'Last week’s mass-wiping of Western Digital My Book Live storage
devices involved the exploitation of not just one vulnerability but
also a second critical security bug that allowed hackers to remotely
perform a factory reset without a password, an investigation shows.
The vulnerability is remarkable because it made it trivial to wipe
what is likely petabytes of user data. More notable still was that,
according to the vulnerable code itself, a Western Digital developer
actively removed code that required a valid user password before
allowing factory resets to proceed.'
Dept. of Computer Science
University of Waikato, NZ
+64 (7) 577-5304