Western Digital External Drive Warning – Possible Data Loss

8 posts / 0 new
Last post
jeff51
jeff51's picture
Offline
Last seen: 9 hours 53 min ago
Joined: 03/26/2019 - 17:36
Posts: 1137
Location: Middle of Texas
Western Digital External Drive Warning – Possible Data Loss

WD has issued a notice that ALL users of My Book Live external drives UNPLUG IT NOW!.
That is unplug it from the internet.

A security breach is possible that allows a remote command to be issued to web attached drives to do a factory reset. Basically erasing all the data on the drive.

Ars Technica goes into the details.
https://arstechnica.com/gadgets/2021/06/mass-data-wipe-in-my-book-device...

So if you have a WD drive with an Ethernet connection. Unplug that sucker right now.
All the Best,
Jeff

And another article from Bleepingcomputer
https://www.bleepingcomputer.com/news/security/wd-my-book-nas-devices-ar...

Edited by: jeff51 on 06/27/2021 - 10:09
zoulas
zoulas's picture
Offline
Last seen: 25 min 37 sec ago
Joined: 06/01/2020 - 08:35
Posts: 1866

Interesting.

This is what happened when consumers use enterprise technology,

Although the My Book may not be enterprise technology, Network Attached Storage is.

This breach can happen to any NAS device as they all run web servers.

At lease in most cases, the only thing that was lost was porn. Easily replaceable .

voip
voip's picture
Offline
Last seen: 3 months 1 day ago
Joined: 09/15/2017 - 05:53
Posts: 124

Pretty much all my WD drives died a long time ago (hardware failure) – so I guess if your WD HDD lives long enough, be careful.

raccoon city
raccoon city's picture
Online
Last seen: 8 min 17 sec ago
Joined: 10/06/2010 - 02:35
Posts: 16909
Location: रॅकून सिटी Palm Desert CA USA

I have two 14TB Western Digital external drives, but I shucked them (converting them to internal drives.)

Luckily, they don't have their own internet connection, so I'm fine.

It is concerning that WD has this security breach.

I thought they knew what they were doing.  :-)

sb56637
sb56637's picture
Offline
Last seen: 6 hours 42 min ago
Joined: 01/08/2010 - 09:29
Posts: 7073
Location: The Light

zoulas wrote:

This is what happened when consumers use enterprise technology,

Although the My Book may not be enterprise technology, Network Attached Storage is.

This breach can happen to any NAS device as they all run web servers.

Yeah, I have to agree here. And especially given the fact that most of the stuff sold is just a quick one-off “throw it over the fence” product release with no view to future firmware updates. I received a LaCie NAS as a gift quite a few years ago, and it came with a Frankenstein flavor of Debian with some weird immutable parts of the filesystem and a different init system and a bootloader that would revert changes made to the boot sequence. They lost interest in providing updates for it, so it was essentially useless despite still being perfectly usable hardware. Fortunately I found an obscure wiki that had detailed instructions for hacking the bootloader, which allowed me to install vanilla Debian stable, and I run OpenMediaVault on top of that. But that’s obviously an undertaking that only about 0.01% of users would ever be willing to deal with, if they were even aware of the issues of running unsupported firmware.

Budget Light Forum ...where Frugal meets with Flashlight!

sb56637
sb56637's picture
Offline
Last seen: 6 hours 42 min ago
Joined: 01/08/2010 - 09:29
Posts: 7073
Location: The Light
voip wrote:
Pretty much all my WD drives died a long time ago (hardware failure) – so I guess if your WD HDD lives long enough, be careful.

Ha, touché. Wink

I don’t know which storage format is less fraught with potential catastrophic failure. “Spinning rust” drives are sort of a known quantity, basically you can expect them to pop sooner or later. SSD on the other hand technically should be much more reliable thanks to no moving parts, but in practice it appears that there’s a lot of junk out there with its own proprietary black-box firmware sitting between the OS and the actual disk sectors. There are reports of such firmware doing its own thing irrespective of the actions that the OS has requested, and of course no firmware updates for the most part.

Budget Light Forum ...where Frugal meets with Flashlight!

sb56637
sb56637's picture
Offline
Last seen: 6 hours 42 min ago
Joined: 01/08/2010 - 09:29
Posts: 7073
Location: The Light

Budget Light Forum ...where Frugal meets with Flashlight!

Dalamar
Offline
Last seen: 1 week 5 days ago
Joined: 04/25/2019 - 21:13
Posts: 255

Firmware update should be possible if WD gives a crap, but given that they have been selling unmarked SMR drives cuz capitalism i wouldn’t count on it.]
I buy Toshiba for a reason.. they’re the only ones that haven’t contributed to monopolization

I only like high CRI. Collection:

Fireflies NOV-MU 21 4500k E21A

Fireflies ROT66 219B SW45 D220

Fireflies E07 Copper 219B SW45k? (odd/higher lumen bin with lower r9 and higher cct?)

Fireflies E07 219B SW45k

Fireflies E07x Pro sst20 FA4 4000k 

 

Varmint removal:

Convoy M21A C8 ver SST20 4000k (5a)

Convoy S2+ SST20 4000k  FB4 (3200ma)

Memes:

BLF GT94

Emisar D18 660nm SST20 

 

 

CRI test dump https://drive.google.com/drive/folders/1kcl_uOhgfpR4RSsa8F4b-UUVP9mkL6Cr...