About a week ago , many owners of the external hard drive merchandise My Book Live woke up to notice that all of their datahad been wipedfrom the equipment . It was quickly get into that the products were the dupe of a malicious hack campaign .
Unlike other outside grueling thrust , My Book are designed to be pluck up to abode networks via an Ethernet jack so that all of the twist on a meshwork can get at the data point it hive away . After news show of the wipeout lead off popping up online , Western Digital , the party that grow the drives , quicklyput out a statementwarning users about mess exploitation and demand that they disconnect their devices to avoid potential compromise .
There was immediately some confusion , however , over what the purpose of such a effort might be . Why would criminals fall apart into so many storage devices only to erase the data point alternatively of stealing it ?
Image: Western Digital/Gizmodo (Fair Use)
Now , it would look that a theory has emerged : the product was the dupe of not just one cybercriminal group , but two .
Ars Technica reportsthat there were two different security flaws within the My Book Live products which allow hackers to both get inside the devices and execute a command that factory readjust them , efficaciously purging all of the information they had stored .
In its initial statement , Western Digital claim that the hackers got in througha specific vulnerabilitythat had been bring out in 2018 . That security system fault had never been patched , because the caller stopped supporting the product some eld prior to its discovery . However , the fellowship expressed confusion over why data was being wiped out .
“ We do not yet understand why the attacker triggered the factory reset ; however , we have obtained a sampling of an affected gimmick and are look into further , ” the company tell at the time .
researcher with security firm Censyshave since offereda potential explanation : One cybercriminal group was likely seek to wrangle control of the devices out from another group .
Censys claims the grounds suggests that one hack campaign “ mickle overwork ” the devices in an effort to make them “ conjoin a botnet”—a magnanimous , unified vane of compromise devices that can be used to slip data or engage in other nefarious activities . However , a dissimilar group may have afterwards throw in itself — in an cause to wrest mastery of the botnet away from the first group , researchers write .
“ It could be an effort at a rival botnet operator to take over these devices or render them useless ( it is probable that the username and password are reset to their default of admin / admin , allow for another aggressor to take restraint ) , or someone who wanted to otherwise interrupt the botnet which has likely been around for some time , since these issuing have existed since 2015 , ” Censys researchers write .
moreover , researchers seem to imply that someone at Western Digital made some odd choices that may have ultimately allowed some of that hacking to take place . investigator compose that one of the ship’s company ’s developers invalidate ( also call in “ comment out , ” in cyber idiom ) an certification process which at last allow the machine to be reset in the mode that they were .
“ The vendor comment out the authentication in the system restore endpoint really does n’t make things look good for them , ” HD Moore , a security expert , say Ars Technica . “ It ’s like they intentionally enabled the bypass . ”
Very weird indeed . Whatever is going on , anyone who owns a My Book Live and has n’t for some reason yanked the corduroy out of the wall yet should do so immediately .
computing machine securityComputingCyberattackTechnology
Daily Newsletter
Get the serious technical school , science , and polish news in your inbox day by day .
news show from the future , delivered to your present tense .
Please select your desired newssheet and submit your e-mail to raise your inbox .
You May Also Like
