Level Extreme platform
Subscription
Corporate profile
Products & Services
Support
Legal
Français
Western Digital External Hard Disks - Warning
Message
From
28/06/2021 04:10:37
Thomas Ganss
Main Trend
Frankfurt, Germany
 
 
To
27/06/2021 15:58:31
Al Doman
M3 Enterprises Inc.
North Vancouver, British Columbia, Canada
General information
Forum:
Technology
Category:
Products
Title:
Re: Western Digital External Hard Disks - Warning
Miscellaneous
Thread ID:
01681595
Message ID:
01681612
Views:
33
>>>From what I can tell the victims weren't storing their data in a WD cloud. But it seems likely their devices were remotely accessible through WD. It looks like a 3rd-party mediated service similar to LogMeIn, GoToMyPC etc. The data are on their devices but remote communications to them are through WD.
>>
>>That is about the picture I get from various other sources. In the cacophonic outrage raised by the articles, a few pointed out that with disabled comm to WD, the device was either hard to use or needed feutures were lost. No way to decide if those were PEBKAC issues or the others had lower level of wishes.
>>
>>>Your point about not being able to evaluate the risks is well taken. It's a classic example of convenience vs security. It would be interesting to find out if remote access on those devices was enabled by default.
>>
>>From what I read, it was, including factory set identical pwd - which is not totally wrong if you read the markting blurb offered with it. If you bought device for the optiom to access data from anywhere, not only from inside your LAN, it makes sense. If the idea that it was a cheap NAS was not enough to sell, supporting the idea such internet access is as secure as LAN restricted NAS is IMO the "stooopid" part. This should not be seen as part of your normal data and backup routine, but as an area or device were copies are made available.
>
>WD is now claiming victims' devices were directly accessible from the public internet: https://www.westerndigital.com/support/productsecurity/wdc-21008-recommended-security-measures-wd-mybooklive-wd-mybookliveduo . Either:
>
What else could they offer as first line of defense ? Famous first line defenses from VW back to tobacco industry were successful in teaching mistrust ;-)

>- Through direct connection i.e. no firewall or NAT translation (either extreme user ignorance or user should have known better)

If they really exist, no defense of behaviour. I think more of a straw man than significant percentage found.

>- Through manual port forwarding in a firewall (user should have known better)

Uncertain how many would try to tweak firewall/port settings. Certainly more than item #1. Still hard to believe that many resets were caused by this, unless a range of ports inluding "WD-live-dangerous" was often opened by some other need, service or game. Even in that case port #(s) should be listed for checking...

>- Through automatic port forwarding via UPnP. From a security PoV UPnP is basically evil but unsophisticated users are unlikely to know that and in the 2015 timeframe it was still considered "OK" in some circumstances e.g. gaming. If the user knew about UPnP but allowed it anyways, they should have known better. I'd like to think WD did not try to use UPnP to configure users' routers by default (especially if they have a cloud-mediated alternative) but they do mention it in the link above and UPnP is initiated by the client device (i.e. MyBook), not the router (although the router must have it available and enabled)

Paranoid me distrusted UPnP very early - no idea when UPnP worries should be expected in user land.
Still, basic premise to view DMZ as compromised and not as part of tamper-safe data vault might result in selling *more* discrete devices. Blurring the lines of external data vault, NAS and externally/net-based reachable file storage bad idea.
Previous
Next
Reply
Map
View

Click here to load this message in the networking platform