Disconnect WD My Book Live and WD My Book Live Duo drives

 

If you use one of the mentioned drives, disconnect them from Internet access.

Quoting from https://www.westerndigital.com/support/productsecurity/wdc-2...

"Western Digital has determined that some My Book Live and My Book Live Duo devices are being compromised through exploitation of a remote command execution vulnerability. In some cases, this compromise has led to a factory reset that appears to erase all data on the device. The My Book Live and My Book Live Duo devices received its final firmware update in 2015. We understand that our customers’ data is very important. We are actively investigating the issue and will provide an updated advisory when we have more information."

--
John from PA

I saw this earlier on line

I have two My Books but they do not say live on them. Just MyBook.
I keep one attached for automatic backups from my computer and the other one I attach once a month to do a monthly update and then disconnect it.
Is the one I keep attached to my PC considered attached to the internet since my PC is attached to the internet?
I have not unplugged it but do you think I should.
Mary

--
Mary, Nuvi 2450, Garmin Viago, Honda Navigation, Nuvi 750 (gave to son)

wD myBook

I have three WD MyBook drives, not WD MyBook Live. I assume my drives are not affected, but I wish Western Digital would post more info on the products affected and those not affected.

The three MyBook drives were purchased June 2017. They use spinning hard drives.

dobs108 smile

Identifying “Live” drives

Don’t take this as gospel but from what I can learn the “Live” drives date from around 2011 (or earlier) and resemble a paperback book that stands on edge. Thus the internals are likely the old “spinning platter” type of drive as opposed to the newer external drive that uses a SSD for the internals.

There is a picture in the article at https://gadgets.ndtv.com/laptops/news/wd-my-book-live-duo-da...

--
John from PA

NAS

A MyBook Live drive is an NAS, Network Attached Storage, using an ethernet connection. I assume being on the network leaves it exposed to the internet without the protection of any anti-malware running on the PC.

The MyBook drive has a USB3 connection. It is an external drive. I assume the PC anti-malware protects it with a firewall and other software.

dobs108 smile

Need only to isolate from internet

If you are behind a firewall (almost all modern routers provide a firewall) you need to block access to/from the WD Live. That allows you to still use it while connected from the internal network.

It is only the old WD Live

Technical support stopped 6 years ago for these models. I guess there's not too much to worry about not using an old external drive. You can replace it with newer/be3tter/faster models for less than $100.

Hmmmm

I have the Live Duo and it's been offline (internet access) for about 2 years. Still works great as a network drive for media to my TV and laptop but I haven't been able to access it from my phone or while away over the internet. I guess I should look at my router (TP-Link)to see how to bloke it from the internet properly. Due to it's lack of internet access, I was thinking of replacing it with a newer version with bigger drives.

Need Only To Isolate From Internet

dracdrac wrote:

If you are behind a firewall (almost all modern routers provide a firewall) you need to block access to/from the WD Live. That allows you to still use it while connected from the internal network.

Can you provide the instructions on how to do this?

--
johnm405 660 & MSS&T

uncheck "remote access"

I have a MyBookLive, and have never enabled remote access because something like this was bound to happen sooner or later. It is useful for keeping files that I can access on my home network - desktop, laptop, tablet, etc. This occurs behind my router, and is separate from letting the drive access the internet.

I hardly ever post in here, apparently there's no way to post an image. I have a screenshot of the relevant setting, but it's pretty simple to describe: Login to the drive web interface with a web browser, go to "settings", then go to "remote access" along the top row menu. Then simply uncheck "enable" on the top line. As long as "enable" is not checked, the other settings below - web access, mobile access, etc. - will be grayed out and not available to configure.

Uncheck "Remote Access"

Thanks for the write-up that was what my wife done, just finding out how the hard way.

--
johnm405 660 & MSS&T

snapshot

rocket_scientist wrote:

I have a screenshot of the relevant setting, but it's pretty simple to describe: Login to the drive web interface with a web browser, go to "settings", then go to "remote access" along the top row menu. Then simply uncheck "enable" on the top line. As long as "enable" is not checked, the other settings below - web access, mobile access, etc. - will be grayed out and not available to configure.

There's a snapshot of what you described at the following:

https://krebsonsecurity.com/2021/06/mybook-users-urged-to-un...

I know the appeal of

I know the appeal of internet connected storage, but I don't trust hard drive manufacturers with using this approach.

For now, I just don't buy drives that have internet features, or I just disable them.

My Passport drives not affected

WD's My Passport portable external hard drives and other WD models, which connect to one PC at a time using a USB cable for backup or file storage, are not affected by this problem. The difference with the WD My Book Live drives that can be remotely attacked and erased by bad guys is that they connect directly to a *router* with an Ethernet cable for network backup of multiple devices, if they're not behind a firewall; those are the vulnerable WD drives.

--
"141 could draw faster than he, but Irving was looking for 143..."

yep, that's what they are

I've got one gathering dust. Before its RAID controller died, i had it connected to my LAN but with access blocked to the outside world. Now, it is waiting for me to get rid of/destroy since it has passwords and financials on it that i can't access. Mine was a 1TB that had two 500MB spinning drives RAIDed together.

Unrelated but related. My

Unrelated but related. My printer has network connectivity. In fact, it supports printing from google and likely apple. When I first connected it to wifi, I set bogus values for the gateway (0.0.0.0) and same for dns, effectively severing its ability to go out beyond the local lan.

I don't print from my phone and have need need whatsoever for the printer to go beyond the local network. Who knows what telemetry it wants to send back to the mothership.