Unresolved Vulnerability in Western Digital Device Left Open Door for Hackers to Erase Personal Data

Nadav Liebermann|

Unresolved Vulnerability in Western Digital Device Left Open Door for Hackers to Erase Personal Data

Nadav Liebermann|

Hard drive vendor Western Digital is urging its customers to disconnect their network storage devices from the internet, after determining that devices are being compromised by hackers and their data completely wiped [1].

According to the official security advisory, a vulnerability from 2018 is being used to hack MyBook network storage devices [2]. The devices in question were discontinued in 2014 and are no longer supported.

The vulnerability being used enables hackers with network access to devices to take complete control of the device [3]. In this incident, hackers chose to erase data, although they are not confined to that. More sophisticated attackers might use the vulnerability to perform a host of other malicious activities – from installing ransomware to using devices for denial-of-service (DoS) attacks.

In our latest IoT security landscape report, we have highlighted a similar model from the same vendor – “Western Digital My Cloud” – as posing a significant threat to consumers, with more than 9 vulnerabilities discovered in 2020 alone [4].

The incident highlights a common threat facing IoT devices. Vendors often drop support shortly after releasing devices and old vulnerabilities are exploited for years.

In March, we reported a similar issue with QNAP network storage devices. While newer models received security updates shortly after the vulnerability was reported, legacy platforms remained unpatched for much longer, and were fixed only after we publicly released the information [5].

SAM’s security agent protects users from this vulnerability and a multitude of others. The agent is installed on the home or office gateway and identifies all connected devices in the network and their functionality. Based on that identification, it employs virtual patching for any vulnerability that might affect the device, whether it is still supported or not.

The vulnerability in this incident, CVE-2018-18472, has been virtually patched for users protected by SAM, blocking any exploitation attempt.

[1] https://krebsonsecurity.com/2021/06/mybook-users-urged-to-unplug-devices-from-internet/

[2] https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo

[3] https://nvd.nist.gov/vuln/detail/CVE-2018-18472

[4] https://securingsam.com/2020-iot-security-landscape/

[5] https://securingsam.com/new-vulnerabilities-allow-complete-takeover/

Nadav Liebermann|
Skip to content