{"id":288359,"date":"2021-06-30T17:28:36","date_gmt":"2021-06-30T14:28:36","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/western-digital-says-it-meant-to-add-code-to-prevent-my-book-live-hack-but-forgot-review-geek\/"},"modified":"2021-06-30T17:28:36","modified_gmt":"2021-06-30T14:28:36","slug":"western-digital-says-it-meant-to-add-code-to-prevent-my-book-live-hack-but-forgot-review-geek","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/western-digital-says-it-meant-to-add-code-to-prevent-my-book-live-hack-but-forgot-review-geek\/","title":{"rendered":"#Western Digital Says It Meant to Add Code to Prevent My Book Live Hack, But Forgot \u2013 Review Geek"},"content":{"rendered":"

“#Western Digital Says It Meant to Add Code to Prevent My Book Live Hack, But Forgot \u2013 Review Geek”<\/strong><\/p>\n

\n
\"Western
Western Digital<\/span><\/figcaption><\/figure>\n

You\u2019re not going to believe this. Western Digital now confirms<\/a> that it disabled authentication code that should have prevented last week\u2019s My Book Live factory reset exploit. What\u2019s worse, this code was disabled in 2011 with the intent of replacing it with something better\u2014Western Digital simply forgot to paste in the new code.<\/p>\n

Let\u2019s backtrack a bit. Last week, My Book Live users found that their internet-connected storage drives had lost all of their data. A factory reset, triggered remotely, caused this data loss.<\/p>\n

Analysis by security experts has since shown that hackers were exploiting two separate My Book Live vulnerabilities at the same time; one exploit (called CVE-2018-18472) left the drives open to full remote control and was used to build a botnet, while another exploit allowed hackers to execute remote factory resets without the need for any login credentials.<\/p>\n

These security experts found that Western Digital had intentionally disabled factory reset authentication code, which would have forced hackers to enter login information for each My Book Live device they tried to format. A new support post<\/a> from Western Digital confirms that this code was disabled in 2011 as part of a refactor\u2014basically a wide-scale upgrade to underlying code. While this refactor was correctly performed in other parts of the My Book Live system, it failed to replace the factory reset authentication code.<\/p>\n

We have determined that the unauthenticated factory reset vulnerability was introduced to the My Book Live in April of 2011 as part of a refactor of authentication logic in the device firmware. The refactor centralized the authentication logic into a single file, which is present on the device as includes\/component_config.php and contains the authentication type required by each endpoint. In this refactor, the authentication logic in system_factory_restore.php was correctly disabled, but the app<\/a>ropriate authentication type of ADMIN_AUTH_LAN_ALL was not added to component_config.php, resulting in the vulnerability. The same refactor removed authentication logic from other files and correctly added the appropriate authentication type to the component_config.php file.<\/p>\n<\/blockquote>\n

Western Digital goes on to clarify a few details of this attack. While security analysts suggest that a hacker exploited the factory reset vulnerability to sabotage the growing My Book Live botnet (which was enabled by the separate CVE-2018-18472 \u201cremote control\u201d exploit), Western Digital says that both attacks were often executed from a single IP address. This suggests that one hacker took advantage of both vulnerabilities, for some reason.<\/p>\n

Throughout this whole mess, many people have blamed My Book Live users for leaving themselves open to attack. After all, My Book Live devices haven\u2019t been updated since 2015, so, of course, they\u2019re unsafe! But in reality, My Book Live drives were vulnerable to the factory reset and<\/em>\u00a0CVE-2018-18472 \u201cremote control\u201d exploits long before Western Digital ended software support.<\/p>\n

Western Digital says that it will offer free data recovery services and a free My Cloud device to My Book Live owners starting this July. If you\u2019re still using a My Book Live device, please unplug it and never use it again.<\/p>\n

Source: Western Digital<\/a><\/small>\n<\/div>\n