Heimdal
article featured image

Contents:

Last week, we reported a mass-wipe zero-day attack in My Book Live, products belonging to Western Digital. Users’ data has been totally wiped out from their devices overnight. Now, a new WD zero-day attack wrecks havoc and adds to the continuous growth of recent cyberattacks. This time, threat actors target WD devices that still run the OS 3 operating system.

What Is a Zero-Day Attack?

A zero-day attack targets computer vulnerabilities unknown to the software developer and to other people, making way for cybercriminals to take advantage of them. Until security experts discover them and patch them, threat actors can perform remote code execution to fully take over the device.

What Devices Are Targeted by the New WD Zero-day?

The actual threat lies in the fact that the new WD Zero-Day targets all Western Digital NAS Devices that run the old MyCloud OS 3 operating system. WD no longer supports OS 3 since it upgraded to My Cloud OS 5 that skipped some old functionalities of the old one and can be a reason users do not want to upgrade to the new operating system, thus they remain targets in the hands of cybercriminals.

WD said:

We strongly encourage moving to the My Cloud OS5 firmware. If your device is not eligible for an upgrade to My Cloud OS 5, we recommend that you upgrade to one of our other My Cloud offerings that support My Cloud OS 5.

Source

How Does This New WD Zero-Day Act?

The new flaw in the My Cloud OS 3 was discovered by security researchers Radek Domanski, and Pedro Ribeiro who informed KrebsonSecurity about this. They were going to raise the matter and present this topic at the Tokios’s Pwn2Own hacking competition last year. It happened that some days before, Western Digital, as the majority of vendors regularly do, released My Cloud OS 5, which they said removed the vulnerability so the researchers never had the chance to present the WD zero-day found in My Cloud OS 3-based devices.

The WD zero-day in My Cloud OS 3 allows threat actors to attack the NAS devices and deploy a permanent backdoor by performing a remote control execution.

The Verge also mentions that the researchers could remotely update Cloud OS 3 with modified firmware to demonstrate the vulnerability they found. Thus, targeted devices can be bricked or receive different malicious commands.

It is not clear if the WD zero-day in the old operating system was ever addressed by the NAS devices producer, as they hurried to release the new version My Cloud OS 5.

Even if this update was made by the vendor, there are still users who use NAS devices integrated with My Cloud OS 3. Since the WD zero-day is present in these, they remain victims. The only solution is to upgrade to the newest version of the cloud, but many do not want it, as it does not incorporate previous facilities.

As Threatpost mentions, Domanski declared that OS 5 is not the same:

It broke a lot of functionality (…) So some users might not decide to migrate to OS 5.

Source

What’s the Solution Then?

Well, Western Digital recommended users to move to My Cloud OS 5, as they won’t provide upgrades to My Cloud OS 3, as per a declaration from March 2021, after the above-mentioned researchers brought to their attention this flaw. However, OS 5 is not compatible with all the devices.

We will not provide any further security updates to the My Cloud OS3 firmware.

Source

Domanski and Ribeiro have come with a solution. They developed a patch that can be downloaded and used for devices that cannot be updated to My Cloud OS 5. The only problem is that this should be reapplied every time a reboot is performed.

Another threat prevention measure would be to completely disable the remote access to mitigate the WD zero-day.

Author Profile

Andra Andrioaie

Security Enthusiast

linkedin icon

Hi! My name is Andra and I am a passionate writer interested in a variety of topics. I am curious about the cybersecurity world and what I want to achieve through what I write is to keep you curious too!

Leave a Reply

Your email address will not be published. Required fields are marked *

Protect your business by doing more with less

Book a Demo