OMNINET PLUS Blog

OMNINET Plus has been serving the Washington D.C. metropolitan area since 1994, providing IT Support such as technical help-desk support, computer support, and consulting to small and medium-sized businesses.

Vulnerability Leads to the Deletion of All Data on My Book NAS Devices

Vulnerability Leads to the Deletion of All Data on My Book NAS Devices

Nothing is more frustrating than going to log into your device and finding out that you either cannot access it or that files you thought were there have been wiped. Unfortunately, this is the situation that many users of a specific device have recently gone through. Thanks to an unpatched vulnerability, users of Western Digital’s My Book network-attached storage device are suffering from lost files and lost account access stemming from remote access.

The Western Digital My Book NAS device gives users the ability to remotely access their files, even if the NAS device is secured with a firewall or router. Essentially it is a consumer-based external hard drive that you could potentially access from outside your home network. Bleeping Computer reports that some users cannot access their devices due to what appears to be a factory reset, and they received an “Invalid Password” notification upon login. Some users have tried using the default login credentials, too, but to no avail. 

After a little digging on the users’ end, they discovered that their devices received a remote command to perform a factory reset. Bleeping Computer calls this attack an odd one as far as remote attacks go, mostly because the device targeted is secured behind a firewall and communications funnel through the My Book Live cloud servers. This has led some users to believe that the Western Digital servers were hacked, but it is odd that the extent of the damage is only deleted files rather than installed ransomware or other threats.

Although Western Digital is investigating the attack, Bleeping Computer does detail a statement issued by the company, stating the following:

  • “If you own a WD My Book Live NAS device, Western Digital strongly recommends that you disconnect the device from the Internet. ‘At this time, we recommend you disconnect your My Book Live and My Book Live Duo from the Internet to protect your data on the device,’ Western Digital said in an advisory.”

These WD My Book Live Devices have not received updates since 2015, so vulnerabilities are not entirely unexpected. However, this is more or less a wakeup call for those who have been considering an upgrade for the device. In general, you don’t want to utilize devices that are not actively being supported by the manufacturer, as failing to receive said security updates could result in situations like the one we’ve detailed above. You should also make sure that you are deploying said updates as they are released, as not doing so is the equivalent of using unsupported technology solutions. Remember, it is your responsibility to protect your data!

It’s also imperative that you always store all of your important data on at least two separate devices, or even three for most businesses. Since the device in this case was an external hard drive, hopefully the majority of users were using it as a backup, but we’re afraid that isn’t always going to be the case. Don’t rely on a single drive to store your data!

Need a Hand with Updates and Maintenance?

If your business is ready to start taking its technology updates seriously, OMNINET PLUS can help you deploy updates or potentially even upgrade to new hardware to minimize the odds of security issues arising. To learn more about how we can help you keep your infrastructure as secure as possible, give us a call at 301-869-6890.

Comments

 
No comments made yet. Be the first to submit a comment
Already Registered? Login Here
Guest
Monday, 02 August 2021
If you'd like to register, please fill in the username, password and name fields.

Captcha Image

Mobile? Grab this Article!

Qr Code

Tag Cloud

Security Tip of the Week Technology Cloud Privacy Hackers Hosted Solutions Best Practices Backup Internet Business Business Computing IT Services Productivity Google Business Continuity Software Hardware Malware Miscellaneous Windows 10 Innovation Microsoft Computer Disaster Recovery Mobile Device Management Mobile Devices VoIP Mobile Computing Network Security Efficiency Data Windows Workplace Tips Smartphone Managed Service Provider Server IT Support Virtualization Save Money communications Upgrade Email Holiday Android Employer-Employee Relationship User Tips Chrome Small Business Office Best Practice Budget Apps Outsourced IT Microsoft Office Hacking IT solutions Network BYOD Data Management VPN Information Technology Quick Tips Managed IT Telephone Systems Recovery Application Firewall Communication Computers Saving Money Gmail Operating System Smartphones Tablet Bandwidth The Internet of Things Remote Computing Social Engineering Business Intelligence Ransomware Hard Drives Managed IT Services Disaster Avoiding Downtime Going Green Automation Lithium-ion battery Wireless Technology Passwords Private Cloud Humor Unified Threat Management Administration Big Data Government Cybercrime Office Tips Browser Remote Monitoring Risk Management Network Congestion Phone System Health Proactive IT Password Cost Management Gadgets BDR Social Spam Facebook Hosted Solution WiFi DDoS Biometrics Customer Service Streaming Media Telephony Mobility Alert Branding Transportation WIndows 7 Teamwork Law Enforcement Two-factor Authentication App Excel eWaste Avoid Downtime Retail Robot Managing Stress Meetings Antivirus Reputation Marketing SaaS Tech Support intranet IT consulting IT service Data storage Virtual Reality Apple Business Management Saving Time HaaS Computer Accessories Internet Exlporer Science Shadow IT Buisness Domains Google Drive PowerPoint Colocation Customer Relationship Management IT Technicians Mouse Entertainment Uninterrupted Power Supply Document Management Regulations Applications Presentation hacker Internet of Things Save Time Reliable Computing Laptop Instant Messaging Wearable Technology iPhone Virtual Desktop Trending Networking Sports HIPAA Bluetooth Touchpad Phishing User Running Cable Search Maintenance Update Human Resources Files Safety Fax Server Cameras Education Best Available User Error Money Emergency Chromecast Printer Operating Sysytem Bloatware Storage Cybersecurity Administrator Analytics Collaboration Printer Server Social Media Television Solid State Drive Shortcut Data Breach Benefits Access SharePoint History Distributed Denial of Service Near Field Communication