programme would suggest to that the likelihood is “none whatsoever.” They’re what, ten years old now? Must be heading that way at least.

I back up my WD to the cloud as I only really use it to hold my library for Sonos. Got fed up of the back up software as it seemed to triple the space I needed.

More importantly don’t they also store the encryption key on the drive, so if there is a failure you also lose the encryption key, essentially making it all useless?

I recall this being a reason I went with a synology drive way back when, I should probably actually fire it up and backup to it again too!