The mass wiping of Western Digital My Book Live storage devices may have been caused by a pair of vulnerabilities, and a leading theory suggests that it was fallout from rival hacking groups working against each other.July 23’s remote wiping of WD’s My Book Live lineup had customers discovering deletion of files and backups, with the network storage appliance factory reset. While it was attributed to a malware attack of a vulnerability, analysis of the event suggests multiple elements were at play, including multiple vulnerabilities.Security researchers discovered one vulnerability in the system factory restore file, where a PHP script performs a reset to default configurations and wipes data. While the feature typically would require a user password as authentication, the lines of code for the script were commented out, making them inoperable. Read more…
Go to Source
Author:
