WD My Cloud drive contains a backdoor

[NumLock21]

Western Digital My Cloud external drive contains a backdoor. The backdoor is actually hardware coded so formatting the drives isn't going to help. The hardware coded user name and password is

Quote

"mydlinkBRionyg" as the Administrator username and "abc12345cba" as the respective password. Once logged in, shell access is unlocked, which allows for easy injection of commands.The backdoor has been published by James Bercegay, with GulfTech Research and Development, and was disclosed to Western Digital on June 12th 2017. However, since more than 6 months have passed with no patch or solution having been deployed, the researchers disclosed and published the vulnerability, which should (should) finally prompt WD to action on fixing the issue.

 

Making things even worse, no user action is required to enable attackers to take advantage of the exploit - simply visiting malicious websites can leave the drives wide open for exploit - and the outing of a Metasploit module for this very vulnerability means that the code is now out there, and Western Digital has a race in its hands.

 

Exploitable models of Western Digital's MyCloud devices include My Cloud Gen 2, My Cloud EX2, My Cloud EX2 Ultra, My Cloud PR2100, My Cloud PR4100, My Cloud EX4, My Cloud EX2100, My Cloud EX4100, My Cloud DL2100 and My Cloud DL4100. Needless to say, until a patch is issued, the best thing to do is to thoroughly disconnect these drives from your local area network and Internet access. But that isn't what users originally bought these drives for, now is it, WD?

I personally never bother with external HDDs, not because of this backdoor but the crappy enclosures out there, bought 5 of them throughout the years and they either don't work properly or died a early death. The HDDs are find and I'm still using them. Now I just use a SATA to USB adapter and they work much better than some external enclosure.

 

http://gulftech.org/advisories/WDMyCloud Multiple Vulnerabilities/125

https://www.techpowerup.com/240306/western-digital-ships-someones-backdoor-with-my-cloud-drives

[SilkyDistress]

Wow, amazing start to year. Time to pull out my WD drive from WD Cloud Gen 2 and slap it into PC.

[paddy-stone]

Luckily I stopped using my WD mycloud about a month or 2 back, I pulled the 3TB red and put in my backup server.

[luigi90210]

6 minutes ago, NumLock21 said:

Western Digital My Cloud external drive contains a backdoor. The backdoor is actually hardware coded so formatting the drives isn't going to help. The hardware coded user name and password is

I personally never bother with external HDDs, not because of this backdoor but the crappy enclosures out there, bought 5 of them throughout the years and they either don't work properly or died a early death. The HDDs are find and I'm still using them. Now I just use a SATA to USB adapter and they work much better than some external enclosure.

 

http://gulftech.org/advisories/WDMyCloud Multiple Vulnerabilities/125

https://www.techpowerup.com/240306/western-digital-ships-someones-backdoor-with-my-cloud-drives

jesus christ, GG 2018 now i got to tear apart my mycloud and throw it into a PC

[luigi90210]

Just now, paddy-stone said:

Luckily I stopped using my WD mycloud about a month or 2 back, I pulled the 3TB red and put in my backup server.

do you know if there is hardware encryption? i have a 6TB MyCloud and i need to know if i need to backup the data or not

[Zodiark1593]

Solution: N/A

[SilkyDistress]

1 minute ago, luigi90210 said:

jesus christ, GG 2018 not i got to tear apart my mycloud and throw it into a PC

Well just to note you before you proceed anywhere, you'll have to run Linux distro to pull files cause its RAW file format

[paddy-stone]

Just now, luigi90210 said:

do you know if there is hardware encryption? i have a 6TB MyCloud and i need to know if i need to backup the data or not

No, don't know sorry.. I was wiping the drive anyway as I was adding it into my freenas volume. But I suspect will have at least some security.

[luigi90210]

4 minutes ago, SilkyDistress said:

Well just to note you before you proceed anywhere, you'll have to run Linux distro to pull files cause its RAW file format

can i just copy all the data to another HDD instead of doing that?

[Cyberspirit]

3 minutes ago, Zodiark1593 said:

Solution: N/A

At this point, we need to throw everything electronic away and go back to the old ways.

 

[ItsMitch]

why don't we just go to fucking books?

[Dabombinable]

So this backdoor still works if the HDD is removed from its caddy (because that's all external HDD and ODD are -drives in caddies)?

[luigi90210]

1 minute ago, Dabombinable said:

So this backdoor still works if the HDD is removed from its caddy (because that's all external HDD and ODD are -drives in caddies)?

it shouldnt, the backdoor is in the software not the HDD itself 

[Zodiark1593]

Just now, Cyberspirit said:

At this point, we need to throw everything electronic away and go back to the old ways.

 

Can we start teaching paper cryptography in schools. Should be entertaining for professors to have to decode messages passed by students.

[DildorTheDecent]

BRB going to rob some bois of their pr0n

[Bit_Guardian]

17 minutes ago, valdyrgramr said:

And thus everyone started buying Seagates.

Woah, let's not be rash here...

[Bit_Guardian]

14 minutes ago, SC2Mitch said:

why don't we just go to fucking books?

Because paper cuts on your sensitive bits would suck.

[Ryujin2003]

All of my externals are standard drivers in an enclosure. Was always cheaper than trying the WD or Seagate boxed solutions. I don't need the fancy stuff. I do direct connection when I need the info; otherwise the drive offline most of the time.

[luigi90210]

2 minutes ago, Ryujin2003 said:

All of my externals are standard drivers in an enclosure. Was always cheaper than trying the WD or Seagate boxed solutions. I don't need the fancy stuff. I do direct connection when I need the info; otherwise the drive offline most of the time.

i liked the fact i can access my stuff on the go so when im out of the office i can access my files from my laptop so that was a big selling point for me 

[AresKrieger]

1 hour ago, NumLock21 said:

I personally never bother with external HDDs, not because of this backdoor but the crappy enclosures out there

Yep I generally make my own "external" HDD with an internal drive and a enclosure, usually about the same price for me and much much more reliable

 

 

Never ever leave backdoors in your software people, or at the bear minimum remove them once you finalize the software, though the second option leads to potential forgetfulness so it is in your best interest to never do so as a safeguard

[captain_to_fire]

Noob Question: Is it possible to turn a RAID 0 (3 1TB 7200 rpm drives) to a NAS? 

[Bit_Guardian]

8 minutes ago, hey_yo_ said:

Noob Question: Is it possible to turn a RAID 0 (3 1TB 7200 rpm drives) to a NAS? 

Yes. You can have any drive configuration in a NAS. Even a single external drive hooked up on the network is a NAS.

[MrRavens]

2 hours ago, Cyberspirit said:

At this point, we need to throw everything electronic away and go back to the old ways.

 

*watches Cyberspirit pull out a stone tablet and chisel* 

Dear god...

[captain_to_fire]

1 hour ago, Bit_Guardian said:

Yes. You can have any drive configuration in a NAS. Even a single external drive hooked up on the network is a NAS.

So after setting up RAID 0 in Windows disk management, all I need to do is connect it to a router or wireless AP? 

[Drak3]

1 hour ago, hey_yo_ said:

Noob Question: Is it possible to turn a RAID 0 (3 1TB 7200 rpm drives) to a NAS? 

So long as it's open to the network, yes.