If you own a WD My Book Live NAS device, Western Digital strongly recommends that you disconnect the device from the Internet to protect your data from being wiped out.
Yes, it appears the attackers are able to install a Trojan or a file”.nttpd,1-ppc-be-t1-z”. Which is a Linux ELF binary compiled for the PowerPC architecture. PowerPC is used by the My Book Live and Live Duo. I had to publish something here.
Why? Mostly because I’ve always liked WD products, recommended them and used them myself.
Reason is simple, as a data recovery engineer I quickly realized WD firmware design is clever, relatively simple and yields greater data recovery success rate compared to other brands. Only Hitachi (HGST) beats this score, now another WD brand. Last week, BleepingComputer broke the story that Western Digital My Book Live NAS owners started seeing their stored files had mysteriously disappeared. A factory reset script had been remotely initiated also resets the admin passwords, so users could not log in to their devices anymore.
What appears to be a zero-day vulnerability led to few statements from Western Digital in which they refused to issue an appropriate patch because they do no consider those devices supported any longer. Although I have no dog in this fight this seems absurd! Or story goes deeper than it first seems and WD has two faces, which may lead to me not using their products any longer? I am not sure yet but I want to point something at else here.
What about sustainability?
The claim WD is not responsible for a patch since vulnerability has been discovered after warranty expired is legally sound. But what about their responsibility for environment?
” Environmental sustainability is critical to our long-term success, both as a company and as a species. “
Corporate Sustainability, Responsibility and Initiatives Page | Western Digital
If Western Digital truly actively monitor and minimize their environmental impacts to protect the world in which we all live company would not force consumers to throw-away their perfectly good devices and a buy new one. Just because warranty expired and without a patch recently discovered hack renders a device useless , it does not mean WD should follow companies such as Tesla or John Deer!
It was their responsibility when they commented out part of the code which enabled this ridiculous hack and it is their responsibility to fix it.
Western Digital should know better.