Vulnerability in WD NAS, disconnect the net now.All data lost by full reset

The US Western Digital (WD) said on the 25th (local time) that the NAS "My Book Live" and "My Book Live Duo" that the company shipped in 2010 are vulnerable, and users who are still using it are soon Reminded me to disconnect from the net.

Details of the vulnerability are still being analyzed, but if you check the logs of the reported device, you can see it directly from IP addresses in multiple countries via ports that were automatically or manually port-forwarded using UPnP. There was evidence of access to the main unit. Therefore, the attacker believes that he discovered the vulnerability through a port scan.

Also, it is said that there was evidence that a Linux ELF binary Trojan called ".nttpd, 1-ppc-be-t1-z" compiled for the PowerPC architecture used in the product was installed. Currently, the company claims to have uploaded this binary to VirusTotal for analysis.

At this point, the fact that the user's data has been leaked has not been confirmed, but the attacker has performed an operation to restore the factory settings, and the data has been lost. Currently, some users have reported that they were able to restore with data recovery tools, so they are investigating the effectiveness of these tools.

However, more than 10 years have passed since the release of the My Book Live series, and the latest update has stopped in 2015. It will take some time to respond, and the company's current recommendation is to disconnect the product from the Internet.

Other products using "My Cloud OS 5" and "My Cloud Home" have adopted a new security architecture and are not affected by this issue.